CN109688099A - Server end hits library recognition methods, device, equipment and readable storage medium storing program for executing - Google Patents
Server end hits library recognition methods, device, equipment and readable storage medium storing program for executing Download PDFInfo
- Publication number
- CN109688099A CN109688099A CN201811049718.4A CN201811049718A CN109688099A CN 109688099 A CN109688099 A CN 109688099A CN 201811049718 A CN201811049718 A CN 201811049718A CN 109688099 A CN109688099 A CN 109688099A
- Authority
- CN
- China
- Prior art keywords
- server end
- information
- ratio
- user terminal
- past
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of server ends to hit library recognition methods, device, equipment and readable storage medium storing program for executing, the method is based on network security technology, the described method includes: when often detecting the access request of user terminal, the corresponding user information of the access request is acquired, the user information includes IP information, protocol stack information and user agent's information;Based on the user information, update the first aggregation ratio of the corresponding acquisition IP information of the server end in current point in time past preset time period, the third concentrating ratio of user agent's UA information of the second aggregation ratio and corresponding acquisition of the protocol stack information of corresponding acquisition;If the first aggregation ratio is greater than the first preset value, the second aggregation ratio is greater than the second preset value, when third concentrating ratio is greater than third preset value, determines that the server end exists and hits library risk.Library recognition methods, which is hit, the present invention is based on the server end of network security technology solves existing the technical issues of be easy to causeing a large number of users data leak.
Description
Technical field
The present invention relates to field of computer technology more particularly to a kind of server end hit library recognition methods, device, equipment and
Readable storage medium storing program for executing.
Background technique
Library is hit, refers to that, using the identical registration habit (identical username and password) of user, trial logs in others
Website, that is to say, that the account that hacker acquires user terminal in some websites utilizes the identical registration of user there are also after password
Habit, there are also the other websites of password login device for the account for the user terminal that will acquire, to obtain money of the user in other websites
Expect information, it is simple to be a little exactly: to be exactly that you replicate a big string key from others there, then go to try to open not in building
Same door.Currently, if web site server end is by detecting that the account number cipher logon error of user terminal reaches preset times such as 4
It is secondary, then the account number cipher of the user terminal can be defaulted by the mode for hitting library attack, and it is each that realization judges that web site server end corresponds to
Whether user terminal is by library attack is hit, however, the above method, which can recognize, hits library identification, the prior art for a certain user terminal
In, it is difficult to realize that identification is attacked for the library of hitting of the large area of web site server end, due to being difficult to for Website server
The library of hitting of the large area at end is attacked, thus, it be easy to cause a large number of users data leak.
Summary of the invention
The main purpose of the present invention is to provide a kind of server ends to hit library recognition methods, device, equipment and readable storage
Medium, it is intended to it solves to be difficult to attack for the library of hitting of the large area of web site server end, thus, it be easy to cause a large number of users
The technical issues of data leak.
To achieve the above object, the present invention provides a kind of server end and hits library recognition methods, and the server end hits library knowledge
Other method includes:
When often detecting the access request of user terminal, the corresponding user information of the access request is acquired, wherein the use
Family information includes IP information, protocol stack information and user agent's UA information;
Based on the user information, the corresponding acquisition IP of the server end in current point in time past preset time period is updated
First aggregation ratio of information updates the protocol stack information of the corresponding acquisition of the server end in the preset time period in the past
Second aggregation ratio, and update user agent's UA information of the corresponding acquisition of the server end in the preset time period in the past
Third concentrating ratio;
If the first aggregation ratio is greater than the first preset value, the second aggregation ratio is greater than the second preset value, third concentrating
When ratio is greater than third preset value, determines that the server end exists and hit library risk.
Optionally, described to be based on the user information, update the server in current point in time past preset time period
The first of the corresponding acquisition IP information in end assembles ratio step and includes:
Based on the user information, server end each user collected in the preset time period in the past is obtained
The IP section at end;
Ordered arrangement is carried out to the IP section of each user terminal, obtains continuous IP section in the IP section of each user terminal
In shared the first accounting;
First accounting is set as the IP information of the corresponding acquisition of the server end in the preset time period in the past
First aggregation ratio.
Optionally, the IP section to each user terminal carries out ordered arrangement, obtains continuous IP section described each
The first shared accounting step includes: in the IP section of user terminal
The regional information according to belonging to each user terminal IP sections carries out territorial classification to each user terminal, obtains same area
The IP section of each user terminal in domain;
Ordered arrangement is carried out to the IP section of user terminal each in the same area, obtains continuous IP section in described the same area
The first shared sub- accounting in the IP section of each user terminal, and obtain the corresponding each first sub- accounting of different zones;
The sub- accounting of average treatment each first obtains continuous IP section shared first in the IP section of each user terminal
Accounting.
Optionally, described to update the protocol stack information of the corresponding acquisition of the server end in the preset time period in the past
Second, which assembles ratio step, includes:
When obtaining the corresponding each reception of received server-side different access request in the preset time period in the past
Between be spaced;
Judge whether each receiving time interval is that partial rules change, if each receiving time interval is
Partial rules variation, then obtain the second of time interval all each receiving time intervals described in answer seizure ratio of rule variation
Accounting;
Second accounting is set as to the protocol stack letter of the corresponding acquisition of the server end in the preset time period in the past
Second aggregation ratio of breath.
Optionally, described that second accounting is set as the corresponding acquisition of the server end in the preset time period in the past
Protocol stack information second aggregation ratio step include:
The different access for obtaining the received server-side in the preset time period in the past requests corresponding each request
Packet;
The attached bag lost in each request packet is obtained, obtains the packet loss of each request packet, and obtain packet loss
The identical each request packet of rate;
From the identical each request packet of packet loss, the attached bag of the loss is acquired in corresponding requests packet
It sends sequence number;
Whether identical send sequence number described in judgement, if it is described send sequence number be it is identical, it is identical to obtain the packet loss
Request packet ratio of each request packet in all request packets;
Judge whether the request packet ratio is greater than default request packet ratio, if the request packet ratio is greater than default request
Packet ratio then believes the protocol stack that second accounting is set as the corresponding acquisition of the server end in the preset time period in the past
Second aggregation ratio of breath.
Optionally, described to obtain that described the server end corresponds to the of user agent's UA information in preset time period in the past
Three, which assemble ratio steps, includes:
It obtains in the preset time period in the past, each behaviour used in the collected each user terminal of server end
Make the information of system and version, cpu type, browser and version, to obtain the operating system and version, cpu type, browsing
The number of device and the identical user terminal of version;
Obtain all collected each user terminals of server end of number accounting of the identical user terminal
Number, to obtain third accounting;
The third accounting is set as the server end in the preset time period in the past and corresponds to user agent's UA information
Third concentrating ratio.
Optionally, include: after library risk step is hit in the determination server end presence
If detect access request again, correspondence, which is generated and fed back, needs to provide the prompt information of mobile phone identifying code.
The present invention also provides a kind of server ends to hit library identification device, and the server end hits library identification device and includes:
Acquisition module when for often detecting the access request of user terminal, acquires the corresponding user's letter of the access request
Breath, wherein the user information includes IP information, protocol stack information and user agent's UA information;
Module is obtained, for being based on the user information, updates the service in current point in time past preset time period
First aggregation ratio of the corresponding acquisition IP information in device end updates the corresponding acquisition of the server end in the preset time period in the past
Protocol stack information the second aggregation ratio, and update it is described in the past in preset time period the corresponding acquisition of the server end use
Act on behalf of the third concentrating ratio of UA information in family;
Determining module, if being greater than the first preset value for the first aggregation ratio, it is pre- that the second aggregation ratio is greater than second
If value
Optionally, the acquisition module includes:
First acquisition unit obtains the server in the preset time period in the past for being based on the user information
Hold the IP section of each user terminal collected;
Second acquisition unit carries out ordered arrangement for the IP section to each user terminal, obtains continuous IP section in institute
State the first accounting shared in the IP section of each user terminal;
First setting unit, for first accounting to be set as the server end pair in the preset time period in the past
First aggregation ratio of the IP information that should be acquired.
Optionally, the second acquisition unit includes:
First obtains subelement, carries out for the regional information according to belonging to each user terminal IP sections to each user terminal
Territorial classification obtains the IP section of each user terminal in the same area;
Second obtains subelement, carries out ordered arrangement for the IP section to user terminal each in the same area, obtains continuous
The first shared sub- accounting in the IP section of IP sections of each user terminals in described the same area, and obtain different zones and respectively correspond
The each first sub- accounting;
Average treatment subelement is used for the sub- accounting of average treatment each first, obtains continuous IP section in each user
The first shared accounting in the IP section at end.
Optionally, the acquisition module includes:
Third acquiring unit, for obtaining the received server-side different access request in the preset time period in the past
Corresponding each receiving time interval;
First judging unit, for judging whether each receiving time interval is that partial rules change, if described
Each receiving time interval is partial rules variation, then the time interval for obtaining rule variation is all each described in answer seizure ratio
Second accounting at receiving time interval;
Second setting unit, for second accounting to be set as the server end pair in the preset time period in the past
Second aggregation ratio of the protocol stack information that should be acquired.
Optionally, second setting unit includes:
Third obtains subelement, for obtaining the different access of the received server-side in the preset time period in the past
Request corresponding each request packet;
4th acquisition subelement obtains each request packet for obtaining the attached bag lost in each request packet
Packet loss, and obtain the identical each request packet of packet loss;
5th obtains subelement, for acquiring the loss from the identical each request packet of packet loss
Attached bag sending sequence number in corresponding requests packet;
First judgment sub-unit, for judge it is described send sequence number it is whether identical, if it is described send sequence number be it is identical,
Obtain request packet ratio of the identical each request packet of the packet loss in all request packets;
Second judgment sub-unit, for judging whether the request packet ratio is greater than default request packet ratio, if described ask
It asks packet ratio to be greater than default request packet ratio, then second accounting is set as the server in the preset time period in the past
Second aggregation ratio of the protocol stack information of the corresponding acquisition in end.
Optionally, the acquisition module includes:
4th acquiring unit, for obtaining in the preset time period in the past, the collected each use of server end
Each operating system and version used in the end of family, cpu type, browser and version information, to obtain the operating system
And the number of version, cpu type, browser and the identical user terminal of version;
5th acquiring unit, all server ends of number accounting for obtaining the identical user terminal are adopted
The number of each user terminal collected, to obtain third accounting;
Third setting unit, for the third accounting to be set as the server end pair in the preset time period in the past
Answer the third concentrating ratio of user agent's UA information.
Optionally, the server end hits library identification device further include:
Feedback module, if when for detecting access request again, correspondence, which is generated and fed back, to be needed to provide mobile phone identifying code
Prompt information.
In addition, to achieve the above object, the present invention also provides a kind of server ends to hit library identification equipment, the server end
Hitting library identification equipment includes: memory, processor, and communication bus and the server end being stored on the memory hit library knowledge
Other program,
The communication bus is for realizing the communication connection between processor and memory;
The processor hits library recognizer for executing the server end, to perform the steps of
When often detecting the access request of user terminal, the corresponding user information of the access request is acquired, wherein the use
Family information includes IP information, protocol stack information and user agent's UA information;
Based on the user information, the corresponding acquisition IP of the server end in current point in time past preset time period is updated
First aggregation ratio of information updates the protocol stack information of the corresponding acquisition of the server end in the preset time period in the past
Second aggregation ratio, and update user agent's UA information of the corresponding acquisition of the server end in the preset time period in the past
Third concentrating ratio;
If the first aggregation ratio is greater than the first preset value, the second aggregation ratio is greater than the second preset value, third concentrating
When ratio is greater than third preset value, determines that the server end exists and hit library risk.
In addition, to achieve the above object, the present invention also provides a kind of readable storage medium storing program for executing, the readable storage medium storing program for executing storage
Have one perhaps more than one program the one or more programs can be held by one or more than one processor
Row is to be used for:
When often detecting the access request of user terminal, the corresponding user information of the access request is acquired, wherein the use
Family information includes IP information, protocol stack information and user agent's UA information;
Based on the user information, the corresponding acquisition IP of the server end in current point in time past preset time period is updated
First aggregation ratio of information updates the protocol stack information of the corresponding acquisition of the server end in the preset time period in the past
Second aggregation ratio, and update user agent's UA information of the corresponding acquisition of the server end in the preset time period in the past
Third concentrating ratio;
If the first aggregation ratio is greater than the first preset value, the second aggregation ratio is greater than the second preset value, third concentrating
When ratio is greater than third preset value, determines that the server end exists and hit library risk.
When the present invention passes through the access request for often detecting user terminal, the corresponding user information of the access request is acquired,
Wherein, the user information includes IP information, protocol stack information and user agent's UA information;Based on the user information, update
Current point in time goes over the first aggregation ratio of the corresponding acquisition IP information of the server end in preset time period, updates the mistake
The second aggregation ratio of the protocol stack information of the corresponding acquisition of the server end in preset time period is gone, and it is pre- to update the past
If the third concentrating ratio of user agent's UA information of the corresponding acquisition of the server end in the period;If the first aggregation ratio
Example is greater than the first preset value, and the second aggregation ratio is greater than the second preset value, when third concentrating ratio is greater than third preset value, determines
The server end, which exists, hits library risk.In this application, when detecting new access request every time, that is, the past is obtained
The of first aggregation ratio of the IP information of the user terminal of the corresponding acquisition of the server end in preset time period, protocol stack information
Two aggregation ratios, the third concentrating ratio of user agent's UA information, if it is described first aggregation ratio be greater than the first preset value, second
Aggregation ratio is greater than the second preset value, when third concentrating ratio is greater than third preset value, determines that the server end exists and hits library
Risk, i.e., in the present embodiment, whole to web site server end progress hits library attack recognition, and avoiding, which influences a large number of users, logs in
The sign-in experience of website, thus solve due to being difficult to attack for the library of hitting of the large area of web site server end, it is easy
The technical issues of causing a large number of users data leak.
Detailed description of the invention
Fig. 1 is the flow diagram that server end of the present invention hits library recognition methods first embodiment;
Fig. 2 is that server end of the present invention is hit in library recognition methods second embodiment based on the user information, is updated current
Time point goes over the refinement process of the first aggregation ratio step of the corresponding acquisition IP information of the server end in preset time period
Schematic diagram;
Fig. 3 is the device structure schematic diagram for the hardware running environment that present invention method is related to.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
The present invention provides a kind of server end and hits library recognition methods, hits the first of library recognition methods in server end of the present invention
In embodiment, referring to Fig.1, the server end hits library recognition methods and includes:
Step S10 when often detecting the access request of user terminal, acquires the corresponding user information of the access request,
In, the user information includes IP information, protocol stack information and user agent's UA information;
Step S20 is based on the user information, updates the server end pair in current point in time past preset time period
The first aggregation ratio of IP information should be acquired, the agreement of the corresponding acquisition of the server end in the preset time period in the past is updated
Second aggregation ratio of stack information, and update the user agent of the corresponding acquisition of the server end in the preset time period in the past
The third concentrating ratio of UA information;
Step S30, if the first aggregation ratio is greater than the first preset value, the second aggregation ratio is greater than the second preset value,
When third concentrating ratio is greater than third preset value, determines that the server end exists and hit library risk.
Specific step is as follows:
Step S10 when often detecting the access request of user terminal, acquires the corresponding user information of the access request,
In, the user information includes IP information, protocol stack information and user agent's UA information;
Currently, when if web site server end detects that the account number cipher logon error of user terminal reaches preset times such as 4 times,
The account number cipher that then can default the user terminal is attacked, and web site server end can suspend logging in for the user terminal at this time, but right
It is flowed out in social worker library, wherein social worker library refers to the data set of the compositions such as the true user account and password largely flowed out
It closes, if web site server end cannot effectively identify that hitting library attacks, and will cause letting out for web site server end a large number of users data at this time
Leakage, the application are to prevent the leakage of web site server end a large number of users data.
Specifically, when often detecting the access request of user terminal, the corresponding user information of the access request is acquired,
In, as long as detecting the access request of user terminal, that is, pass through the corresponding target user's information of front end JS page capture access request,
User information includes but is not limited to IP information, protocol stack information, user agent's UA information, wherein IP information includes user terminal institute
The IP segment information at place, regional information belonging to the IP sections, as the IP section of user terminal is 119.123.67.249, area belonging to the IP sections
It is Shenzhen, protocol stack information includes the configuration information of user terminal access request corresponding requests packet, transmission time information, packet loss information
It include that user terminal operating system and version, cpu type, browser and version, browser rendering are drawn Deng, user agent's UA information
It holds up, the information such as browser language, browser plug-in, current network state, language environment.
Step S20 is based on the user information, updates the server end pair in current point in time past preset time period
The first aggregation ratio of IP information should be acquired, the agreement of the corresponding acquisition of the server end in the preset time period in the past is updated
Second aggregation ratio of stack information, and update the user agent of the corresponding acquisition of the server end in the preset time period in the past
The third concentrating ratio of UA information;
In the present embodiment, as long as obtaining the corresponding user information of new access request every time, i.e., when execution updates current
Between point in the past in preset time period the corresponding acquisition IP information of the server end the first aggregation ratio, it is default to update the past
Second aggregation ratio of the protocol stack information of the corresponding acquisition of the server end in period, and update the preset time in the past
In section the step of the third concentrating ratio of user agent's UA information of the corresponding acquisition of the server end, that is to say, that as long as inspection
New access request is measured, that is, needs to update the first aggregation ratio, the second aggregation ratio and third concentrating ratio.Wherein, net
Site server end obtains the first aggregation ratio, the second aggregation ratio and third concentrating ratio rather than individually only obtains wherein one
A aggregation ratio, it is thus possible to the case where preventing wrong identification.
Specifically, in the present embodiment, described to be based on the user information referring to Fig. 2, it is pre- to update the current point in time past
If the first aggregation ratio step of the corresponding acquisition IP information of the server end includes: in the period
Step S21 is based on the user information, and it is collected to obtain the server end in the preset time period in the past
The IP section of each user terminal;
In the present embodiment, when detecting user terminal access request, corresponding user terminal is obtained in real time by front end JS
IP segment information, after acquiring the corresponding user terminal IP segment information of the access request, it is also necessary to obtain the past it is default when
Between in section server end other each user terminals collected IP section.
Step S22 carries out ordered arrangement to the IP section of each user terminal, obtains continuous IP section in each user
The first shared accounting in the IP section at end;
It is obtaining in preset time period after the IP section of server end each user terminal collected, to each user
The IP section at end carries out ordered arrangement, specifically, is ranked up according to size digital on IP sections of the first home positions, is marked in first place
When number on knowledge position is identical, it is ranked up according to size digital on secondary bit identification position, and so on, until completing each
The sequence of the IP section of a user terminal, such as party A-subscriber end, IP sections are 119.123.67.249, and IP sections of D user terminal are
116.30.198.37, then preceding, 116.30.198.37 sequence is orderly being arranged in rear (9 are greater than 6) for 119.123.67.249 sequence
After column, judge whether the IP section of each user terminal is that continuous (can be and preset the continuous of small difference) is either identical, such as A
The IP section of user terminal is 119.123.67.249, and the IP section at party B-subscriber end is 119.123.67.250, and the IP section of C user terminal is
119.123.67.251, then obviously party A-subscriber end, BYong Huduan, C user terminal IP be continuous or the IP of D user terminal
Section is 119.123.67.230, and the IP section of E user terminal is 119.123.67.232, and the IP section of F user terminal is
119.123.67.234, then party A-subscriber end, BYong Huduan, C user terminal IP be preset small difference continuous, i.e., D user terminal, E are used
Family end, F user terminal IP be also continuous, in addition, in addition to judge each user terminal IP section whether be continuously other than, it is also necessary to
Judge each user terminal IP section whether be it is identical, to obtain continuous IP section (including IP sections identical) in each user
The first shared accounting in the IP section at end.It is illustrated to specific embodiment, accesses server end within a preset period of time
Continuous IP section is 5, and the number of total user terminal is 10, then the first accounting is 50%.
The IP section to each user terminal carries out ordered arrangement, obtains continuous IP section in each user terminal
The first shared accounting includes: in IP sections
Step S221, the regional information according to belonging to each user terminal IP sections carry out territorial classification to each user terminal,
Obtain the IP section of each user terminal in the same area;
In the present embodiment, another approach for obtaining the first accounting is provided, specifically, is obtaining each user terminal
After IP sections, each affiliated regional information of user terminal is obtained according to each user terminal IP segment information, according to each user terminal IP sections of institutes
Belong to regional information and territorial classification is carried out to each user terminal, Shenzhen area user terminal is such as divided into one kind, by District of Shanghai
User terminal is divided into one kind, after sorting, obtains the IP section of each user terminal in the same area, wherein different regions user terminal IP
Duan Buhui is continuous.
Step S222 carries out ordered arrangement to the IP section of user terminal each in the same area, obtains continuous IP section described
First sub- accounting shared in the IP section of each user terminal in the same area, and obtain different zones corresponding each first
Sub- accounting;
In obtaining the same area after the IP section of each user terminal, have to the IP section of user terminal each in the same area
Sequence arrangement obtains the first sub- accounting shared in the IP section of continuous IP section each user terminal in described the same area, such as obtains
The first shared sub- accounting in the IP section of continuous IP section each user terminal in the region of Shenzhen obtains continuous IP section in upper sea region
Shared the first sub- accounting etc. in the IP section of interior each user terminal, wherein the IP section of each user terminal refers in the region of Shenzhen:
The server end corresponds to the IP of the corresponding user terminal of each access request in received Shenzhen region within a preset period of time
Section, the IP section of each user terminal refers in upper sea region: the server end corresponds to received Shanghai within a preset period of time
The IP section of the corresponding user terminal of each access request in region.
Step S223, the sub- accounting of average treatment each first obtain continuous IP section in the IP section of each user terminal
The first shared accounting.
After obtaining the corresponding each first sub- accounting in different regions, the sub- accounting of average treatment each first is obtained continuous
IP sections of shared the first accountings in the IP section of each user terminal.
First accounting is set as the corresponding acquisition of the server end in the preset time period in the past by step S23
First aggregation ratio of IP information.
After obtaining the first accounting, first accounting is set as the server end pair in the preset time period in the past
First aggregation ratio of the IP information that should be acquired.
In the present embodiment, after obtaining the first aggregation ratio, investigation mode is also matched by user terminal protocol stack, is obtained
Second aggregation ratio of the protocol stack information of the corresponding acquisition of web site server end in preset time period, to judge that the past default
Whether the access request that website receives in the period contains the multiple request or same user terminal switching IP puppet of same user terminal
Put into the multiple request of row, specifically, troubleshooting procedure are as follows: according between the corresponding each receiving time of reception different access request
The protocol stack information of the corresponding acquisition of the server end is determined every the packet loss of, each user terminal access request corresponding requests packet
Second aggregation ratio.
After obtaining the second aggregation ratio, also obtains the server end in the preset time period in the past and correspond to user's generation
Manage the third concentrating ratio of UA information, wherein the server end corresponds to user in the acquisition preset time period in the past
The third concentrating ratio step for acting on behalf of UA information includes:
Step S24 is obtained in the preset time period in the past, and the collected each user terminal of server end is used
Each operating system and version, cpu type, browser and version information, to obtain the operating system and version, CPU
The number of type, browser and the identical user terminal of version;
It should be noted that user agent's UA information include operating system and version used in user terminal, cpu type,
Browser and the information of version etc. are obtaining in preset time period, after the server end corresponds to user agent's UA information, obtain
Obtain the operating system and operating system version information, the cpu type information of each user terminal, each user terminal of each user terminal
Browser information, each user terminal browser version information, judge the operating system and version, cpu type, browser
And the number of the identical user terminal of version.
Step S25, all server ends of number accounting for obtaining the identical user terminal are collected each
The number of a user terminal, to obtain third accounting;
After the number for obtaining operating system and version, cpu type, browser and the identical user terminal of version, obtain
The number of all collected each user terminals of server end of the number accounting of the identical user terminal is taken, with
To third accounting.
The third accounting is set as the server end in the preset time period in the past and corresponds to user's generation by step S26
Manage the third concentrating ratio of UA information.
The third accounting is set as the server end in the preset time period in the past and corresponds to user agent's UA information
Third concentrating ratio.
It should be noted that in the present embodiment, the first aggregation ratio, the second aggregation ratio, third concentrating ratio are obtained
Take sequence to can be variation, might not determination acquisition sequence.
Step S30, if the first aggregation ratio is greater than the first preset value, the second aggregation ratio is greater than the second preset value,
When third concentrating ratio is greater than third preset value, determines that the server end exists and hit library risk.
In the present embodiment, web site server end has the first preset value, the second preset value and third preset value, this
One preset value, the second preset value and third preset value can be modified according to the actual situation, if first aggregation
Ratio is greater than the first preset value, and the second aggregation ratio is greater than the second preset value, when third concentrating ratio is greater than third preset value, really
The fixed server end, which exists, hits library risk, and due to being greater than the first preset value in the first aggregation ratio, and the second aggregation ratio is big
In the second preset value, and when third concentrating ratio is greater than third preset value, just determine that library risk is hit in the server end presence, because
And can effectively avoid because library is hit in erroneous judgement cause user access website when process complexity increase the phenomenon that.
When the present invention passes through the access request for often detecting user terminal, the corresponding user information of the access request is acquired,
Wherein, the user information includes IP information, protocol stack information and user agent's UA information;Based on the user information, update
Current point in time goes over the first aggregation ratio of the corresponding acquisition IP information of the server end in preset time period, updates the mistake
The second aggregation ratio of the protocol stack information of the corresponding acquisition of the server end in preset time period is gone, and it is pre- to update the past
If the third concentrating ratio of user agent's UA information of the corresponding acquisition of the server end in the period;If the first aggregation ratio
Example is greater than the first preset value, and the second aggregation ratio is greater than the second preset value, when third concentrating ratio is greater than third preset value, determines
The server end, which exists, hits library risk.In this application, when detecting new access request every time, that is, the past is obtained
The of first aggregation ratio of the IP information of the user terminal of the corresponding acquisition of the server end in preset time period, protocol stack information
Two aggregation ratios, the third concentrating ratio of user agent's UA information, if it is described first aggregation ratio be greater than the first preset value, second
Aggregation ratio is greater than the second preset value, when third concentrating ratio is greater than third preset value, determines that the server end exists and hits library
Risk, i.e., in the present embodiment, whole to web site server end progress hits library attack recognition, and avoiding, which influences a large number of users, logs in
The sign-in experience of website, thus solve due to being difficult to attack for the library of hitting of the large area of web site server end, it is easy
The technical issues of causing a large number of users data leak.
Further, the present invention provides another embodiment that server end hits library recognition methods, described to update the past
The second aggregation ratio step of the protocol stack information of the corresponding acquisition of the server end includes: in preset time period
It is corresponding each to obtain the received server-side different access request in the preset time period in the past by step S27
A receiving time interval;
In the present embodiment, the received server-side different access request in the preset time period in the past is obtained to correspond to
Each receiving time interval, wherein the receiving time interval can be rule variation, for rule variation receiving time
Interval, needs at least four or more receiving time intervals identical, and such as each second reception access request is primary or every two
It is primary second to receive access request, one second is divided between receiving time at this time either two seconds, in addition, the receiving time interval can also be with
It is not rule variation, such as receiving after certain access request is to receive another access request after two seconds again, and after four seconds later
Receive other access requests again, due to receiving time interval at this time be it is uncertain, thus, which is not rule
Rule variation.
Step S28 judges whether each receiving time interval is that partial rules change, if when each reception
Between interval be that partial rules changes, then obtain rule change time interval all each receiving times between described in answer seizure ratio
Every the second accounting;
Judge whether each receiving time interval is that partial rules change, if each receiving time interval is
Partial rules variation, then obtain the second of time interval all each receiving time intervals described in answer seizure ratio of rule variation
Accounting, for example, if the number of receiving time regular interval variation is 10, and 20 are divided between each receiving time, it is obvious that the
Two accountings are 50%, it should be noted that in the present embodiment, other than obtaining receiving time interval, are also obtained by front end JS
Take the input time interval of the corresponding input various information of user terminal, wherein various information includes the letter such as user name, account, password
Breath, to hit library convenient for carry out large area in a short time, is carrying out for carrying out camouflage or non-artificial user terminal
When targeted website logs in, it is usually provided with the identical sequence for inputting various information and identical input time interval, for
For ordinary user, input account, user name, the time interval of password are different, thus, in the present embodiment, also obtain user
Input time interval is consistent and the number of input time consistent user terminal when the input various information of end, which is set as identical
Number obtains the specific gravity that same number accounts for entire input number, obtains target specific gravity.
Second accounting is set as the corresponding acquisition of the server end in the preset time period in the past by step S29
Second aggregation ratio of protocol stack information.
In the present embodiment, after obtaining the second accounting, judge whether the target specific gravity is greater than default specific gravity, if more than
Second accounting is then set as the protocol stack of the corresponding acquisition of the server end in the preset time period in the past by default specific gravity
Second aggregation ratio of information.If being less than default specific gravity, using the value of the target specific gravity as clothes described in preset time period
Second aggregation ratio of the corresponding protocol stack information acquired in device end of being engaged in.
The agreement that second accounting is set as to the corresponding acquisition of the server end in the preset time period in the past
The second of stack information assembles ratio step
Step S291, the different access request for obtaining the received server-side in the preset time period in the past are corresponding
Each request packet;
In addition, in the present embodiment, it can also obtain that the preset time period server end in the past is received each to be asked
Seek packet, wherein each request packet is made of each request attached bag, as may include 5 attached bags in request packet.
Step S292 obtains the attached bag lost in each request packet, obtains the packet loss of each request packet, and
Obtain the identical each request packet of packet loss;
Step S293 acquires the attached bag of the loss in correspondence from the identical each request packet of packet loss
Sending sequence number in request packet;
Whether step S294 sends sequence number described in judgement identical, if it is described send sequence number be it is identical, obtain described in lose
Request packet ratio of the identical each request packet of packet rate in all request packets;
Due to the influence of network state, can usually there be the phenomenon that packet loss, obtain the son lost in each request packet
Packet, obtains the packet loss of each request packet, and obtain the identical each request packet of packet loss, it should be noted that
For same determining user terminal, if carrying out the request of different numbers, but it is the transmitting path of request data package, network-like
State is substantially identical, thus, packet loss is essentially identical, and is substantially the attached bag for the same serial number lost, to be embodied
Example is illustrated, if in the data of the access request for the predetermined number that user terminal is sent including 5 data packets, and if server is examined
It measures in the predetermined number access request data and is all lost data packet, and be all the third in above-mentioned 5 data packets lost
A data packet, at this time, it may be necessary to obtain request packet ratio of the identical each request packet of the packet loss in all request packets
Example.
Step S295, judges whether the request packet ratio is greater than default request packet ratio, if the request packet ratio is big
In default request packet ratio, then second accounting is set as the corresponding acquisition of the server end in the preset time period in the past
Protocol stack information second aggregation ratio.
The identical each request packet of packet loss is being obtained after the request packet ratio in all request packets, described in judgement
Whether request packet ratio is greater than default request packet ratio, will be described if the request packet ratio is greater than default request packet ratio
Second accounting is set as the second aggregation ratio of the protocol stack information of the corresponding acquisition of the server end in the preset time period in the past
The request packet ratio is the clothes in preset time period if the request packet ratio is less than default request packet ratio by example
Second aggregation ratio of the corresponding protocol stack information acquired in device end of being engaged in.
In the present embodiment, it is requested by obtaining the received server-side different access in the preset time period in the past
Corresponding each receiving time interval;Judge whether each receiving time interval is that partial rules change, if described each
A receiving time interval is partial rules variation, then the time interval for obtaining rule variation all described in answer seizure ratio each connects
Receive the second accounting of time interval;Second accounting is set as the server end correspondence in the preset time period in the past to adopt
Second aggregation ratio of the protocol stack information of collection.It each is connect since the time interval by rule variation is all described in answer seizure ratio
The second accounting for receiving time interval, obtains the second aggregation ratio, thus, it is possible to effectively judge whether there is one or more use
Progress server end hits library phenomenon after family end is pretended.
Further, the present invention provides another embodiment that server end hits library recognition methods, which is characterized in that described true
Include: after library risk step is hit in the server end presence calmly
Step S40, if detect access request again, correspondence, which is generated and fed back, needs to provide the prompt of mobile phone identifying code
Information.
In the present embodiment, it after detecting that library risk is hit in user terminal confirmation presence, is asked receiving access again later
When asking, corresponding feed back to sends the prompt information that the user terminal of access request needs mobile phone to verify again, and generates identifying code pair
The corresponding user terminal should be sent to.
Due in the present embodiment, if detect access request again, it is corresponding generate and feed back need to provide mobile phone and test
The prompt information of code is demonstrate,proved, i.e., when server end exists and hits library risk, carrying out user terminal by way of increasing the process of verifying
Audit, thus, it is possible to which user terminal is effectively avoided to correspond to the leakage of data.
Referring to Fig. 3, Fig. 3 is the device structure schematic diagram for the hardware running environment that the embodiment of the present invention is related to.
Server end of the embodiment of the present invention, which hits library identification equipment, can be PC, be also possible to smart phone, tablet computer, electricity
Philosophical works reader, MP3 (Moving Picture Experts Group Audio Layer III, dynamic image expert compression
Standard audio level 3) player, MP4 (Moving Picture Experts Group Audio Layer IV, dynamic image
Expert's compression standard audio level 3) terminal devices such as player, portable computer.
As shown in figure 3, it may include: processor 1001, such as CPU, memory that the server end, which hits library identification equipment,
1005, communication bus 1002.Wherein, communication bus 1002 is logical for realizing the connection between processor 1001 and memory 1005
Letter.Memory 1005 can be high speed RAM memory, be also possible to stable memory (non-volatile memory), example
Such as magnetic disk storage.Memory 1005 optionally can also be the storage equipment independently of aforementioned processor 1001.
Optionally, the server end hit library identification equipment can also include target user interface, network interface, camera,
RF (Radio Frequency, radio frequency) circuit, sensor, voicefrequency circuit, WiFi module etc..Target user interface can wrap
Display screen (Display), input unit such as keyboard (Keyboard) are included, optional target user interface can also include standard
Wireline interface, wireless interface.Network interface optionally may include standard wireline interface and wireless interface (such as WI-FI interface).
It is not constituted pair it will be understood by those skilled in the art that server end shown in Fig. 3 hits library identification device structure
Server end hits the restriction of library identification equipment, may include components more more or fewer than diagram, or combine certain components, or
The different component layout of person.
As shown in figure 3, as may include that operating system, network are logical in a kind of memory 1005 of computer storage medium
Letter module and server end hit library recognizer.Operating system be manage and control server end hit library identification device hardware and
The program of software resource supports server end to hit the operation of library recognizer and other softwares and/or program.Network communication mould
Block hits other hardware in library identification equipment for realizing the communication between the 1005 each component in inside of memory, and with server end
It is communicated between software.
Server end shown in Fig. 3 is hit in library identification equipment, and processor 1001 stores in memory 1005 for executing
Server end hit library recognizer, realize the step of server end described in any of the above embodiments hits library recognition methods.
Server end of the present invention hits library identification equipment specific embodiment and above-mentioned server end hits each reality of library recognition methods
It is essentially identical to apply example, details are not described herein.
The present invention also provides a kind of server ends to hit library identification device, and the server end hits library identification device and includes:
Acquisition module when for often detecting the access request of user terminal, acquires the corresponding user's letter of the access request
Breath, wherein the user information includes IP information, protocol stack information and user agent's UA information;
First obtains module, for being based on the user information, updates described in current point in time past preset time period
It is corresponding to update the server end in the preset time period in the past for first aggregation ratio of the corresponding acquisition IP information of server end
Second aggregation ratio of the protocol stack information of acquisition, and update the corresponding acquisition of the server end in the preset time period in the past
User agent's UA information third concentrating ratio;
Determining module, if being greater than the first preset value for the first aggregation ratio, it is pre- that the second aggregation ratio is greater than second
If value, when third concentrating ratio is greater than third preset value, determines that the server end exists and hit library risk.
Server end of the present invention hits library identification device specific embodiment and above-mentioned server end hits each reality of library recognition methods
It is essentially identical to apply example, details are not described herein.
The present invention provides a kind of readable storage medium storing program for executing, the readable storage medium storing program for executing is stored with one or more than one journey
Sequence, the one or more programs can also be executed by one or more than one processor for realizing above-mentioned
The step of server end described in one hits library recognition methods.
It is basic that readable storage medium storing program for executing specific embodiment of the present invention with above-mentioned server end hits each embodiment of library recognition methods
Identical, details are not described herein.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills
Art field similarly includes in patent process range of the invention.
Claims (10)
1. a kind of server end hits library recognition methods, which is characterized in that the server end hits library recognition methods and includes:
When often detecting the access request of user terminal, the corresponding user information of the access request is acquired, wherein user's letter
Breath includes IP information, protocol stack information and user agent's UA information;
Based on the user information, the corresponding acquisition IP information of the server end in current point in time past preset time period is updated
The first aggregation ratio, update it is described in the past in preset time period the protocol stack information of the corresponding acquisition of the server end second
Aggregation ratio, and update the third of user agent's UA information of the corresponding acquisition of the server end in the preset time period in the past
Aggregation ratio;
If the first aggregation ratio is greater than the first preset value, the second aggregation ratio is greater than the second preset value and third concentrating ratio
When greater than third preset value, determines that the server end exists and hit library risk.
2. server end as described in claim 1 hits library recognition methods, which is characterized in that it is described to be based on the user information,
Update the first aggregation ratio step packet of the corresponding acquisition IP information of the server end in current point in time past preset time period
It includes:
Based on the user information, server end each user terminal collected in the preset time period in the past is obtained
IP sections;
Ordered arrangement is carried out to the IP section of each user terminal, obtains continuous IP section institute in the IP section of each user terminal
The first accounting accounted for;
First accounting is set as first of the IP information of the corresponding acquisition of the server end in the preset time period in the past
Aggregation ratio.
3. server end as claimed in claim 2 hits library recognition methods, which is characterized in that described to each user terminal
IP sections of progress ordered arrangements, obtaining continuous IP section the first accounting step shared in the IP section of each user terminal includes:
The regional information according to belonging to each user terminal IP sections carries out territorial classification to each user terminal, obtains in the same area
The IP section of each user terminal;
Ordered arrangement is carried out to the IP section of user terminal each in the same area, it is each in described the same area to obtain continuous IP section
The first shared sub- accounting in the IP section of user terminal, and obtain the corresponding each first sub- accounting of different zones;
The sub- accounting of average treatment each first obtains continuous IP section and shared first accounts in the IP section of each user terminal
Than.
4. server end as described in claim 1 hits library recognition methods, which is characterized in that when the update past presets
Between in section the second aggregation ratio step of the protocol stack information of the corresponding acquisition of the server end include:
Obtain that described the received server-side different access is requested between corresponding each receiving time in preset time period in the past
Every;
Judge whether each receiving time interval is that partial rules change, if each receiving time interval is part
Rule variation, then the time interval for obtaining rule variation the second of all each receiving time intervals is accounted for described in answer seizure ratio
Than;
Second accounting is set as the protocol stack information of the corresponding acquisition of the server end in the preset time period in the past
Second aggregation ratio.
5. server end as claimed in claim 4 hits library recognition methods, which is characterized in that described to be set as second accounting
The second aggregation ratio step of the protocol stack information of the corresponding acquisition of the server end includes: in the preset time period in the past
The different access for obtaining the received server-side in the preset time period in the past requests corresponding each request packet;
The attached bag lost in each request packet is obtained, obtains the packet loss of each request packet, and obtain packet loss phase
Same each request packet;
From the identical each request packet of packet loss, transmission of the attached bag of the loss in corresponding requests packet is acquired
Serial number;
Whether identical send sequence number described in judgement, if it is described send sequence number be it is identical, obtain the identical institute of the packet loss
State request packet ratio of each request packet in all request packets;
Judge whether the request packet ratio is greater than default request packet ratio, if the request packet ratio is greater than default request packet ratio
Second accounting is then set as the protocol stack information of the corresponding acquisition of the server end in the preset time period in the past by example
Second aggregation ratio.
6. server end as described in claim 1 hits library recognition methods, which is characterized in that when the acquisition past presets
Between in section the server end correspond to the third concentrating ratio step of user agent's UA information and include:
It obtains in the preset time period in the past, each operation system used in the collected each user terminal of server end
System and version, cpu type, browser and version information, with obtain the operating system and version, cpu type, browser and
The number of the identical user terminal of version;
Obtain the number of all collected each user terminals of server end of number accounting of the identical user terminal
Mesh, to obtain the second accounting;
The third accounting is set as to described in the past the server end corresponds to the of user agent's UA information in preset time period
Three aggregation ratios.
7. server end as claimed in any one of claims 1 to 6 hits library recognition methods, which is characterized in that the determination clothes
Library risk step is hit in the presence of business device end
If detect access request again, correspondence, which is generated and fed back, needs to provide the prompt information of mobile phone identifying code.
8. a kind of server end hits library identification device, which is characterized in that the server end hits library identification device and includes:
Acquisition module when for often detecting the access request of user terminal, acquires the corresponding user information of the access request,
In, the user information includes IP information, protocol stack information and user agent's UA information;
Module is obtained, for being based on the user information, updates the server end in current point in time past preset time period
First aggregation ratio of corresponding acquisition IP information, updates the association of the corresponding acquisition of the server end in the preset time period in the past
The second aggregation ratio of stack information is discussed, and updates user's generation of the corresponding acquisition of the server end in the preset time period in the past
Manage the third concentrating ratio of UA information;
Determining module, if being greater than the first preset value for the first aggregation ratio, the second aggregation ratio is greater than the second preset value,
When third concentrating ratio is greater than third preset value, determines that the server end exists and hit library risk.
9. a kind of server end hits library identification equipment, which is characterized in that it includes: storage that the server end, which hits library identification equipment,
Device, processor, communication bus and the server end being stored on the memory hit library recognizer,
The communication bus is for realizing the communication connection between processor and memory;
The processor hits library recognizer for executing the server end, to realize such as any one of claims 1 to 7 institute
The server end stated hits the step of library recognition methods.
10. a kind of readable storage medium storing program for executing, which is characterized in that be stored with server end on the readable storage medium storing program for executing and hit library identification journey
Sequence, the server end, which is hit, realizes such as service of any of claims 1-7 when library recognizer is executed by processor
Hit the step of library recognition methods in device end.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811049718.4A CN109688099B (en) | 2018-09-07 | 2018-09-07 | Server-side database collision identification method, device, equipment and readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811049718.4A CN109688099B (en) | 2018-09-07 | 2018-09-07 | Server-side database collision identification method, device, equipment and readable storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109688099A true CN109688099A (en) | 2019-04-26 |
CN109688099B CN109688099B (en) | 2022-09-20 |
Family
ID=66184500
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811049718.4A Active CN109688099B (en) | 2018-09-07 | 2018-09-07 | Server-side database collision identification method, device, equipment and readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109688099B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110457611A (en) * | 2019-07-30 | 2019-11-15 | 精硕科技(北京)股份有限公司 | Realize method, apparatus, the browser and server of electric questionnaire anonymity answer |
CN113179281A (en) * | 2021-05-26 | 2021-07-27 | 中国银行股份有限公司 | Method, device, equipment and storage medium for determining database collision attack |
CN113347180A (en) * | 2021-06-01 | 2021-09-03 | 重庆贝特计算机系统工程有限公司 | Risk analysis method for network security three-synchronization process of computer application system |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102739683A (en) * | 2012-06-29 | 2012-10-17 | 杭州迪普科技有限公司 | Network attack filtering method and device |
CN104811449A (en) * | 2015-04-21 | 2015-07-29 | 深信服网络科技(深圳)有限公司 | Base collision attack detecting method and system |
US20160352828A1 (en) * | 2011-08-31 | 2016-12-01 | Google Inc. | Asynchronous and synchronous resource links |
CN106470193A (en) * | 2015-08-19 | 2017-03-01 | 互联网域名系统北京市工程研究中心有限公司 | A kind of anti-DoS of DNS recursion server, the method and device of ddos attack |
CN107277036A (en) * | 2017-07-05 | 2017-10-20 | 云南撇捺势信息技术有限公司 | Login validation method based on multistation point data, checking equipment and storage medium |
CN107819606A (en) * | 2017-09-29 | 2018-03-20 | 北京金山安全软件有限公司 | Network attack alarm method and device |
US20180131529A1 (en) * | 2016-11-09 | 2018-05-10 | Arizona Board Of Regents On Behalf Of Northern Arizona University | Encoding ternary data for puf environments |
-
2018
- 2018-09-07 CN CN201811049718.4A patent/CN109688099B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160352828A1 (en) * | 2011-08-31 | 2016-12-01 | Google Inc. | Asynchronous and synchronous resource links |
CN102739683A (en) * | 2012-06-29 | 2012-10-17 | 杭州迪普科技有限公司 | Network attack filtering method and device |
CN104811449A (en) * | 2015-04-21 | 2015-07-29 | 深信服网络科技(深圳)有限公司 | Base collision attack detecting method and system |
CN106470193A (en) * | 2015-08-19 | 2017-03-01 | 互联网域名系统北京市工程研究中心有限公司 | A kind of anti-DoS of DNS recursion server, the method and device of ddos attack |
US20180131529A1 (en) * | 2016-11-09 | 2018-05-10 | Arizona Board Of Regents On Behalf Of Northern Arizona University | Encoding ternary data for puf environments |
CN107277036A (en) * | 2017-07-05 | 2017-10-20 | 云南撇捺势信息技术有限公司 | Login validation method based on multistation point data, checking equipment and storage medium |
CN107819606A (en) * | 2017-09-29 | 2018-03-20 | 北京金山安全软件有限公司 | Network attack alarm method and device |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110457611A (en) * | 2019-07-30 | 2019-11-15 | 精硕科技(北京)股份有限公司 | Realize method, apparatus, the browser and server of electric questionnaire anonymity answer |
CN113179281A (en) * | 2021-05-26 | 2021-07-27 | 中国银行股份有限公司 | Method, device, equipment and storage medium for determining database collision attack |
CN113347180A (en) * | 2021-06-01 | 2021-09-03 | 重庆贝特计算机系统工程有限公司 | Risk analysis method for network security three-synchronization process of computer application system |
Also Published As
Publication number | Publication date |
---|---|
CN109688099B (en) | 2022-09-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109660502A (en) | Detection method, device, equipment and the storage medium of abnormal behaviour | |
CN108234653A (en) | Method and device for processing service request | |
TWI230885B (en) | Computer network system, computer system, method for communication between computer systems, method for measuring computer system performance, and storage medium | |
CN107277036B (en) | Login validation method, verifying equipment and storage medium based on multistation point data | |
CN108696490A (en) | The recognition methods of account permission and device | |
CN109688099A (en) | Server end hits library recognition methods, device, equipment and readable storage medium storing program for executing | |
CN106411878B (en) | Method, device and system for making access control strategy | |
CN108075934A (en) | A kind of network quality monitoring method, apparatus and system | |
CN102710770A (en) | Identification method for network access equipment and implementation system for identification method | |
CN109302394A (en) | A kind of anti-simulation login method of terminal, device, server and storage medium | |
CN108881184A (en) | Access request processing method, terminal, server and computer readable storage medium | |
CN108334774A (en) | A kind of method, first server and the second server of detection attack | |
CN109861968A (en) | Resource access control method, device, computer equipment and storage medium | |
CN109033801A (en) | Method, mobile terminal and the storage medium of application program verification user identity | |
CN105022939B (en) | Information Authentication method and device | |
CN107911340A (en) | Login validation method, device, equipment and the storage medium of application program | |
CN109951579A (en) | Domain name processing method, device, computer readable storage medium and computer equipment | |
CN108123961A (en) | Information processing method, apparatus and system | |
CN110099129A (en) | A kind of data transmission method and equipment | |
CN105516321A (en) | Data acquisition method and device | |
CN107733883A (en) | A kind of method and device for detecting batch registration account | |
CN107862091A (en) | Realize the control method and device of web page access | |
CN109783335A (en) | User's operation records restoring method, device, equipment and readable storage medium storing program for executing | |
CN110519280A (en) | A kind of crawler recognition methods, device, computer equipment and storage medium | |
CN106850509A (en) | Method for network access control and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |