CN109561090A - A kind of web intelligence defence method, device, equipment and readable storage medium storing program for executing - Google Patents
A kind of web intelligence defence method, device, equipment and readable storage medium storing program for executing Download PDFInfo
- Publication number
- CN109561090A CN109561090A CN201811455605.4A CN201811455605A CN109561090A CN 109561090 A CN109561090 A CN 109561090A CN 201811455605 A CN201811455605 A CN 201811455605A CN 109561090 A CN109561090 A CN 109561090A
- Authority
- CN
- China
- Prior art keywords
- request
- attack
- preset
- duration
- record
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of web intelligence defence methods, comprising: when receiving the request of client transmission, judges the feature that request whether is recorded in the tables of data of record attack information;If so, judging to request whether the number of times of attack in preset first duration is more than preset threshold value;When requesting the number of times of attack in preset first duration to be more than preset threshold value, preset defence rule is executed.Wherein, this method avoid requesting the process being compared with intrusion feature database to improve defence efficiency to reduce workload for each repeatedly, the performance of normal service quality and whole network in network has also been correspondinglyd increase.Correspondingly, a kind of web intelligence defence installation, equipment and readable storage medium storing program for executing disclosed by the invention, similarly have above-mentioned technique effect.
Description
Technical field
The present invention relates to technical field of network security, more specifically to a kind of web intelligence defence method, device, set
Standby and readable storage medium storing program for executing.
Background technique
Nowadays network security becomes the major issue for influencing network efficiency.Attackers generally using enterprise network as target,
The host that enterprise is invaded by network, steals or destroys important data, enterprise network is made to paralyse, cause to enterprise huge
Loss.
For the safety for improving network, people generally have the access request of attack by system of defense filtering.Its
In, the attack detecting of system of defense is mainly to be realized by intrusion feature database.The defence process of existing system of defense are as follows:
The each request received is compared with preset intrusion feature database at security engine, to determine whether request has attack
Behavior;If request has attack, using the safety of corresponding strategy protection current system;If request does not have attack row
Then normally to handle current request.It should be noted that each request and attack that existing system of defense needs to receive
Feature database is compared, this undoubtedly increases the load and workload of security engine, can generate the work of bulk redundancy, and then drop
The performance of normal service quality and whole network in low defence efficiency, network.
Therefore, how to improve defence efficiency, in network normal service quality and whole network performance, be this field skill
Art personnel's problem to be solved.
Summary of the invention
The purpose of the present invention is to provide a kind of web intelligence defence method, device, equipment and readable storage medium storing program for executing, to mention
The performance of normal service quality and whole network in height defence efficiency, network.
To achieve the above object, the embodiment of the invention provides following technical solutions:
A kind of web intelligence defence method, comprising:
When receiving the request of client transmission, judge described ask whether has been recorded in the tables of data of record attack information
The feature asked;
If so, judging whether number of times of attack of the request in preset first duration is more than preset threshold value;When
When number of times of attack of the request in preset first duration is more than preset threshold value, preset defence rule is executed.
Wherein, further includes:
When number of times of attack of the request in preset first duration is less than preset threshold value, attacked in the record
It hits in the tables of data of information and updates the number of times of attack of the request.
Wherein, it is described it is described record attack information tables of data in update the number of times of attack of the request after, also wrap
It includes:
The corresponding safety of the corresponding attack grade of the request recorded in tables of data according to the record attack information
Strategy handles the request.
Wherein, further includes:
When not recording the feature of the request in the tables of data of record attack information, the request is attacked with preset
Property data base is hit to compare;
When the request has attack, attacking for the request is updated in the tables of data of the record attack information
Number is hit, determines the corresponding attack grade of the request, and according to described in security strategy corresponding with attack grade processing
Request;
When the request does not have attack, the request is transmitted to corresponding node and is handled.
It is wherein, described to execute preset defence rule, comprising:
Forbid described request access in preset second duration;
And/or
The warning message for carrying the feature of the request is generated, and the warning message is transmitted to management end and is opened up
Show.
Wherein, further includes:
The tables of data of the record attack information is visualized.
Wherein, further includes:
Obtain the first duration, threshold value and the second duration of user's input;
The first duration, threshold value and the second duration are adjusted according to the first duration, threshold value and the second duration of user input.
A kind of web intelligence defence installation, comprising:
Judgment module, for when receive client transmission request when, judge record attack information tables of data in be
It is no to record the feature for having the request;
Execution module, for when record has the feature of the request in the tables of data of record attack information, described in judgement
Request whether the number of times of attack in preset first duration is more than preset threshold value;When the request is in preset first duration
When interior number of times of attack is more than preset threshold value, preset defence rule is executed.
A kind of web intelligence defensive equipment, comprising:
Memory, for storing computer program;
Processor realizes web intelligence defence method described in above-mentioned any one when for executing the computer program
The step of.
A kind of readable storage medium storing program for executing is stored with computer program, the computer program quilt on the readable storage medium storing program for executing
The step of processor realizes web intelligence defence method described in above-mentioned any one when executing.
By above scheme it is found that a kind of web intelligence defence method provided in an embodiment of the present invention, comprising: when receiving
When the request that client is sent, the feature that the request whether is recorded in the tables of data of record attack information is judged;If so,
Judge whether number of times of attack of the request in preset first duration is more than preset threshold value;When the request is preset
When number of times of attack in first duration is more than preset threshold value, preset defence rule is executed.
As it can be seen that the method when receiving the request of client transmission, first determines whether the tables of data of record attack information
In whether record the feature of current request;When record has the feature of current request in the tables of data of record attack information, table
Bright current request has attack;When not recording the feature of current request in the tables of data of record attack information, show to work as
Preceding request does not have attack;When determining that current request has attack, then further judge current request default
The first duration in number of times of attack whether be more than preset threshold value;Number of times of attack of the current request in preset first duration
When more than preset threshold value, preset defence rule is executed, to complete Prevention-Security.Wherein, this method avoid repeatedly will
It is each that the process being compared with intrusion feature database is requested to improve defence efficiency to reduce workload, also correspondingly increase
The performance of normal service quality and whole network in network.
Correspondingly, a kind of web intelligence defence installation, equipment and readable storage medium storing program for executing provided in an embodiment of the present invention, also together
Sample has above-mentioned technique effect.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is a kind of web intelligence defence method flow chart disclosed by the embodiments of the present invention;
Fig. 2 is another kind web intelligence defence method flow chart disclosed by the embodiments of the present invention;
Fig. 3 is a kind of web intelligence defence installation schematic diagram disclosed by the embodiments of the present invention;
Fig. 4 is a kind of web intelligence defensive equipment schematic diagram disclosed by the embodiments of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
The embodiment of the invention discloses a kind of web intelligence defence method, device, equipment and readable storage medium storing program for executing, to improve
The performance of normal service quality and whole network in defence efficiency, network.
Referring to Fig. 1, a kind of web intelligence defence method provided in an embodiment of the present invention, comprising:
S101, the request that client is sent is received;
S102, judge the feature that the request whether is recorded in the tables of data for attacking information recorded;If so, executing
S103;If it is not, then executing S107;
S103, judge whether number of times of attack of the request in preset first duration is more than preset threshold value;If so,
Execute S104;If it is not, then executing S105;
S104, preset defence rule is executed;
S105, the number of times of attack of request is updated in the tables of data of record attack information, and executes S106;
The corresponding security strategy of the corresponding attack grade of request recorded in S106, the tables of data according to record attack information
Processing request;
S107, request is compared with preset attack signature database;
S108, when request has attack, update the number of times of attack of request in the tables of data of record attack information,
It determines and requests corresponding attack grade, and requested according to security strategy processing corresponding with attack grade;
S109, when request do not have attack when, request is transmitted to corresponding node and is handled.
Preferably, described to execute preset defence rule, comprising: inhibition request accesses in preset second duration, or
The warning message for carrying the feature of request is generated, and warning message is transmitted to management end and is shown.It is, of course, also possible to prohibiting
While only access, the warning message for carrying the feature of request is generated, and warning message is transmitted to management end and is shown, and
Warning message is recorded to system log.
