CN109561090A - A kind of web intelligence defence method, device, equipment and readable storage medium storing program for executing - Google Patents

A kind of web intelligence defence method, device, equipment and readable storage medium storing program for executing Download PDF

Info

Publication number
CN109561090A
CN109561090A CN201811455605.4A CN201811455605A CN109561090A CN 109561090 A CN109561090 A CN 109561090A CN 201811455605 A CN201811455605 A CN 201811455605A CN 109561090 A CN109561090 A CN 109561090A
Authority
CN
China
Prior art keywords
request
attack
preset
duration
record
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811455605.4A
Other languages
Chinese (zh)
Other versions
CN109561090B (en
Inventor
陈加群
范渊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dbappsecurity Technology Co Ltd
Original Assignee
Hangzhou Dbappsecurity Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dbappsecurity Technology Co Ltd filed Critical Hangzhou Dbappsecurity Technology Co Ltd
Priority to CN201811455605.4A priority Critical patent/CN109561090B/en
Publication of CN109561090A publication Critical patent/CN109561090A/en
Application granted granted Critical
Publication of CN109561090B publication Critical patent/CN109561090B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of web intelligence defence methods, comprising: when receiving the request of client transmission, judges the feature that request whether is recorded in the tables of data of record attack information;If so, judging to request whether the number of times of attack in preset first duration is more than preset threshold value;When requesting the number of times of attack in preset first duration to be more than preset threshold value, preset defence rule is executed.Wherein, this method avoid requesting the process being compared with intrusion feature database to improve defence efficiency to reduce workload for each repeatedly, the performance of normal service quality and whole network in network has also been correspondinglyd increase.Correspondingly, a kind of web intelligence defence installation, equipment and readable storage medium storing program for executing disclosed by the invention, similarly have above-mentioned technique effect.

Description

A kind of web intelligence defence method, device, equipment and readable storage medium storing program for executing
Technical field
The present invention relates to technical field of network security, more specifically to a kind of web intelligence defence method, device, set Standby and readable storage medium storing program for executing.
Background technique
Nowadays network security becomes the major issue for influencing network efficiency.Attackers generally using enterprise network as target, The host that enterprise is invaded by network, steals or destroys important data, enterprise network is made to paralyse, cause to enterprise huge Loss.
For the safety for improving network, people generally have the access request of attack by system of defense filtering.Its In, the attack detecting of system of defense is mainly to be realized by intrusion feature database.The defence process of existing system of defense are as follows: The each request received is compared with preset intrusion feature database at security engine, to determine whether request has attack Behavior;If request has attack, using the safety of corresponding strategy protection current system;If request does not have attack row Then normally to handle current request.It should be noted that each request and attack that existing system of defense needs to receive Feature database is compared, this undoubtedly increases the load and workload of security engine, can generate the work of bulk redundancy, and then drop The performance of normal service quality and whole network in low defence efficiency, network.
Therefore, how to improve defence efficiency, in network normal service quality and whole network performance, be this field skill Art personnel's problem to be solved.
Summary of the invention
The purpose of the present invention is to provide a kind of web intelligence defence method, device, equipment and readable storage medium storing program for executing, to mention The performance of normal service quality and whole network in height defence efficiency, network.
To achieve the above object, the embodiment of the invention provides following technical solutions:
A kind of web intelligence defence method, comprising:
When receiving the request of client transmission, judge described ask whether has been recorded in the tables of data of record attack information The feature asked;
If so, judging whether number of times of attack of the request in preset first duration is more than preset threshold value;When When number of times of attack of the request in preset first duration is more than preset threshold value, preset defence rule is executed.
Wherein, further includes:
When number of times of attack of the request in preset first duration is less than preset threshold value, attacked in the record It hits in the tables of data of information and updates the number of times of attack of the request.
Wherein, it is described it is described record attack information tables of data in update the number of times of attack of the request after, also wrap It includes:
The corresponding safety of the corresponding attack grade of the request recorded in tables of data according to the record attack information Strategy handles the request.
Wherein, further includes:
When not recording the feature of the request in the tables of data of record attack information, the request is attacked with preset Property data base is hit to compare;
When the request has attack, attacking for the request is updated in the tables of data of the record attack information Number is hit, determines the corresponding attack grade of the request, and according to described in security strategy corresponding with attack grade processing Request;
When the request does not have attack, the request is transmitted to corresponding node and is handled.
It is wherein, described to execute preset defence rule, comprising:
Forbid described request access in preset second duration;
And/or
The warning message for carrying the feature of the request is generated, and the warning message is transmitted to management end and is opened up Show.
Wherein, further includes:
The tables of data of the record attack information is visualized.
Wherein, further includes:
Obtain the first duration, threshold value and the second duration of user's input;
The first duration, threshold value and the second duration are adjusted according to the first duration, threshold value and the second duration of user input.
A kind of web intelligence defence installation, comprising:
Judgment module, for when receive client transmission request when, judge record attack information tables of data in be It is no to record the feature for having the request;
Execution module, for when record has the feature of the request in the tables of data of record attack information, described in judgement Request whether the number of times of attack in preset first duration is more than preset threshold value;When the request is in preset first duration When interior number of times of attack is more than preset threshold value, preset defence rule is executed.
A kind of web intelligence defensive equipment, comprising:
Memory, for storing computer program;
Processor realizes web intelligence defence method described in above-mentioned any one when for executing the computer program The step of.
A kind of readable storage medium storing program for executing is stored with computer program, the computer program quilt on the readable storage medium storing program for executing The step of processor realizes web intelligence defence method described in above-mentioned any one when executing.
By above scheme it is found that a kind of web intelligence defence method provided in an embodiment of the present invention, comprising: when receiving When the request that client is sent, the feature that the request whether is recorded in the tables of data of record attack information is judged;If so, Judge whether number of times of attack of the request in preset first duration is more than preset threshold value;When the request is preset When number of times of attack in first duration is more than preset threshold value, preset defence rule is executed.
As it can be seen that the method when receiving the request of client transmission, first determines whether the tables of data of record attack information In whether record the feature of current request;When record has the feature of current request in the tables of data of record attack information, table Bright current request has attack;When not recording the feature of current request in the tables of data of record attack information, show to work as Preceding request does not have attack;When determining that current request has attack, then further judge current request default The first duration in number of times of attack whether be more than preset threshold value;Number of times of attack of the current request in preset first duration When more than preset threshold value, preset defence rule is executed, to complete Prevention-Security.Wherein, this method avoid repeatedly will It is each that the process being compared with intrusion feature database is requested to improve defence efficiency to reduce workload, also correspondingly increase The performance of normal service quality and whole network in network.
Correspondingly, a kind of web intelligence defence installation, equipment and readable storage medium storing program for executing provided in an embodiment of the present invention, also together Sample has above-mentioned technique effect.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.
Fig. 1 is a kind of web intelligence defence method flow chart disclosed by the embodiments of the present invention;
Fig. 2 is another kind web intelligence defence method flow chart disclosed by the embodiments of the present invention;
Fig. 3 is a kind of web intelligence defence installation schematic diagram disclosed by the embodiments of the present invention;
Fig. 4 is a kind of web intelligence defensive equipment schematic diagram disclosed by the embodiments of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
The embodiment of the invention discloses a kind of web intelligence defence method, device, equipment and readable storage medium storing program for executing, to improve The performance of normal service quality and whole network in defence efficiency, network.
Referring to Fig. 1, a kind of web intelligence defence method provided in an embodiment of the present invention, comprising:
S101, the request that client is sent is received;
S102, judge the feature that the request whether is recorded in the tables of data for attacking information recorded;If so, executing S103;If it is not, then executing S107;
S103, judge whether number of times of attack of the request in preset first duration is more than preset threshold value;If so, Execute S104;If it is not, then executing S105;
S104, preset defence rule is executed;
S105, the number of times of attack of request is updated in the tables of data of record attack information, and executes S106;
The corresponding security strategy of the corresponding attack grade of request recorded in S106, the tables of data according to record attack information Processing request;
S107, request is compared with preset attack signature database;
S108, when request has attack, update the number of times of attack of request in the tables of data of record attack information, It determines and requests corresponding attack grade, and requested according to security strategy processing corresponding with attack grade;
S109, when request do not have attack when, request is transmitted to corresponding node and is handled.
Preferably, described to execute preset defence rule, comprising: inhibition request accesses in preset second duration, or The warning message for carrying the feature of request is generated, and warning message is transmitted to management end and is shown.It is, of course, also possible to prohibiting While only access, the warning message for carrying the feature of request is generated, and warning message is transmitted to management end and is shown, and Warning message is recorded to system log.
Defence method provided in this embodiment avoids the process of request and feature database comparison repeatedly.When what is received attacks When hitting the number of times of attack of request and being more than preset threshold value, directly execute preset defence rule, without again by current request and Feature database is compared, to reduce workload, improves defence efficiency.
As it can be seen that present embodiments providing a kind of web intelligence defence method, the method is receiving asking for client transmission When asking, the feature that current request whether is recorded in the tables of data of record attack information is first determined whether;When record attack information When record has the feature of current request in tables of data, show that current request has attack;When the data of record attack information When not recording the feature of current request in table, show that current request does not have attack;It is attacked when determining that current request has When behavior, then further judge whether number of times of attack of the current request in preset first duration is more than preset threshold value;When When number of times of attack of the preceding request in preset first duration is more than preset threshold value, preset defence rule is executed, thus complete At Prevention-Security.Wherein, this method avoid the processes that each request is compared with intrusion feature database repeatedly, to reduce Workload, improves defence efficiency, has also correspondinglyd increase the performance of normal service quality and whole network in network.
Based on the above embodiment, it should be noted that further include: the tables of data of the record attack information is carried out visual Change and shows.
Wherein, further includes:
Obtain the first duration, threshold value and the second duration of user's input;
The first duration, threshold value and the second duration are adjusted according to the first duration, threshold value and the second duration of user input.
Specifically, the first duration, threshold value and the second duration in above-described embodiment are user presets, and certainly, Yong Huke To adjust the size of the first duration, threshold value and the second duration in time based on historical data or experience.Historical data, that is, log information The attack information of middle record.
Core concept based on the above embodiment can be embodied according to following proposal.
When client is initiated to request, the particular attack feature that is carried using client in security rules engine Rule is matched, and security level belonging to the rule and corresponding matching times are recorded, and matching times and reaches setting at this time Threshold value, therefore only do matching times update.Wherein, the rule in security rules engine is to judge whether request has attack row For rule, which can be to be multiple, and preset numbers, in order to record and inquire.The database formed by the rule is i.e. Attack signature database can be regarded as.
When matching times reach the threshold value of setting, i.e., it can trigger corresponding intelligence defence rule.Specifically, intelligence defence Rule may be configured as:
(1) defence entry-into-force time section: such as 7:30- in morning evening 19:40, i.e., taking effect rules are intelligently defendd in this period; (2) detection cycle: in seconds;(3) trigger safety regulation grade: altogether 4 grades, it is low jeopardize it is above, in jeopardize it is above, Height jeopardizes above, menace level (4) matching times: matching times in detection cycle.(5) it acts: blocking and alert.Specifically set It sets content and refers to table 1.
Table 1
Period Detection cycle Matching times Matching rule grade Block duration
11:30-17:30 60 seconds 50 It is low jeopardize it is above 50 minutes
Specifically, the every terms of information of the request received is recorded in tables of data, which is in above-described embodiment Record attack information tables of data.The information wherein recorded includes: the client ip, every of the timestamp of request, each request Safety regulation grade and unit week belonging to the safety regulation number of a request triggering, the safety regulation number of each request triggering The number of client request matching safety regulation and movement, these information can regard the feature of request as in phase.Wherein, difference etc. The safety regulation of grade can be correspondingly arranged different blocking duration, detection cycle and matching times, refer to table 2.
Table 2
After being provided with intelligence defence rule and opening, the number of setting client request matching safety regulation grade is initial Value is 0.When the client continues request matching safety regulation hierarchy rules in unit period, depositing for data table information is updated Storage (number that client ip request matches the safety regulation grade in unit period adds one), when the matched number of client ip When reaching threshold value, the next request of client ip will directly be blocked without subsequent processing in agent engine, work as blocking After corresponding duration, the number of times of attack of current request is recorded again.
Refer to Fig. 2, a kind of specific steps of web intelligence defence method are as follows:
(1) a request is obtained;
(2) client ip and attack signature are obtained from request;
(3) judge whether detection cycle duration has reached detection cycle;
(4) it is not up to detection cycle duration, then jumps to (7) step;
(5) reach detection cycle, client ip security level rule match in detection cycle is secondary from obtaining in tables of data Whether number is greater than threshold value;
(6) it is greater than threshold value and blocking corresponding duration is carried out to all requests of client ip then according to matching times, etc. Continue (1) to next request;
(7) it is less than threshold value, corresponding safety regulation is matched by attack signature, obtains locating matching safety regulation grade;
(8) the client ip/ safety regulation grade that will acquire is recorded in tables of data;
(9) matching times of client ip detection cycle in tables of data are added into a update;
(10) the corresponding movement of the safety regulation is executed.
It should be noted that step 1-6 is arranged in agent engine, step 7-10 is arranged in security rules engine, with The workload in security rules engine is reduced, defence efficiency is improved.As it can be seen that the embodiment can not only prevent asking for attacker The attack detecting around system of defense is sought, while being hindered the request with attack by client ip at agent engine It is disconnected, mitigate the performance pressures of security rules engine, has the advantages that enhance safety defense system safety and performance.
A kind of web intelligence defence installation provided in an embodiment of the present invention is introduced below, a kind of web described below Intelligent defence installation can be cross-referenced with a kind of above-described web intelligence defence method.
Referring to Fig. 3, a kind of web intelligence defence installation provided in an embodiment of the present invention, comprising:
Judgment module 301, for judging that record is attacked in the tables of data of information when receiving the request of client transmission Whether record has the feature of the request;
Execution module 302, for judging institute when record has the feature of the request in the tables of data of record attack information It states and requests whether the number of times of attack in preset first duration is more than preset threshold value;When the request is preset first When number of times of attack in length is more than preset threshold value, preset defence rule is executed.
Wherein, further includes:
Update module, for being less than preset threshold value when number of times of attack of the request in preset first duration When, the number of times of attack of the request is updated in the tables of data of the record attack information.
Wherein, further includes:
Processing module, the corresponding attack of the request etc. for being recorded in the tables of data according to the record attack information The corresponding security strategy of grade handles the request.
Wherein, further includes:
Contrast module will be described for when not recording the feature of the request in the tables of data of record attack information Request is compared with preset attack signature database;
First determining module, for attacking the tables of data of information in the record when the request has attack The middle number of times of attack for updating the request determines the corresponding attack grade of the request, and according to corresponding with the attack grade Security strategy handle the request;
Second determining module, for when the request does not have attack, the request to be transmitted to corresponding section Point is handled.
Wherein, the execution module is specifically used for:
Forbid described request access in preset second duration;
And/or
The warning message for carrying the feature of the request is generated, and the warning message is transmitted to management end and is opened up Show.
Wherein, further includes:
Display module, for visualizing the tables of data of the record attack information.
Wherein, further includes:
Module is obtained, for obtaining the first duration, threshold value and the second duration of user's input;
Module is adjusted, the first duration, threshold value and the second duration for inputting according to the user adjust the first duration, threshold Value and the second duration.
As it can be seen that present embodiments providing a kind of web intelligence defence installation, comprising: judgment module and execution module.Its In, when receive client transmission request when, and judgment module judge record attack information tables of data in whether recorded The feature of the request;When record has the feature of the request in the tables of data of record attack information, execution module judges institute It states and requests whether the number of times of attack in preset first duration is more than preset threshold value;When the request is preset first When number of times of attack in length is more than preset threshold value, preset defence rule is executed.Wherein, avoid repeatedly by it is each request with The process that intrusion feature database is compared improves defence efficiency to reduce workload, has also correspondinglyd increase in network just The performance of normal service quality and whole network.
A kind of web intelligence defensive equipment provided in an embodiment of the present invention is introduced below, a kind of web described below Intelligent defensive equipment can be cross-referenced with a kind of above-described web intelligence defence method and device.
Referring to fig. 4, a kind of web intelligence defensive equipment provided in an embodiment of the present invention, comprising:
Memory 401, for storing computer program;
Processor 402 realizes that web described in above-mentioned any embodiment is intelligently defendd when for executing the computer program The step of method.
A kind of readable storage medium storing program for executing provided in an embodiment of the present invention is introduced below, one kind described below is readable to deposit Storage media can be cross-referenced with a kind of above-described web intelligence defence method, device and equipment.
A kind of readable storage medium storing program for executing is stored with computer program, the computer program quilt on the readable storage medium storing program for executing The step of web intelligence defence method as described in above-mentioned any embodiment is realized when processor executes.
Each embodiment in this specification is described in a progressive manner, the highlights of each of the examples are with other The difference of embodiment, the same or similar parts in each embodiment may refer to each other.
The foregoing description of the disclosed embodiments enables those skilled in the art to implement or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, as defined herein General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, of the invention It is not intended to be limited to the embodiments shown herein, and is to fit to and the principles and novel features disclosed herein phase one The widest scope of cause.

Claims (10)

1. a kind of web intelligence defence method characterized by comprising
When receiving the request of client transmission, judge whether record the request in the tables of data of record attack information Feature;
If so, judging whether number of times of attack of the request in preset first duration is more than preset threshold value;When described When the number of times of attack in preset first duration being requested to be more than preset threshold value, preset defence rule is executed.
2. web intelligence defence method according to claim 1, which is characterized in that further include:
When number of times of attack of the request in preset first duration is less than preset threshold value, attacks and believe in the record The number of times of attack of the request is updated in the tables of data of breath.
3. web intelligence defence method according to claim 2, which is characterized in that described to attack information in the record After the number of times of attack for updating the request in tables of data, further includes:
The corresponding security strategy of the corresponding attack grade of the request recorded in tables of data according to the record attack information Handle the request.
4. web intelligence defence method according to claim 3, which is characterized in that further include:
It is when not recording the feature of the request in the tables of data of record attack information, the request and preset attack is special Sign database compares;
When the request has attack, the attack time of the request is updated in the tables of data of the record attack information Number determines the corresponding attack grade of the request, and handles the request according to security strategy corresponding with the attack grade;
When the request does not have attack, the request is transmitted to corresponding node and is handled.
5. web intelligence defence method according to claim 1, which is characterized in that described to execute preset defence rule, packet It includes:
Forbid described request access in preset second duration;
And/or
The warning message for carrying the feature of the request is generated, and the warning message is transmitted to management end and is shown.
6. web intelligence defence method described in -5 any one according to claim 1, which is characterized in that further include:
The tables of data of the record attack information is visualized.
7. web intelligence defence method according to claim 6, which is characterized in that further include:
Obtain the first duration, threshold value and the second duration of user's input;
The first duration, threshold value and the second duration are adjusted according to the first duration, threshold value and the second duration of user input.
8. a kind of web intelligence defence installation characterized by comprising
Judgment module, for judging whether remember in the tables of data of record attack information when receiving the request of client transmission Record has the feature of the request;
Execution module, for judging the request when record has the feature of the request in the tables of data of record attack information Whether the number of times of attack in preset first duration is more than preset threshold value;When the request is in preset first duration When number of times of attack is more than preset threshold value, preset defence rule is executed.
9. a kind of web intelligence defensive equipment characterized by comprising
Memory, for storing computer program;
Processor realizes that the web as described in claim 1-7 any one is intelligently defendd when for executing the computer program The step of method.
10. a kind of readable storage medium storing program for executing, which is characterized in that be stored with computer program, the meter on the readable storage medium storing program for executing The step of web intelligence defence method as described in claim 1-7 any one is realized when calculation machine program is executed by processor.
CN201811455605.4A 2018-11-30 2018-11-30 Web intelligent defense method, device, equipment and readable storage medium Active CN109561090B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811455605.4A CN109561090B (en) 2018-11-30 2018-11-30 Web intelligent defense method, device, equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811455605.4A CN109561090B (en) 2018-11-30 2018-11-30 Web intelligent defense method, device, equipment and readable storage medium

Publications (2)

Publication Number Publication Date
CN109561090A true CN109561090A (en) 2019-04-02
CN109561090B CN109561090B (en) 2022-04-26

Family

ID=65868271

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811455605.4A Active CN109561090B (en) 2018-11-30 2018-11-30 Web intelligent defense method, device, equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN109561090B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020248687A1 (en) * 2019-06-12 2020-12-17 深圳前海微众银行股份有限公司 Method and apparatus for preventing malicious attack
CN112333168A (en) * 2020-10-27 2021-02-05 杭州安恒信息技术股份有限公司 Attack identification method, device, equipment and computer readable storage medium
CN112434304A (en) * 2020-12-02 2021-03-02 网宿科技股份有限公司 Method, server and computer readable storage medium for defending network attack
CN113496033A (en) * 2020-04-08 2021-10-12 腾讯科技(深圳)有限公司 Access behavior recognition method and device and storage medium
CN113569237A (en) * 2021-07-29 2021-10-29 武汉天喻信息产业股份有限公司 Attack protection method, device, equipment and readable storage medium
CN113676497A (en) * 2021-10-22 2021-11-19 广州锦行网络科技有限公司 Data blocking method and device, electronic equipment and storage medium
CN113923039A (en) * 2021-10-20 2022-01-11 北京知道创宇信息技术股份有限公司 Attack equipment identification method and device, electronic equipment and readable storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070169194A1 (en) * 2004-12-29 2007-07-19 Church Christopher A Threat scoring system and method for intrusion detection security networks
CN105959290A (en) * 2016-06-06 2016-09-21 杭州迪普科技有限公司 Detection method and device of attack message
EP3110103A1 (en) * 2015-06-24 2016-12-28 Verisign, Inc. Systems and methods for automatically mitigating denial of service attacks
CN106790292A (en) * 2017-03-13 2017-05-31 摩贝(上海)生物科技有限公司 The web application layer attacks detection and defence method of Behavior-based control characteristic matching and analysis
CN107332811A (en) * 2016-04-29 2017-11-07 阿里巴巴集团控股有限公司 The methods, devices and systems of intrusion detection
CN108111472A (en) * 2016-11-24 2018-06-01 腾讯科技(深圳)有限公司 A kind of attack signature detection method and device
CN108173812A (en) * 2017-12-07 2018-06-15 东软集团股份有限公司 Prevent method, apparatus, storage medium and the equipment of network attack
CN108259476A (en) * 2017-12-29 2018-07-06 杭州安恒信息技术有限公司 A kind of anti-based on fuzzy induction guesses solution around method and its system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070169194A1 (en) * 2004-12-29 2007-07-19 Church Christopher A Threat scoring system and method for intrusion detection security networks
EP3110103A1 (en) * 2015-06-24 2016-12-28 Verisign, Inc. Systems and methods for automatically mitigating denial of service attacks
CN107332811A (en) * 2016-04-29 2017-11-07 阿里巴巴集团控股有限公司 The methods, devices and systems of intrusion detection
CN105959290A (en) * 2016-06-06 2016-09-21 杭州迪普科技有限公司 Detection method and device of attack message
CN108111472A (en) * 2016-11-24 2018-06-01 腾讯科技(深圳)有限公司 A kind of attack signature detection method and device
CN106790292A (en) * 2017-03-13 2017-05-31 摩贝(上海)生物科技有限公司 The web application layer attacks detection and defence method of Behavior-based control characteristic matching and analysis
CN108173812A (en) * 2017-12-07 2018-06-15 东软集团股份有限公司 Prevent method, apparatus, storage medium and the equipment of network attack
CN108259476A (en) * 2017-12-29 2018-07-06 杭州安恒信息技术有限公司 A kind of anti-based on fuzzy induction guesses solution around method and its system

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020248687A1 (en) * 2019-06-12 2020-12-17 深圳前海微众银行股份有限公司 Method and apparatus for preventing malicious attack
CN113496033A (en) * 2020-04-08 2021-10-12 腾讯科技(深圳)有限公司 Access behavior recognition method and device and storage medium
CN112333168A (en) * 2020-10-27 2021-02-05 杭州安恒信息技术股份有限公司 Attack identification method, device, equipment and computer readable storage medium
CN112434304A (en) * 2020-12-02 2021-03-02 网宿科技股份有限公司 Method, server and computer readable storage medium for defending network attack
CN112434304B (en) * 2020-12-02 2024-05-24 网宿科技股份有限公司 Method, server and computer readable storage medium for defending against network attacks
CN113569237A (en) * 2021-07-29 2021-10-29 武汉天喻信息产业股份有限公司 Attack protection method, device, equipment and readable storage medium
CN113569237B (en) * 2021-07-29 2024-04-02 武汉天喻信息产业股份有限公司 Attack protection method, device, equipment and readable storage medium
CN113923039A (en) * 2021-10-20 2022-01-11 北京知道创宇信息技术股份有限公司 Attack equipment identification method and device, electronic equipment and readable storage medium
CN113923039B (en) * 2021-10-20 2023-11-28 北京知道创宇信息技术股份有限公司 Attack equipment identification method and device, electronic equipment and readable storage medium
CN113676497A (en) * 2021-10-22 2021-11-19 广州锦行网络科技有限公司 Data blocking method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN109561090B (en) 2022-04-26

Similar Documents

Publication Publication Date Title
CN109561090A (en) A kind of web intelligence defence method, device, equipment and readable storage medium storing program for executing
US9386036B2 (en) Method for detecting and preventing a DDoS attack using cloud computing, and server
US8863293B2 (en) Predicting attacks based on probabilistic game-theory
US10635817B2 (en) Targeted security alerts
CN105763561B (en) A kind of attack defense method and device
CN110071941B (en) Network attack detection method, equipment, storage medium and computer equipment
CN105577608B (en) Network attack behavior detection method and device
US20030110393A1 (en) Intrusion detection method and signature table
CN107888607A (en) A kind of Cyberthreat detection method, device and network management device
Çeker et al. Deception-based game theoretical approach to mitigate DoS attacks
EP2471292B1 (en) Method and arrangement for detecting fraud in telecommunication networks.
CN109889550B (en) DDoS attack determination method and device
CN110730195A (en) Data processing method and device and computer readable storage medium
CN107046516B (en) Wind control method and device for identifying mobile terminal identity
WO2017032287A1 (en) Information acquisition method and device
CN113472789B (en) Attack detection method, attack detection system, storage medium and electronic device
CN109474623A (en) Network safety prevention and its parameter determination method, device and equipment, medium
CN114389898B (en) Web defense method, device and system based on shooting range
Oo et al. Enhancement of preventing application layer based on DDoS attacks by using hidden semi-Markov model
CN116389147A (en) Method and device for blocking network attack, electronic equipment and storage medium
CN107528859B (en) Defense method and device for DDoS attack
Hessam et al. A new approach for detecting violation of data plane integrity in Software Defined Networks
CN116094801A (en) Security attack protection method, device, equipment and readable storage medium
CN115102727A (en) Network intrusion active defense system and method based on dynamic IP blacklist
CN113055362B (en) Method, device, equipment and storage medium for preventing abnormal behaviors

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant