CN109257329A - A kind of website risk index computing system and method based on magnanimity Web log - Google Patents
A kind of website risk index computing system and method based on magnanimity Web log Download PDFInfo
- Publication number
- CN109257329A CN109257329A CN201710594365.5A CN201710594365A CN109257329A CN 109257329 A CN109257329 A CN 109257329A CN 201710594365 A CN201710594365 A CN 201710594365A CN 109257329 A CN109257329 A CN 109257329A
- Authority
- CN
- China
- Prior art keywords
- website
- attack
- log
- loophole
- value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
Attack type | Coefficient of injury |
The injection of SQL/ system command | 10 |
Cross site scripting | 9 |
WebShell | 8 |
Network parameter modification | 7 |
Traversal attack | 6 |
Sensitive document access | 5 |
It is long-range to execute loophole | 4 |
Vulnerability scanning | 3 |
Attack type | Coefficient of injury |
The injection of SQL/ system command | 10 |
Cross site scripting | 9 |
WebShell | 8 |
Network parameter modification | 7 |
Traversal attack | 6 |
Sensitive document access | 5 |
It is long-range to execute loophole | 4 |
Vulnerability scanning | 3 |
Claims (7)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710594365.5A CN109257329A (en) | 2017-07-13 | 2017-07-13 | A kind of website risk index computing system and method based on magnanimity Web log |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710594365.5A CN109257329A (en) | 2017-07-13 | 2017-07-13 | A kind of website risk index computing system and method based on magnanimity Web log |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109257329A true CN109257329A (en) | 2019-01-22 |
Family
ID=65051926
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710594365.5A Pending CN109257329A (en) | 2017-07-13 | 2017-07-13 | A kind of website risk index computing system and method based on magnanimity Web log |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109257329A (en) |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110191120A (en) * | 2019-05-28 | 2019-08-30 | 中国科学院信息工程研究所 | A kind of network system loophole methods of risk assessment and device |
CN110191094A (en) * | 2019-04-26 | 2019-08-30 | 北京奇安信科技有限公司 | Monitoring method and device, storage medium, the terminal of abnormal data |
CN110213238A (en) * | 2019-05-06 | 2019-09-06 | 北京奇安信科技有限公司 | Threat detection method and device, storage medium, the computer equipment of data |
CN110225018A (en) * | 2019-05-31 | 2019-09-10 | 江苏百达智慧网络科技有限公司 | A method of based on more equipment evaluation web application fragility |
CN110808947A (en) * | 2019-05-23 | 2020-02-18 | 南瑞集团有限公司 | Automatic vulnerability quantitative evaluation method and system |
CN111031014A (en) * | 2019-11-28 | 2020-04-17 | 北京网思科平科技有限公司 | Method, device and equipment for evaluating host risk of network security system |
CN111428248A (en) * | 2020-06-10 | 2020-07-17 | 浙江鹏信信息科技股份有限公司 | Vulnerability noise reduction identification method and system based on grade assignment |
CN111625837A (en) * | 2020-05-22 | 2020-09-04 | 北京金山云网络技术有限公司 | Method and device for identifying system vulnerability and server |
CN111858782A (en) * | 2020-07-07 | 2020-10-30 | Oppo(重庆)智能科技有限公司 | Database construction method, device, medium and equipment based on information security |
CN112015946A (en) * | 2019-05-30 | 2020-12-01 | 中国移动通信集团重庆有限公司 | Video detection method and device, computing equipment and computer storage medium |
CN112866271A (en) * | 2021-02-01 | 2021-05-28 | 中国南方电网有限责任公司 | Attack tracing-based sensitive file protection method, device and system |
CN113542200A (en) * | 2020-04-20 | 2021-10-22 | 中国电信股份有限公司 | Risk control method, risk control device and storage medium |
CN113761318A (en) * | 2021-04-30 | 2021-12-07 | 中科天玑数据科技股份有限公司 | Webpage risk discovery method |
CN114189360A (en) * | 2021-11-19 | 2022-03-15 | 上海纽盾科技股份有限公司 | Situation-aware network vulnerability defense method, device and system |
CN114244824A (en) * | 2021-11-25 | 2022-03-25 | 国家计算机网络与信息安全管理中心河北分中心 | Method for quickly identifying identity of WEB asset risk Server in network space |
CN114329456A (en) * | 2020-09-27 | 2022-04-12 | 中国移动通信集团河南有限公司 | Webpage backdoor detection method, device and equipment |
CN117544407A (en) * | 2023-12-19 | 2024-02-09 | 中国电信股份有限公司濮阳分公司 | Network security risk assessment method, system and storage medium |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1741472A (en) * | 2005-09-05 | 2006-03-01 | 北京启明星辰信息技术有限公司 | Network invading event risk evaluating method and system |
CN101610174A (en) * | 2009-07-24 | 2009-12-23 | 深圳市永达电子股份有限公司 | A kind of log correlation analysis system and method |
CN101800668A (en) * | 2010-03-23 | 2010-08-11 | 成都市华为赛门铁克科技有限公司 | Method and device for merging logs |
CN103425929A (en) * | 2012-05-22 | 2013-12-04 | 百度在线网络技术(北京)有限公司 | Web white box scanning method and device |
CN104144063A (en) * | 2013-05-08 | 2014-11-12 | 朱烨 | Website security monitoring and alarming system based on log analysis and firewall security matrixes |
CN104767757A (en) * | 2015-04-17 | 2015-07-08 | 国家电网公司 | Multiple-dimension security monitoring method and system based on WEB services |
CN105427172A (en) * | 2015-12-04 | 2016-03-23 | 北京华热科技发展有限公司 | Risk assessment method and system |
CN105721427A (en) * | 2016-01-14 | 2016-06-29 | 湖南大学 | Method for mining attack frequent sequence mode from Web log |
CN106790023A (en) * | 2016-12-14 | 2017-05-31 | 平安科技(深圳)有限公司 | Network security Alliance Defense method and apparatus |
-
2017
- 2017-07-13 CN CN201710594365.5A patent/CN109257329A/en active Pending
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1741472A (en) * | 2005-09-05 | 2006-03-01 | 北京启明星辰信息技术有限公司 | Network invading event risk evaluating method and system |
CN101610174A (en) * | 2009-07-24 | 2009-12-23 | 深圳市永达电子股份有限公司 | A kind of log correlation analysis system and method |
CN101800668A (en) * | 2010-03-23 | 2010-08-11 | 成都市华为赛门铁克科技有限公司 | Method and device for merging logs |
CN103425929A (en) * | 2012-05-22 | 2013-12-04 | 百度在线网络技术(北京)有限公司 | Web white box scanning method and device |
CN104144063A (en) * | 2013-05-08 | 2014-11-12 | 朱烨 | Website security monitoring and alarming system based on log analysis and firewall security matrixes |
CN104767757A (en) * | 2015-04-17 | 2015-07-08 | 国家电网公司 | Multiple-dimension security monitoring method and system based on WEB services |
CN105427172A (en) * | 2015-12-04 | 2016-03-23 | 北京华热科技发展有限公司 | Risk assessment method and system |
CN105721427A (en) * | 2016-01-14 | 2016-06-29 | 湖南大学 | Method for mining attack frequent sequence mode from Web log |
CN106790023A (en) * | 2016-12-14 | 2017-05-31 | 平安科技(深圳)有限公司 | Network security Alliance Defense method and apparatus |
Non-Patent Citations (1)
Title |
---|
何鹏程,方勇: "《一种基于Web日志和网站参数的入侵检测和风险评估模型的研究》", 《信息网络安全》 * |
Cited By (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110191094A (en) * | 2019-04-26 | 2019-08-30 | 北京奇安信科技有限公司 | Monitoring method and device, storage medium, the terminal of abnormal data |
CN110213238A (en) * | 2019-05-06 | 2019-09-06 | 北京奇安信科技有限公司 | Threat detection method and device, storage medium, the computer equipment of data |
CN110808947A (en) * | 2019-05-23 | 2020-02-18 | 南瑞集团有限公司 | Automatic vulnerability quantitative evaluation method and system |
CN110808947B (en) * | 2019-05-23 | 2022-03-04 | 南瑞集团有限公司 | Automatic vulnerability quantitative evaluation method and system |
CN110191120A (en) * | 2019-05-28 | 2019-08-30 | 中国科学院信息工程研究所 | A kind of network system loophole methods of risk assessment and device |
CN110191120B (en) * | 2019-05-28 | 2020-07-07 | 中国科学院信息工程研究所 | Vulnerability risk assessment method and device for network system |
CN112015946B (en) * | 2019-05-30 | 2023-11-10 | 中国移动通信集团重庆有限公司 | Video detection method, device, computing equipment and computer storage medium |
CN112015946A (en) * | 2019-05-30 | 2020-12-01 | 中国移动通信集团重庆有限公司 | Video detection method and device, computing equipment and computer storage medium |
CN110225018A (en) * | 2019-05-31 | 2019-09-10 | 江苏百达智慧网络科技有限公司 | A method of based on more equipment evaluation web application fragility |
CN111031014A (en) * | 2019-11-28 | 2020-04-17 | 北京网思科平科技有限公司 | Method, device and equipment for evaluating host risk of network security system |
CN111031014B (en) * | 2019-11-28 | 2022-05-03 | 北京网思科平科技有限公司 | Method, device and equipment for evaluating host risk of network security system |
CN113542200A (en) * | 2020-04-20 | 2021-10-22 | 中国电信股份有限公司 | Risk control method, risk control device and storage medium |
CN113542200B (en) * | 2020-04-20 | 2023-03-24 | 中国电信股份有限公司 | Risk control method, risk control device and storage medium |
CN111625837A (en) * | 2020-05-22 | 2020-09-04 | 北京金山云网络技术有限公司 | Method and device for identifying system vulnerability and server |
CN111428248A (en) * | 2020-06-10 | 2020-07-17 | 浙江鹏信信息科技股份有限公司 | Vulnerability noise reduction identification method and system based on grade assignment |
CN111858782A (en) * | 2020-07-07 | 2020-10-30 | Oppo(重庆)智能科技有限公司 | Database construction method, device, medium and equipment based on information security |
CN114329456A (en) * | 2020-09-27 | 2022-04-12 | 中国移动通信集团河南有限公司 | Webpage backdoor detection method, device and equipment |
CN114329456B (en) * | 2020-09-27 | 2024-07-26 | 中国移动通信集团河南有限公司 | Webpage backdoor detection method, device and equipment |
CN112866271A (en) * | 2021-02-01 | 2021-05-28 | 中国南方电网有限责任公司 | Attack tracing-based sensitive file protection method, device and system |
CN112866271B (en) * | 2021-02-01 | 2022-03-01 | 中国南方电网有限责任公司 | Attack tracing-based sensitive file protection method, device and system |
CN113761318A (en) * | 2021-04-30 | 2021-12-07 | 中科天玑数据科技股份有限公司 | Webpage risk discovery method |
CN114189360A (en) * | 2021-11-19 | 2022-03-15 | 上海纽盾科技股份有限公司 | Situation-aware network vulnerability defense method, device and system |
CN114189360B (en) * | 2021-11-19 | 2023-09-29 | 上海纽盾科技股份有限公司 | Situation-aware network vulnerability defense method, device and system |
CN114244824A (en) * | 2021-11-25 | 2022-03-25 | 国家计算机网络与信息安全管理中心河北分中心 | Method for quickly identifying identity of WEB asset risk Server in network space |
CN114244824B (en) * | 2021-11-25 | 2024-05-03 | 国家计算机网络与信息安全管理中心河北分中心 | Method for quickly identifying identity of network space WEB type asset risk Server |
CN117544407A (en) * | 2023-12-19 | 2024-02-09 | 中国电信股份有限公司濮阳分公司 | Network security risk assessment method, system and storage medium |
CN117544407B (en) * | 2023-12-19 | 2024-09-10 | 中国电信股份有限公司濮阳分公司 | Network security risk assessment method, system and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109257329A (en) | A kind of website risk index computing system and method based on magnanimity Web log | |
CN104468477B (en) | A kind of WebShell detection method and system | |
Li et al. | Use and misuse of landscape indices | |
Gardiner et al. | Lessons from lady beetles: accuracy of monitoring data from US and UK citizen‐science programs | |
CN106453386A (en) | Automatic internet asset monitoring and risk detecting method based on distributed technology | |
US20150363791A1 (en) | Business action based fraud detection system and method | |
CN101370008A (en) | System for real-time intrusion detection of SQL injection WEB attacks | |
CN109510815A (en) | A kind of multistage detection method for phishing site and detection system based on supervised learning | |
Janssen et al. | Beetle diversity in a matrix of old‐growth boreal forest: influence of habitat heterogeneity at multiple scales | |
CN104753946A (en) | Security analysis framework based on network traffic metadata | |
Balkanli et al. | Supervised learning to detect DDoS attacks | |
CN108337255A (en) | A kind of detection method for phishing site learnt based on web automatic tests and width | |
CN102222187A (en) | Domain name structural feature-based hang horse web page detection method | |
CN104657659B (en) | A kind of storage cross-site attack script loophole detection method, apparatus and system | |
CN106779278A (en) | The evaluation system of assets information and its treating method and apparatus of information | |
CN108768921A (en) | A kind of malicious web pages discovery method and system of feature based detection | |
CN115225384B (en) | Network threat degree evaluation method and device, electronic equipment and storage medium | |
CN106101071B (en) | A kind of method of the defence link drain type CC attack of Behavior-based control triggering | |
CN106549959A (en) | A kind of recognition methodss of agent IP Protocol IP address and device | |
CN107818132A (en) | A kind of webpage agent discovery method based on machine learning | |
CN114338195A (en) | Web traffic anomaly detection method and device based on improved isolated forest algorithm | |
CN110191137A (en) | A kind of network system quantization safety evaluation method and device | |
CN108566392A (en) | Defence CC attacking systems based on machine learning and method | |
CN110378115A (en) | A kind of data layer system of information security attack-defence platform | |
CN110351266A (en) | The black method for producing IP of identification network neural network based |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
CB02 | Change of applicant information |
Address after: 310014, Huadian Road, Xiacheng District, Zhejiang, Hangzhou 1 Applicant after: STATE GRID ZHEJIANG ELECTRIC POWER COMPANY LIMITED ELECTRIC POWER Research Institute Address before: 310014, Huadian Road, Xiacheng District, Zhejiang, Hangzhou 1 Applicant before: ELECTRIC POWER RESEARCH INSTITUTE OF STATE GRID ZHEJIANG ELECTRIC POWER Co. |
|
CB02 | Change of applicant information | ||
CB03 | Change of inventor or designer information |
Inventor after: Dai Hua Inventor after: Lu Xindai Inventor after: Kong Xiaoyun Inventor after: Cai Yiting Inventor after: Jiang Wei Inventor after: Zhou Hui Inventor after: Lv Bang Inventor after: Yao Ying Inventor before: Lu Xindai Inventor before: Dai Hua Inventor before: Kong Xiaoyun Inventor before: Cai Yiting Inventor before: Jiang Wei Inventor before: Zhou Hui Inventor before: Lv Bang Inventor before: Yao Ying |
|
CB03 | Change of inventor or designer information | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190122 |
|
WD01 | Invention patent application deemed withdrawn after publication |