Defence method provided in this embodiment avoids the process of request and feature database comparison repeatedly.When what is received attacks
When hitting the number of times of attack of request and being more than preset threshold value, directly execute preset defence rule, without again by current request and
Feature database is compared, to reduce workload, improves defence efficiency.
As it can be seen that present embodiments providing a kind of web intelligence defence method, the method is receiving asking for client transmission
When asking, the feature that current request whether is recorded in the tables of data of record attack information is first determined whether;When record attack information
When record has the feature of current request in tables of data, show that current request has attack;When the data of record attack information
When not recording the feature of current request in table, show that current request does not have attack;It is attacked when determining that current request has
When behavior, then further judge whether number of times of attack of the current request in preset first duration is more than preset threshold value;When
When number of times of attack of the preceding request in preset first duration is more than preset threshold value, preset defence rule is executed, thus complete
At Prevention-Security.Wherein, this method avoid the processes that each request is compared with intrusion feature database repeatedly, to reduce
Workload, improves defence efficiency, has also correspondinglyd increase the performance of normal service quality and whole network in network.
Based on the above embodiment, it should be noted that further include: the tables of data of the record attack information is carried out visual
Change and shows.
Wherein, further includes:
Obtain the first duration, threshold value and the second duration of user's input;
The first duration, threshold value and the second duration are adjusted according to the first duration, threshold value and the second duration of user input.
Specifically, the first duration, threshold value and the second duration in above-described embodiment are user presets, and certainly, Yong Huke
To adjust the size of the first duration, threshold value and the second duration in time based on historical data or experience.Historical data, that is, log information
The attack information of middle record.
Core concept based on the above embodiment can be embodied according to following proposal.
When client is initiated to request, the particular attack feature that is carried using client in security rules engine
Rule is matched, and security level belonging to the rule and corresponding matching times are recorded, and matching times and reaches setting at this time
Threshold value, therefore only do matching times update.Wherein, the rule in security rules engine is to judge whether request has attack row
For rule, which can be to be multiple, and preset numbers, in order to record and inquire.The database formed by the rule is i.e.
Attack signature database can be regarded as.
When matching times reach the threshold value of setting, i.e., it can trigger corresponding intelligence defence rule.Specifically, intelligence defence
Rule may be configured as:
(1) defence entry-into-force time section: such as 7:30- in morning evening 19:40, i.e., taking effect rules are intelligently defendd in this period;
(2) detection cycle: in seconds;(3) trigger safety regulation grade: altogether 4 grades, it is low jeopardize it is above, in jeopardize it is above,
Height jeopardizes above, menace level (4) matching times: matching times in detection cycle.(5) it acts: blocking and alert.Specifically set
It sets content and refers to table 1.
Table 1
Period | Detection cycle | Matching times | Matching rule grade | Block duration |
11:30-17:30 | 60 seconds | 50 | It is low jeopardize it is above | 50 minutes |
Specifically, the every terms of information of the request received is recorded in tables of data, which is in above-described embodiment
Record attack information tables of data.The information wherein recorded includes: the client ip, every of the timestamp of request, each request
Safety regulation grade and unit week belonging to the safety regulation number of a request triggering, the safety regulation number of each request triggering
The number of client request matching safety regulation and movement, these information can regard the feature of request as in phase.Wherein, difference etc.
The safety regulation of grade can be correspondingly arranged different blocking duration, detection cycle and matching times, refer to table 2.
Table 2
After being provided with intelligence defence rule and opening, the number of setting client request matching safety regulation grade is initial
Value is 0.When the client continues request matching safety regulation hierarchy rules in unit period, depositing for data table information is updated
Storage (number that client ip request matches the safety regulation grade in unit period adds one), when the matched number of client ip
When reaching threshold value, the next request of client ip will directly be blocked without subsequent processing in agent engine, work as blocking
After corresponding duration, the number of times of attack of current request is recorded again.
Refer to Fig. 2, a kind of specific steps of web intelligence defence method are as follows:
(1) a request is obtained;
(2) client ip and attack signature are obtained from request;
(3) judge whether detection cycle duration has reached detection cycle;
(4) it is not up to detection cycle duration, then jumps to (7) step;
(5) reach detection cycle, client ip security level rule match in detection cycle is secondary from obtaining in tables of data
Whether number is greater than threshold value;
(6) it is greater than threshold value and blocking corresponding duration is carried out to all requests of client ip then according to matching times, etc.
Continue (1) to next request;
(7) it is less than threshold value, corresponding safety regulation is matched by attack signature, obtains locating matching safety regulation grade;
(8) the client ip/ safety regulation grade that will acquire is recorded in tables of data;
(9) matching times of client ip detection cycle in tables of data are added into a update;
(10) the corresponding movement of the safety regulation is executed.
It should be noted that step 1-6 is arranged in agent engine, step 7-10 is arranged in security rules engine, with
The workload in security rules engine is reduced, defence efficiency is improved.As it can be seen that the embodiment can not only prevent asking for attacker
The attack detecting around system of defense is sought, while being hindered the request with attack by client ip at agent engine
It is disconnected, mitigate the performance pressures of security rules engine, has the advantages that enhance safety defense system safety and performance.
A kind of web intelligence defence installation provided in an embodiment of the present invention is introduced below, a kind of web described below
Intelligent defence installation can be cross-referenced with a kind of above-described web intelligence defence method.
Referring to Fig. 3, a kind of web intelligence defence installation provided in an embodiment of the present invention, comprising:
Judgment module 301, for judging that record is attacked in the tables of data of information when receiving the request of client transmission
Whether record has the feature of the request;
Execution module 302, for judging institute when record has the feature of the request in the tables of data of record attack information
It states and requests whether the number of times of attack in preset first duration is more than preset threshold value;When the request is preset first
When number of times of attack in length is more than preset threshold value, preset defence rule is executed.
Wherein, further includes:
Update module, for being less than preset threshold value when number of times of attack of the request in preset first duration
When, the number of times of attack of the request is updated in the tables of data of the record attack information.
Wherein, further includes:
Processing module, the corresponding attack of the request etc. for being recorded in the tables of data according to the record attack information
The corresponding security strategy of grade handles the request.
Wherein, further includes:
Contrast module will be described for when not recording the feature of the request in the tables of data of record attack information
Request is compared with preset attack signature database;
First determining module, for attacking the tables of data of information in the record when the request has attack
The middle number of times of attack for updating the request determines the corresponding attack grade of the request, and according to corresponding with the attack grade
Security strategy handle the request;
Second determining module, for when the request does not have attack, the request to be transmitted to corresponding section
Point is handled.
Wherein, the execution module is specifically used for:
Forbid described request access in preset second duration;
And/or
The warning message for carrying the feature of the request is generated, and the warning message is transmitted to management end and is opened up
Show.
Wherein, further includes:
Display module, for visualizing the tables of data of the record attack information.
Wherein, further includes:
Module is obtained, for obtaining the first duration, threshold value and the second duration of user's input;
Module is adjusted, the first duration, threshold value and the second duration for inputting according to the user adjust the first duration, threshold
Value and the second duration.
As it can be seen that present embodiments providing a kind of web intelligence defence installation, comprising: judgment module and execution module.Its
In, when receive client transmission request when, and judgment module judge record attack information tables of data in whether recorded
The feature of the request;When record has the feature of the request in the tables of data of record attack information, execution module judges institute
It states and requests whether the number of times of attack in preset first duration is more than preset threshold value;When the request is preset first
When number of times of attack in length is more than preset threshold value, preset defence rule is executed.Wherein, avoid repeatedly by it is each request with
The process that intrusion feature database is compared improves defence efficiency to reduce workload, has also correspondinglyd increase in network just
The performance of normal service quality and whole network.
A kind of web intelligence defensive equipment provided in an embodiment of the present invention is introduced below, a kind of web described below
Intelligent defensive equipment can be cross-referenced with a kind of above-described web intelligence defence method and device.
Referring to fig. 4, a kind of web intelligence defensive equipment provided in an embodiment of the present invention, comprising:
Memory 401, for storing computer program;
Processor 402 realizes that web described in above-mentioned any embodiment is intelligently defendd when for executing the computer program
The step of method.
A kind of readable storage medium storing program for executing provided in an embodiment of the present invention is introduced below, one kind described below is readable to deposit
Storage media can be cross-referenced with a kind of above-described web intelligence defence method, device and equipment.
A kind of readable storage medium storing program for executing is stored with computer program, the computer program quilt on the readable storage medium storing program for executing
The step of web intelligence defence method as described in above-mentioned any embodiment is realized when processor executes.
Each embodiment in this specification is described in a progressive manner, the highlights of each of the examples are with other
The difference of embodiment, the same or similar parts in each embodiment may refer to each other.
The foregoing description of the disclosed embodiments enables those skilled in the art to implement or use the present invention.
Various modifications to these embodiments will be readily apparent to those skilled in the art, as defined herein
General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, of the invention
It is not intended to be limited to the embodiments shown herein, and is to fit to and the principles and novel features disclosed herein phase one
The widest scope of cause.
Claims (10)
1. a kind of web intelligence defence method characterized by comprising
When receiving the request of client transmission, judge whether record the request in the tables of data of record attack information
Feature;
If so, judging whether number of times of attack of the request in preset first duration is more than preset threshold value;When described
When the number of times of attack in preset first duration being requested to be more than preset threshold value, preset defence rule is executed.
2. web intelligence defence method according to claim 1, which is characterized in that further include:
When number of times of attack of the request in preset first duration is less than preset threshold value, attacks and believe in the record
The number of times of attack of the request is updated in the tables of data of breath.
3. web intelligence defence method according to claim 2, which is characterized in that described to attack information in the record
After the number of times of attack for updating the request in tables of data, further includes:
The corresponding security strategy of the corresponding attack grade of the request recorded in tables of data according to the record attack information
Handle the request.
4. web intelligence defence method according to claim 3, which is characterized in that further include:
It is when not recording the feature of the request in the tables of data of record attack information, the request and preset attack is special
Sign database compares;
When the request has attack, the attack time of the request is updated in the tables of data of the record attack information
Number determines the corresponding attack grade of the request, and handles the request according to security strategy corresponding with the attack grade;
When the request does not have attack, the request is transmitted to corresponding node and is handled.
5. web intelligence defence method according to claim 1, which is characterized in that described to execute preset defence rule, packet
It includes:
Forbid described request access in preset second duration;
And/or
The warning message for carrying the feature of the request is generated, and the warning message is transmitted to management end and is shown.
6. web intelligence defence method described in -5 any one according to claim 1, which is characterized in that further include:
The tables of data of the record attack information is visualized.
7. web intelligence defence method according to claim 6, which is characterized in that further include:
Obtain the first duration, threshold value and the second duration of user's input;
The first duration, threshold value and the second duration are adjusted according to the first duration, threshold value and the second duration of user input.
8. a kind of web intelligence defence installation characterized by comprising
Judgment module, for judging whether remember in the tables of data of record attack information when receiving the request of client transmission
Record has the feature of the request;
Execution module, for judging the request when record has the feature of the request in the tables of data of record attack information
Whether the number of times of attack in preset first duration is more than preset threshold value;When the request is in preset first duration
When number of times of attack is more than preset threshold value, preset defence rule is executed.
9. a kind of web intelligence defensive equipment characterized by comprising
Memory, for storing computer program;
Processor realizes that the web as described in claim 1-7 any one is intelligently defendd when for executing the computer program
The step of method.
10. a kind of readable storage medium storing program for executing, which is characterized in that be stored with computer program, the meter on the readable storage medium storing program for executing
The step of web intelligence defence method as described in claim 1-7 any one is realized when calculation machine program is executed by processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811455605.4A CN109561090B (en) | 2018-11-30 | 2018-11-30 | Web intelligent defense method, device, equipment and readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811455605.4A CN109561090B (en) | 2018-11-30 | 2018-11-30 | Web intelligent defense method, device, equipment and readable storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109561090A true CN109561090A (en) | 2019-04-02 |
CN109561090B CN109561090B (en) | 2022-04-26 |
Family
ID=65868271
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811455605.4A Active CN109561090B (en) | 2018-11-30 | 2018-11-30 | Web intelligent defense method, device, equipment and readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109561090B (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020248687A1 (en) * | 2019-06-12 | 2020-12-17 | 深圳前海微众银行股份有限公司 | Method and apparatus for preventing malicious attack |
CN112333168A (en) * | 2020-10-27 | 2021-02-05 | 杭州安恒信息技术股份有限公司 | Attack identification method, device, equipment and computer readable storage medium |
CN112434304A (en) * | 2020-12-02 | 2021-03-02 | 网宿科技股份有限公司 | Method, server and computer readable storage medium for defending network attack |
CN113496033A (en) * | 2020-04-08 | 2021-10-12 | 腾讯科技(深圳)有限公司 | Access behavior recognition method and device and storage medium |
CN113569237A (en) * | 2021-07-29 | 2021-10-29 | 武汉天喻信息产业股份有限公司 | Attack protection method, device, equipment and readable storage medium |
CN113676497A (en) * | 2021-10-22 | 2021-11-19 | 广州锦行网络科技有限公司 | Data blocking method and device, electronic equipment and storage medium |
CN113923039A (en) * | 2021-10-20 | 2022-01-11 | 北京知道创宇信息技术股份有限公司 | Attack equipment identification method and device, electronic equipment and readable storage medium |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070169194A1 (en) * | 2004-12-29 | 2007-07-19 | Church Christopher A | Threat scoring system and method for intrusion detection security networks |
CN105959290A (en) * | 2016-06-06 | 2016-09-21 | 杭州迪普科技有限公司 | Detection method and device of attack message |
EP3110103A1 (en) * | 2015-06-24 | 2016-12-28 | Verisign, Inc. | Systems and methods for automatically mitigating denial of service attacks |
CN106790292A (en) * | 2017-03-13 | 2017-05-31 | 摩贝(上海)生物科技有限公司 | The web application layer attacks detection and defence method of Behavior-based control characteristic matching and analysis |
CN107332811A (en) * | 2016-04-29 | 2017-11-07 | 阿里巴巴集团控股有限公司 | The methods, devices and systems of intrusion detection |
CN108111472A (en) * | 2016-11-24 | 2018-06-01 | 腾讯科技(深圳)有限公司 | A kind of attack signature detection method and device |
CN108173812A (en) * | 2017-12-07 | 2018-06-15 | 东软集团股份有限公司 | Prevent method, apparatus, storage medium and the equipment of network attack |
CN108259476A (en) * | 2017-12-29 | 2018-07-06 | 杭州安恒信息技术有限公司 | A kind of anti-based on fuzzy induction guesses solution around method and its system |
-
2018
- 2018-11-30 CN CN201811455605.4A patent/CN109561090B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070169194A1 (en) * | 2004-12-29 | 2007-07-19 | Church Christopher A | Threat scoring system and method for intrusion detection security networks |
EP3110103A1 (en) * | 2015-06-24 | 2016-12-28 | Verisign, Inc. | Systems and methods for automatically mitigating denial of service attacks |
CN107332811A (en) * | 2016-04-29 | 2017-11-07 | 阿里巴巴集团控股有限公司 | The methods, devices and systems of intrusion detection |
CN105959290A (en) * | 2016-06-06 | 2016-09-21 | 杭州迪普科技有限公司 | Detection method and device of attack message |
CN108111472A (en) * | 2016-11-24 | 2018-06-01 | 腾讯科技(深圳)有限公司 | A kind of attack signature detection method and device |
CN106790292A (en) * | 2017-03-13 | 2017-05-31 | 摩贝(上海)生物科技有限公司 | The web application layer attacks detection and defence method of Behavior-based control characteristic matching and analysis |
CN108173812A (en) * | 2017-12-07 | 2018-06-15 | 东软集团股份有限公司 | Prevent method, apparatus, storage medium and the equipment of network attack |
CN108259476A (en) * | 2017-12-29 | 2018-07-06 | 杭州安恒信息技术有限公司 | A kind of anti-based on fuzzy induction guesses solution around method and its system |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020248687A1 (en) * | 2019-06-12 | 2020-12-17 | 深圳前海微众银行股份有限公司 | Method and apparatus for preventing malicious attack |
CN113496033A (en) * | 2020-04-08 | 2021-10-12 | 腾讯科技(深圳)有限公司 | Access behavior recognition method and device and storage medium |
CN112333168A (en) * | 2020-10-27 | 2021-02-05 | 杭州安恒信息技术股份有限公司 | Attack identification method, device, equipment and computer readable storage medium |
CN112434304A (en) * | 2020-12-02 | 2021-03-02 | 网宿科技股份有限公司 | Method, server and computer readable storage medium for defending network attack |
CN112434304B (en) * | 2020-12-02 | 2024-05-24 | 网宿科技股份有限公司 | Method, server and computer readable storage medium for defending against network attacks |
CN113569237A (en) * | 2021-07-29 | 2021-10-29 | 武汉天喻信息产业股份有限公司 | Attack protection method, device, equipment and readable storage medium |
CN113569237B (en) * | 2021-07-29 | 2024-04-02 | 武汉天喻信息产业股份有限公司 | Attack protection method, device, equipment and readable storage medium |
CN113923039A (en) * | 2021-10-20 | 2022-01-11 | 北京知道创宇信息技术股份有限公司 | Attack equipment identification method and device, electronic equipment and readable storage medium |
CN113923039B (en) * | 2021-10-20 | 2023-11-28 | 北京知道创宇信息技术股份有限公司 | Attack equipment identification method and device, electronic equipment and readable storage medium |
CN113676497A (en) * | 2021-10-22 | 2021-11-19 | 广州锦行网络科技有限公司 | Data blocking method and device, electronic equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN109561090B (en) | 2022-04-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109561090A (en) | A kind of web intelligence defence method, device, equipment and readable storage medium storing program for executing | |
US9386036B2 (en) | Method for detecting and preventing a DDoS attack using cloud computing, and server | |
US8863293B2 (en) | Predicting attacks based on probabilistic game-theory | |
US10635817B2 (en) | Targeted security alerts | |
CN105763561B (en) | A kind of attack defense method and device | |
CN110071941B (en) | Network attack detection method, equipment, storage medium and computer equipment | |
CN105577608B (en) | Network attack behavior detection method and device | |
US20030110393A1 (en) | Intrusion detection method and signature table | |
CN107888607A (en) | A kind of Cyberthreat detection method, device and network management device | |
Çeker et al. | Deception-based game theoretical approach to mitigate DoS attacks | |
EP2471292B1 (en) | Method and arrangement for detecting fraud in telecommunication networks. | |
CN109889550B (en) | DDoS attack determination method and device | |
CN110730195A (en) | Data processing method and device and computer readable storage medium | |
CN107046516B (en) | Wind control method and device for identifying mobile terminal identity | |
WO2017032287A1 (en) | Information acquisition method and device | |
CN113472789B (en) | Attack detection method, attack detection system, storage medium and electronic device | |
CN109474623A (en) | Network safety prevention and its parameter determination method, device and equipment, medium | |
CN114389898B (en) | Web defense method, device and system based on shooting range | |
Oo et al. | Enhancement of preventing application layer based on DDoS attacks by using hidden semi-Markov model | |
CN116389147A (en) | Method and device for blocking network attack, electronic equipment and storage medium | |
CN107528859B (en) | Defense method and device for DDoS attack | |
Hessam et al. | A new approach for detecting violation of data plane integrity in Software Defined Networks | |
CN116094801A (en) | Security attack protection method, device, equipment and readable storage medium | |
CN115102727A (en) | Network intrusion active defense system and method based on dynamic IP blacklist | |
CN113055362B (en) | Method, device, equipment and storage medium for preventing abnormal behaviors |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |