CN109688099A - Server end hits library recognition methods, device, equipment and readable storage medium storing program for executing - Google Patents

Server end hits library recognition methods, device, equipment and readable storage medium storing program for executing Download PDF

Info

Publication number
CN109688099A
CN109688099A CN201811049718.4A CN201811049718A CN109688099A CN 109688099 A CN109688099 A CN 109688099A CN 201811049718 A CN201811049718 A CN 201811049718A CN 109688099 A CN109688099 A CN 109688099A
Authority
CN
China
Prior art keywords
server end
information
ratio
user terminal
past
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811049718.4A
Other languages
Chinese (zh)
Other versions
CN109688099B (en
Inventor
舒文捷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201811049718.4A priority Critical patent/CN109688099B/en
Publication of CN109688099A publication Critical patent/CN109688099A/en
Application granted granted Critical
Publication of CN109688099B publication Critical patent/CN109688099B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a kind of server ends to hit library recognition methods, device, equipment and readable storage medium storing program for executing, the method is based on network security technology, the described method includes: when often detecting the access request of user terminal, the corresponding user information of the access request is acquired, the user information includes IP information, protocol stack information and user agent's information;Based on the user information, update the first aggregation ratio of the corresponding acquisition IP information of the server end in current point in time past preset time period, the third concentrating ratio of user agent's UA information of the second aggregation ratio and corresponding acquisition of the protocol stack information of corresponding acquisition;If the first aggregation ratio is greater than the first preset value, the second aggregation ratio is greater than the second preset value, when third concentrating ratio is greater than third preset value, determines that the server end exists and hits library risk.Library recognition methods, which is hit, the present invention is based on the server end of network security technology solves existing the technical issues of be easy to causeing a large number of users data leak.

Description

Server end hits library recognition methods, device, equipment and readable storage medium storing program for executing
Technical field
The present invention relates to field of computer technology more particularly to a kind of server end hit library recognition methods, device, equipment and Readable storage medium storing program for executing.
Background technique
Library is hit, refers to that, using the identical registration habit (identical username and password) of user, trial logs in others Website, that is to say, that the account that hacker acquires user terminal in some websites utilizes the identical registration of user there are also after password Habit, there are also the other websites of password login device for the account for the user terminal that will acquire, to obtain money of the user in other websites Expect information, it is simple to be a little exactly: to be exactly that you replicate a big string key from others there, then go to try to open not in building Same door.Currently, if web site server end is by detecting that the account number cipher logon error of user terminal reaches preset times such as 4 It is secondary, then the account number cipher of the user terminal can be defaulted by the mode for hitting library attack, and it is each that realization judges that web site server end corresponds to Whether user terminal is by library attack is hit, however, the above method, which can recognize, hits library identification, the prior art for a certain user terminal In, it is difficult to realize that identification is attacked for the library of hitting of the large area of web site server end, due to being difficult to for Website server The library of hitting of the large area at end is attacked, thus, it be easy to cause a large number of users data leak.
Summary of the invention
The main purpose of the present invention is to provide a kind of server ends to hit library recognition methods, device, equipment and readable storage Medium, it is intended to it solves to be difficult to attack for the library of hitting of the large area of web site server end, thus, it be easy to cause a large number of users The technical issues of data leak.
To achieve the above object, the present invention provides a kind of server end and hits library recognition methods, and the server end hits library knowledge Other method includes:
When often detecting the access request of user terminal, the corresponding user information of the access request is acquired, wherein the use Family information includes IP information, protocol stack information and user agent's UA information;
Based on the user information, the corresponding acquisition IP of the server end in current point in time past preset time period is updated First aggregation ratio of information updates the protocol stack information of the corresponding acquisition of the server end in the preset time period in the past Second aggregation ratio, and update user agent's UA information of the corresponding acquisition of the server end in the preset time period in the past Third concentrating ratio;
If the first aggregation ratio is greater than the first preset value, the second aggregation ratio is greater than the second preset value, third concentrating When ratio is greater than third preset value, determines that the server end exists and hit library risk.
Optionally, described to be based on the user information, update the server in current point in time past preset time period The first of the corresponding acquisition IP information in end assembles ratio step and includes:
Based on the user information, server end each user collected in the preset time period in the past is obtained The IP section at end;
Ordered arrangement is carried out to the IP section of each user terminal, obtains continuous IP section in the IP section of each user terminal In shared the first accounting;
First accounting is set as the IP information of the corresponding acquisition of the server end in the preset time period in the past First aggregation ratio.
Optionally, the IP section to each user terminal carries out ordered arrangement, obtains continuous IP section described each The first shared accounting step includes: in the IP section of user terminal
The regional information according to belonging to each user terminal IP sections carries out territorial classification to each user terminal, obtains same area The IP section of each user terminal in domain;
Ordered arrangement is carried out to the IP section of user terminal each in the same area, obtains continuous IP section in described the same area The first shared sub- accounting in the IP section of each user terminal, and obtain the corresponding each first sub- accounting of different zones;
The sub- accounting of average treatment each first obtains continuous IP section shared first in the IP section of each user terminal Accounting.
Optionally, described to update the protocol stack information of the corresponding acquisition of the server end in the preset time period in the past Second, which assembles ratio step, includes:
When obtaining the corresponding each reception of received server-side different access request in the preset time period in the past Between be spaced;
Judge whether each receiving time interval is that partial rules change, if each receiving time interval is Partial rules variation, then obtain the second of time interval all each receiving time intervals described in answer seizure ratio of rule variation Accounting;
Second accounting is set as to the protocol stack letter of the corresponding acquisition of the server end in the preset time period in the past Second aggregation ratio of breath.
Optionally, described that second accounting is set as the corresponding acquisition of the server end in the preset time period in the past Protocol stack information second aggregation ratio step include:
The different access for obtaining the received server-side in the preset time period in the past requests corresponding each request Packet;
The attached bag lost in each request packet is obtained, obtains the packet loss of each request packet, and obtain packet loss The identical each request packet of rate;
From the identical each request packet of packet loss, the attached bag of the loss is acquired in corresponding requests packet It sends sequence number;
Whether identical send sequence number described in judgement, if it is described send sequence number be it is identical, it is identical to obtain the packet loss Request packet ratio of each request packet in all request packets;
Judge whether the request packet ratio is greater than default request packet ratio, if the request packet ratio is greater than default request Packet ratio then believes the protocol stack that second accounting is set as the corresponding acquisition of the server end in the preset time period in the past Second aggregation ratio of breath.
Optionally, described to obtain that described the server end corresponds to the of user agent's UA information in preset time period in the past Three, which assemble ratio steps, includes:
It obtains in the preset time period in the past, each behaviour used in the collected each user terminal of server end Make the information of system and version, cpu type, browser and version, to obtain the operating system and version, cpu type, browsing The number of device and the identical user terminal of version;
Obtain all collected each user terminals of server end of number accounting of the identical user terminal Number, to obtain third accounting;
The third accounting is set as the server end in the preset time period in the past and corresponds to user agent's UA information Third concentrating ratio.
Optionally, include: after library risk step is hit in the determination server end presence
If detect access request again, correspondence, which is generated and fed back, needs to provide the prompt information of mobile phone identifying code.
The present invention also provides a kind of server ends to hit library identification device, and the server end hits library identification device and includes:
Acquisition module when for often detecting the access request of user terminal, acquires the corresponding user's letter of the access request Breath, wherein the user information includes IP information, protocol stack information and user agent's UA information;
Module is obtained, for being based on the user information, updates the service in current point in time past preset time period First aggregation ratio of the corresponding acquisition IP information in device end updates the corresponding acquisition of the server end in the preset time period in the past Protocol stack information the second aggregation ratio, and update it is described in the past in preset time period the corresponding acquisition of the server end use Act on behalf of the third concentrating ratio of UA information in family;
Determining module, if being greater than the first preset value for the first aggregation ratio, it is pre- that the second aggregation ratio is greater than second If value
Optionally, the acquisition module includes:
First acquisition unit obtains the server in the preset time period in the past for being based on the user information Hold the IP section of each user terminal collected;
Second acquisition unit carries out ordered arrangement for the IP section to each user terminal, obtains continuous IP section in institute State the first accounting shared in the IP section of each user terminal;
First setting unit, for first accounting to be set as the server end pair in the preset time period in the past First aggregation ratio of the IP information that should be acquired.
Optionally, the second acquisition unit includes:
First obtains subelement, carries out for the regional information according to belonging to each user terminal IP sections to each user terminal Territorial classification obtains the IP section of each user terminal in the same area;
Second obtains subelement, carries out ordered arrangement for the IP section to user terminal each in the same area, obtains continuous The first shared sub- accounting in the IP section of IP sections of each user terminals in described the same area, and obtain different zones and respectively correspond The each first sub- accounting;
Average treatment subelement is used for the sub- accounting of average treatment each first, obtains continuous IP section in each user The first shared accounting in the IP section at end.
Optionally, the acquisition module includes:
Third acquiring unit, for obtaining the received server-side different access request in the preset time period in the past Corresponding each receiving time interval;
First judging unit, for judging whether each receiving time interval is that partial rules change, if described Each receiving time interval is partial rules variation, then the time interval for obtaining rule variation is all each described in answer seizure ratio Second accounting at receiving time interval;
Second setting unit, for second accounting to be set as the server end pair in the preset time period in the past Second aggregation ratio of the protocol stack information that should be acquired.
Optionally, second setting unit includes:
Third obtains subelement, for obtaining the different access of the received server-side in the preset time period in the past Request corresponding each request packet;
4th acquisition subelement obtains each request packet for obtaining the attached bag lost in each request packet Packet loss, and obtain the identical each request packet of packet loss;
5th obtains subelement, for acquiring the loss from the identical each request packet of packet loss Attached bag sending sequence number in corresponding requests packet;
First judgment sub-unit, for judge it is described send sequence number it is whether identical, if it is described send sequence number be it is identical, Obtain request packet ratio of the identical each request packet of the packet loss in all request packets;
Second judgment sub-unit, for judging whether the request packet ratio is greater than default request packet ratio, if described ask It asks packet ratio to be greater than default request packet ratio, then second accounting is set as the server in the preset time period in the past Second aggregation ratio of the protocol stack information of the corresponding acquisition in end.
Optionally, the acquisition module includes:
4th acquiring unit, for obtaining in the preset time period in the past, the collected each use of server end Each operating system and version used in the end of family, cpu type, browser and version information, to obtain the operating system And the number of version, cpu type, browser and the identical user terminal of version;
5th acquiring unit, all server ends of number accounting for obtaining the identical user terminal are adopted The number of each user terminal collected, to obtain third accounting;
Third setting unit, for the third accounting to be set as the server end pair in the preset time period in the past Answer the third concentrating ratio of user agent's UA information.
Optionally, the server end hits library identification device further include:
Feedback module, if when for detecting access request again, correspondence, which is generated and fed back, to be needed to provide mobile phone identifying code Prompt information.
In addition, to achieve the above object, the present invention also provides a kind of server ends to hit library identification equipment, the server end Hitting library identification equipment includes: memory, processor, and communication bus and the server end being stored on the memory hit library knowledge Other program,
The communication bus is for realizing the communication connection between processor and memory;
The processor hits library recognizer for executing the server end, to perform the steps of
When often detecting the access request of user terminal, the corresponding user information of the access request is acquired, wherein the use Family information includes IP information, protocol stack information and user agent's UA information;
Based on the user information, the corresponding acquisition IP of the server end in current point in time past preset time period is updated First aggregation ratio of information updates the protocol stack information of the corresponding acquisition of the server end in the preset time period in the past Second aggregation ratio, and update user agent's UA information of the corresponding acquisition of the server end in the preset time period in the past Third concentrating ratio;
If the first aggregation ratio is greater than the first preset value, the second aggregation ratio is greater than the second preset value, third concentrating When ratio is greater than third preset value, determines that the server end exists and hit library risk.
In addition, to achieve the above object, the present invention also provides a kind of readable storage medium storing program for executing, the readable storage medium storing program for executing storage Have one perhaps more than one program the one or more programs can be held by one or more than one processor Row is to be used for:
When often detecting the access request of user terminal, the corresponding user information of the access request is acquired, wherein the use Family information includes IP information, protocol stack information and user agent's UA information;
Based on the user information, the corresponding acquisition IP of the server end in current point in time past preset time period is updated First aggregation ratio of information updates the protocol stack information of the corresponding acquisition of the server end in the preset time period in the past Second aggregation ratio, and update user agent's UA information of the corresponding acquisition of the server end in the preset time period in the past Third concentrating ratio;
If the first aggregation ratio is greater than the first preset value, the second aggregation ratio is greater than the second preset value, third concentrating When ratio is greater than third preset value, determines that the server end exists and hit library risk.
When the present invention passes through the access request for often detecting user terminal, the corresponding user information of the access request is acquired, Wherein, the user information includes IP information, protocol stack information and user agent's UA information;Based on the user information, update Current point in time goes over the first aggregation ratio of the corresponding acquisition IP information of the server end in preset time period, updates the mistake The second aggregation ratio of the protocol stack information of the corresponding acquisition of the server end in preset time period is gone, and it is pre- to update the past If the third concentrating ratio of user agent's UA information of the corresponding acquisition of the server end in the period;If the first aggregation ratio Example is greater than the first preset value, and the second aggregation ratio is greater than the second preset value, when third concentrating ratio is greater than third preset value, determines The server end, which exists, hits library risk.In this application, when detecting new access request every time, that is, the past is obtained The of first aggregation ratio of the IP information of the user terminal of the corresponding acquisition of the server end in preset time period, protocol stack information Two aggregation ratios, the third concentrating ratio of user agent's UA information, if it is described first aggregation ratio be greater than the first preset value, second Aggregation ratio is greater than the second preset value, when third concentrating ratio is greater than third preset value, determines that the server end exists and hits library Risk, i.e., in the present embodiment, whole to web site server end progress hits library attack recognition, and avoiding, which influences a large number of users, logs in The sign-in experience of website, thus solve due to being difficult to attack for the library of hitting of the large area of web site server end, it is easy The technical issues of causing a large number of users data leak.
Detailed description of the invention
Fig. 1 is the flow diagram that server end of the present invention hits library recognition methods first embodiment;
Fig. 2 is that server end of the present invention is hit in library recognition methods second embodiment based on the user information, is updated current Time point goes over the refinement process of the first aggregation ratio step of the corresponding acquisition IP information of the server end in preset time period Schematic diagram;
Fig. 3 is the device structure schematic diagram for the hardware running environment that present invention method is related to.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
The present invention provides a kind of server end and hits library recognition methods, hits the first of library recognition methods in server end of the present invention In embodiment, referring to Fig.1, the server end hits library recognition methods and includes:
Step S10 when often detecting the access request of user terminal, acquires the corresponding user information of the access request, In, the user information includes IP information, protocol stack information and user agent's UA information;
Step S20 is based on the user information, updates the server end pair in current point in time past preset time period The first aggregation ratio of IP information should be acquired, the agreement of the corresponding acquisition of the server end in the preset time period in the past is updated Second aggregation ratio of stack information, and update the user agent of the corresponding acquisition of the server end in the preset time period in the past The third concentrating ratio of UA information;
Step S30, if the first aggregation ratio is greater than the first preset value, the second aggregation ratio is greater than the second preset value, When third concentrating ratio is greater than third preset value, determines that the server end exists and hit library risk.
Specific step is as follows:
Step S10 when often detecting the access request of user terminal, acquires the corresponding user information of the access request, In, the user information includes IP information, protocol stack information and user agent's UA information;
Currently, when if web site server end detects that the account number cipher logon error of user terminal reaches preset times such as 4 times, The account number cipher that then can default the user terminal is attacked, and web site server end can suspend logging in for the user terminal at this time, but right It is flowed out in social worker library, wherein social worker library refers to the data set of the compositions such as the true user account and password largely flowed out It closes, if web site server end cannot effectively identify that hitting library attacks, and will cause letting out for web site server end a large number of users data at this time Leakage, the application are to prevent the leakage of web site server end a large number of users data.
Specifically, when often detecting the access request of user terminal, the corresponding user information of the access request is acquired, In, as long as detecting the access request of user terminal, that is, pass through the corresponding target user's information of front end JS page capture access request, User information includes but is not limited to IP information, protocol stack information, user agent's UA information, wherein IP information includes user terminal institute The IP segment information at place, regional information belonging to the IP sections, as the IP section of user terminal is 119.123.67.249, area belonging to the IP sections It is Shenzhen, protocol stack information includes the configuration information of user terminal access request corresponding requests packet, transmission time information, packet loss information It include that user terminal operating system and version, cpu type, browser and version, browser rendering are drawn Deng, user agent's UA information It holds up, the information such as browser language, browser plug-in, current network state, language environment.
Step S20 is based on the user information, updates the server end pair in current point in time past preset time period The first aggregation ratio of IP information should be acquired, the agreement of the corresponding acquisition of the server end in the preset time period in the past is updated Second aggregation ratio of stack information, and update the user agent of the corresponding acquisition of the server end in the preset time period in the past The third concentrating ratio of UA information;
In the present embodiment, as long as obtaining the corresponding user information of new access request every time, i.e., when execution updates current Between point in the past in preset time period the corresponding acquisition IP information of the server end the first aggregation ratio, it is default to update the past Second aggregation ratio of the protocol stack information of the corresponding acquisition of the server end in period, and update the preset time in the past In section the step of the third concentrating ratio of user agent's UA information of the corresponding acquisition of the server end, that is to say, that as long as inspection New access request is measured, that is, needs to update the first aggregation ratio, the second aggregation ratio and third concentrating ratio.Wherein, net Site server end obtains the first aggregation ratio, the second aggregation ratio and third concentrating ratio rather than individually only obtains wherein one A aggregation ratio, it is thus possible to the case where preventing wrong identification.
Specifically, in the present embodiment, described to be based on the user information referring to Fig. 2, it is pre- to update the current point in time past If the first aggregation ratio step of the corresponding acquisition IP information of the server end includes: in the period
Step S21 is based on the user information, and it is collected to obtain the server end in the preset time period in the past The IP section of each user terminal;
In the present embodiment, when detecting user terminal access request, corresponding user terminal is obtained in real time by front end JS IP segment information, after acquiring the corresponding user terminal IP segment information of the access request, it is also necessary to obtain the past it is default when Between in section server end other each user terminals collected IP section.
Step S22 carries out ordered arrangement to the IP section of each user terminal, obtains continuous IP section in each user The first shared accounting in the IP section at end;
It is obtaining in preset time period after the IP section of server end each user terminal collected, to each user The IP section at end carries out ordered arrangement, specifically, is ranked up according to size digital on IP sections of the first home positions, is marked in first place When number on knowledge position is identical, it is ranked up according to size digital on secondary bit identification position, and so on, until completing each The sequence of the IP section of a user terminal, such as party A-subscriber end, IP sections are 119.123.67.249, and IP sections of D user terminal are 116.30.198.37, then preceding, 116.30.198.37 sequence is orderly being arranged in rear (9 are greater than 6) for 119.123.67.249 sequence After column, judge whether the IP section of each user terminal is that continuous (can be and preset the continuous of small difference) is either identical, such as A The IP section of user terminal is 119.123.67.249, and the IP section at party B-subscriber end is 119.123.67.250, and the IP section of C user terminal is 119.123.67.251, then obviously party A-subscriber end, BYong Huduan, C user terminal IP be continuous or the IP of D user terminal Section is 119.123.67.230, and the IP section of E user terminal is 119.123.67.232, and the IP section of F user terminal is 119.123.67.234, then party A-subscriber end, BYong Huduan, C user terminal IP be preset small difference continuous, i.e., D user terminal, E are used Family end, F user terminal IP be also continuous, in addition, in addition to judge each user terminal IP section whether be continuously other than, it is also necessary to Judge each user terminal IP section whether be it is identical, to obtain continuous IP section (including IP sections identical) in each user The first shared accounting in the IP section at end.It is illustrated to specific embodiment, accesses server end within a preset period of time Continuous IP section is 5, and the number of total user terminal is 10, then the first accounting is 50%.
The IP section to each user terminal carries out ordered arrangement, obtains continuous IP section in each user terminal The first shared accounting includes: in IP sections
Step S221, the regional information according to belonging to each user terminal IP sections carry out territorial classification to each user terminal, Obtain the IP section of each user terminal in the same area;
In the present embodiment, another approach for obtaining the first accounting is provided, specifically, is obtaining each user terminal After IP sections, each affiliated regional information of user terminal is obtained according to each user terminal IP segment information, according to each user terminal IP sections of institutes Belong to regional information and territorial classification is carried out to each user terminal, Shenzhen area user terminal is such as divided into one kind, by District of Shanghai User terminal is divided into one kind, after sorting, obtains the IP section of each user terminal in the same area, wherein different regions user terminal IP Duan Buhui is continuous.
Step S222 carries out ordered arrangement to the IP section of user terminal each in the same area, obtains continuous IP section described First sub- accounting shared in the IP section of each user terminal in the same area, and obtain different zones corresponding each first Sub- accounting;
In obtaining the same area after the IP section of each user terminal, have to the IP section of user terminal each in the same area Sequence arrangement obtains the first sub- accounting shared in the IP section of continuous IP section each user terminal in described the same area, such as obtains The first shared sub- accounting in the IP section of continuous IP section each user terminal in the region of Shenzhen obtains continuous IP section in upper sea region Shared the first sub- accounting etc. in the IP section of interior each user terminal, wherein the IP section of each user terminal refers in the region of Shenzhen: The server end corresponds to the IP of the corresponding user terminal of each access request in received Shenzhen region within a preset period of time Section, the IP section of each user terminal refers in upper sea region: the server end corresponds to received Shanghai within a preset period of time The IP section of the corresponding user terminal of each access request in region.
Step S223, the sub- accounting of average treatment each first obtain continuous IP section in the IP section of each user terminal The first shared accounting.
After obtaining the corresponding each first sub- accounting in different regions, the sub- accounting of average treatment each first is obtained continuous IP sections of shared the first accountings in the IP section of each user terminal.
First accounting is set as the corresponding acquisition of the server end in the preset time period in the past by step S23 First aggregation ratio of IP information.
After obtaining the first accounting, first accounting is set as the server end pair in the preset time period in the past First aggregation ratio of the IP information that should be acquired.
In the present embodiment, after obtaining the first aggregation ratio, investigation mode is also matched by user terminal protocol stack, is obtained Second aggregation ratio of the protocol stack information of the corresponding acquisition of web site server end in preset time period, to judge that the past default Whether the access request that website receives in the period contains the multiple request or same user terminal switching IP puppet of same user terminal Put into the multiple request of row, specifically, troubleshooting procedure are as follows: according between the corresponding each receiving time of reception different access request The protocol stack information of the corresponding acquisition of the server end is determined every the packet loss of, each user terminal access request corresponding requests packet Second aggregation ratio.
After obtaining the second aggregation ratio, also obtains the server end in the preset time period in the past and correspond to user's generation Manage the third concentrating ratio of UA information, wherein the server end corresponds to user in the acquisition preset time period in the past The third concentrating ratio step for acting on behalf of UA information includes:
Step S24 is obtained in the preset time period in the past, and the collected each user terminal of server end is used Each operating system and version, cpu type, browser and version information, to obtain the operating system and version, CPU The number of type, browser and the identical user terminal of version;
It should be noted that user agent's UA information include operating system and version used in user terminal, cpu type, Browser and the information of version etc. are obtaining in preset time period, after the server end corresponds to user agent's UA information, obtain Obtain the operating system and operating system version information, the cpu type information of each user terminal, each user terminal of each user terminal Browser information, each user terminal browser version information, judge the operating system and version, cpu type, browser And the number of the identical user terminal of version.
Step S25, all server ends of number accounting for obtaining the identical user terminal are collected each The number of a user terminal, to obtain third accounting;
After the number for obtaining operating system and version, cpu type, browser and the identical user terminal of version, obtain The number of all collected each user terminals of server end of the number accounting of the identical user terminal is taken, with To third accounting.
The third accounting is set as the server end in the preset time period in the past and corresponds to user's generation by step S26 Manage the third concentrating ratio of UA information.
The third accounting is set as the server end in the preset time period in the past and corresponds to user agent's UA information Third concentrating ratio.
It should be noted that in the present embodiment, the first aggregation ratio, the second aggregation ratio, third concentrating ratio are obtained Take sequence to can be variation, might not determination acquisition sequence.
Step S30, if the first aggregation ratio is greater than the first preset value, the second aggregation ratio is greater than the second preset value, When third concentrating ratio is greater than third preset value, determines that the server end exists and hit library risk.
In the present embodiment, web site server end has the first preset value, the second preset value and third preset value, this One preset value, the second preset value and third preset value can be modified according to the actual situation, if first aggregation Ratio is greater than the first preset value, and the second aggregation ratio is greater than the second preset value, when third concentrating ratio is greater than third preset value, really The fixed server end, which exists, hits library risk, and due to being greater than the first preset value in the first aggregation ratio, and the second aggregation ratio is big In the second preset value, and when third concentrating ratio is greater than third preset value, just determine that library risk is hit in the server end presence, because And can effectively avoid because library is hit in erroneous judgement cause user access website when process complexity increase the phenomenon that.
When the present invention passes through the access request for often detecting user terminal, the corresponding user information of the access request is acquired, Wherein, the user information includes IP information, protocol stack information and user agent's UA information;Based on the user information, update Current point in time goes over the first aggregation ratio of the corresponding acquisition IP information of the server end in preset time period, updates the mistake The second aggregation ratio of the protocol stack information of the corresponding acquisition of the server end in preset time period is gone, and it is pre- to update the past If the third concentrating ratio of user agent's UA information of the corresponding acquisition of the server end in the period;If the first aggregation ratio Example is greater than the first preset value, and the second aggregation ratio is greater than the second preset value, when third concentrating ratio is greater than third preset value, determines The server end, which exists, hits library risk.In this application, when detecting new access request every time, that is, the past is obtained The of first aggregation ratio of the IP information of the user terminal of the corresponding acquisition of the server end in preset time period, protocol stack information Two aggregation ratios, the third concentrating ratio of user agent's UA information, if it is described first aggregation ratio be greater than the first preset value, second Aggregation ratio is greater than the second preset value, when third concentrating ratio is greater than third preset value, determines that the server end exists and hits library Risk, i.e., in the present embodiment, whole to web site server end progress hits library attack recognition, and avoiding, which influences a large number of users, logs in The sign-in experience of website, thus solve due to being difficult to attack for the library of hitting of the large area of web site server end, it is easy The technical issues of causing a large number of users data leak.
Further, the present invention provides another embodiment that server end hits library recognition methods, described to update the past The second aggregation ratio step of the protocol stack information of the corresponding acquisition of the server end includes: in preset time period
It is corresponding each to obtain the received server-side different access request in the preset time period in the past by step S27 A receiving time interval;
In the present embodiment, the received server-side different access request in the preset time period in the past is obtained to correspond to Each receiving time interval, wherein the receiving time interval can be rule variation, for rule variation receiving time Interval, needs at least four or more receiving time intervals identical, and such as each second reception access request is primary or every two It is primary second to receive access request, one second is divided between receiving time at this time either two seconds, in addition, the receiving time interval can also be with It is not rule variation, such as receiving after certain access request is to receive another access request after two seconds again, and after four seconds later Receive other access requests again, due to receiving time interval at this time be it is uncertain, thus, which is not rule Rule variation.
Step S28 judges whether each receiving time interval is that partial rules change, if when each reception Between interval be that partial rules changes, then obtain rule change time interval all each receiving times between described in answer seizure ratio Every the second accounting;
Judge whether each receiving time interval is that partial rules change, if each receiving time interval is Partial rules variation, then obtain the second of time interval all each receiving time intervals described in answer seizure ratio of rule variation Accounting, for example, if the number of receiving time regular interval variation is 10, and 20 are divided between each receiving time, it is obvious that the Two accountings are 50%, it should be noted that in the present embodiment, other than obtaining receiving time interval, are also obtained by front end JS Take the input time interval of the corresponding input various information of user terminal, wherein various information includes the letter such as user name, account, password Breath, to hit library convenient for carry out large area in a short time, is carrying out for carrying out camouflage or non-artificial user terminal When targeted website logs in, it is usually provided with the identical sequence for inputting various information and identical input time interval, for For ordinary user, input account, user name, the time interval of password are different, thus, in the present embodiment, also obtain user Input time interval is consistent and the number of input time consistent user terminal when the input various information of end, which is set as identical Number obtains the specific gravity that same number accounts for entire input number, obtains target specific gravity.
Second accounting is set as the corresponding acquisition of the server end in the preset time period in the past by step S29 Second aggregation ratio of protocol stack information.
In the present embodiment, after obtaining the second accounting, judge whether the target specific gravity is greater than default specific gravity, if more than Second accounting is then set as the protocol stack of the corresponding acquisition of the server end in the preset time period in the past by default specific gravity Second aggregation ratio of information.If being less than default specific gravity, using the value of the target specific gravity as clothes described in preset time period Second aggregation ratio of the corresponding protocol stack information acquired in device end of being engaged in.
The agreement that second accounting is set as to the corresponding acquisition of the server end in the preset time period in the past The second of stack information assembles ratio step
Step S291, the different access request for obtaining the received server-side in the preset time period in the past are corresponding Each request packet;
In addition, in the present embodiment, it can also obtain that the preset time period server end in the past is received each to be asked Seek packet, wherein each request packet is made of each request attached bag, as may include 5 attached bags in request packet.
Step S292 obtains the attached bag lost in each request packet, obtains the packet loss of each request packet, and Obtain the identical each request packet of packet loss;
Step S293 acquires the attached bag of the loss in correspondence from the identical each request packet of packet loss Sending sequence number in request packet;
Whether step S294 sends sequence number described in judgement identical, if it is described send sequence number be it is identical, obtain described in lose Request packet ratio of the identical each request packet of packet rate in all request packets;
Due to the influence of network state, can usually there be the phenomenon that packet loss, obtain the son lost in each request packet Packet, obtains the packet loss of each request packet, and obtain the identical each request packet of packet loss, it should be noted that For same determining user terminal, if carrying out the request of different numbers, but it is the transmitting path of request data package, network-like State is substantially identical, thus, packet loss is essentially identical, and is substantially the attached bag for the same serial number lost, to be embodied Example is illustrated, if in the data of the access request for the predetermined number that user terminal is sent including 5 data packets, and if server is examined It measures in the predetermined number access request data and is all lost data packet, and be all the third in above-mentioned 5 data packets lost A data packet, at this time, it may be necessary to obtain request packet ratio of the identical each request packet of the packet loss in all request packets Example.
Step S295, judges whether the request packet ratio is greater than default request packet ratio, if the request packet ratio is big In default request packet ratio, then second accounting is set as the corresponding acquisition of the server end in the preset time period in the past Protocol stack information second aggregation ratio.
The identical each request packet of packet loss is being obtained after the request packet ratio in all request packets, described in judgement Whether request packet ratio is greater than default request packet ratio, will be described if the request packet ratio is greater than default request packet ratio Second accounting is set as the second aggregation ratio of the protocol stack information of the corresponding acquisition of the server end in the preset time period in the past The request packet ratio is the clothes in preset time period if the request packet ratio is less than default request packet ratio by example Second aggregation ratio of the corresponding protocol stack information acquired in device end of being engaged in.
In the present embodiment, it is requested by obtaining the received server-side different access in the preset time period in the past Corresponding each receiving time interval;Judge whether each receiving time interval is that partial rules change, if described each A receiving time interval is partial rules variation, then the time interval for obtaining rule variation all described in answer seizure ratio each connects Receive the second accounting of time interval;Second accounting is set as the server end correspondence in the preset time period in the past to adopt Second aggregation ratio of the protocol stack information of collection.It each is connect since the time interval by rule variation is all described in answer seizure ratio The second accounting for receiving time interval, obtains the second aggregation ratio, thus, it is possible to effectively judge whether there is one or more use Progress server end hits library phenomenon after family end is pretended.
Further, the present invention provides another embodiment that server end hits library recognition methods, which is characterized in that described true Include: after library risk step is hit in the server end presence calmly
Step S40, if detect access request again, correspondence, which is generated and fed back, needs to provide the prompt of mobile phone identifying code Information.
In the present embodiment, it after detecting that library risk is hit in user terminal confirmation presence, is asked receiving access again later When asking, corresponding feed back to sends the prompt information that the user terminal of access request needs mobile phone to verify again, and generates identifying code pair The corresponding user terminal should be sent to.
Due in the present embodiment, if detect access request again, it is corresponding generate and feed back need to provide mobile phone and test The prompt information of code is demonstrate,proved, i.e., when server end exists and hits library risk, carrying out user terminal by way of increasing the process of verifying Audit, thus, it is possible to which user terminal is effectively avoided to correspond to the leakage of data.
Referring to Fig. 3, Fig. 3 is the device structure schematic diagram for the hardware running environment that the embodiment of the present invention is related to.
Server end of the embodiment of the present invention, which hits library identification equipment, can be PC, be also possible to smart phone, tablet computer, electricity Philosophical works reader, MP3 (Moving Picture Experts Group Audio Layer III, dynamic image expert compression Standard audio level 3) player, MP4 (Moving Picture Experts Group Audio Layer IV, dynamic image Expert's compression standard audio level 3) terminal devices such as player, portable computer.
As shown in figure 3, it may include: processor 1001, such as CPU, memory that the server end, which hits library identification equipment, 1005, communication bus 1002.Wherein, communication bus 1002 is logical for realizing the connection between processor 1001 and memory 1005 Letter.Memory 1005 can be high speed RAM memory, be also possible to stable memory (non-volatile memory), example Such as magnetic disk storage.Memory 1005 optionally can also be the storage equipment independently of aforementioned processor 1001.
Optionally, the server end hit library identification equipment can also include target user interface, network interface, camera, RF (Radio Frequency, radio frequency) circuit, sensor, voicefrequency circuit, WiFi module etc..Target user interface can wrap Display screen (Display), input unit such as keyboard (Keyboard) are included, optional target user interface can also include standard Wireline interface, wireless interface.Network interface optionally may include standard wireline interface and wireless interface (such as WI-FI interface).
It is not constituted pair it will be understood by those skilled in the art that server end shown in Fig. 3 hits library identification device structure Server end hits the restriction of library identification equipment, may include components more more or fewer than diagram, or combine certain components, or The different component layout of person.
As shown in figure 3, as may include that operating system, network are logical in a kind of memory 1005 of computer storage medium Letter module and server end hit library recognizer.Operating system be manage and control server end hit library identification device hardware and The program of software resource supports server end to hit the operation of library recognizer and other softwares and/or program.Network communication mould Block hits other hardware in library identification equipment for realizing the communication between the 1005 each component in inside of memory, and with server end It is communicated between software.
Server end shown in Fig. 3 is hit in library identification equipment, and processor 1001 stores in memory 1005 for executing Server end hit library recognizer, realize the step of server end described in any of the above embodiments hits library recognition methods.
Server end of the present invention hits library identification equipment specific embodiment and above-mentioned server end hits each reality of library recognition methods It is essentially identical to apply example, details are not described herein.
The present invention also provides a kind of server ends to hit library identification device, and the server end hits library identification device and includes:
Acquisition module when for often detecting the access request of user terminal, acquires the corresponding user's letter of the access request Breath, wherein the user information includes IP information, protocol stack information and user agent's UA information;
First obtains module, for being based on the user information, updates described in current point in time past preset time period It is corresponding to update the server end in the preset time period in the past for first aggregation ratio of the corresponding acquisition IP information of server end Second aggregation ratio of the protocol stack information of acquisition, and update the corresponding acquisition of the server end in the preset time period in the past User agent's UA information third concentrating ratio;
Determining module, if being greater than the first preset value for the first aggregation ratio, it is pre- that the second aggregation ratio is greater than second If value, when third concentrating ratio is greater than third preset value, determines that the server end exists and hit library risk.
Server end of the present invention hits library identification device specific embodiment and above-mentioned server end hits each reality of library recognition methods It is essentially identical to apply example, details are not described herein.
The present invention provides a kind of readable storage medium storing program for executing, the readable storage medium storing program for executing is stored with one or more than one journey Sequence, the one or more programs can also be executed by one or more than one processor for realizing above-mentioned The step of server end described in one hits library recognition methods.
It is basic that readable storage medium storing program for executing specific embodiment of the present invention with above-mentioned server end hits each embodiment of library recognition methods Identical, details are not described herein.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills Art field similarly includes in patent process range of the invention.

Claims (10)

1. a kind of server end hits library recognition methods, which is characterized in that the server end hits library recognition methods and includes:
When often detecting the access request of user terminal, the corresponding user information of the access request is acquired, wherein user's letter Breath includes IP information, protocol stack information and user agent's UA information;
Based on the user information, the corresponding acquisition IP information of the server end in current point in time past preset time period is updated The first aggregation ratio, update it is described in the past in preset time period the protocol stack information of the corresponding acquisition of the server end second Aggregation ratio, and update the third of user agent's UA information of the corresponding acquisition of the server end in the preset time period in the past Aggregation ratio;
If the first aggregation ratio is greater than the first preset value, the second aggregation ratio is greater than the second preset value and third concentrating ratio When greater than third preset value, determines that the server end exists and hit library risk.
2. server end as described in claim 1 hits library recognition methods, which is characterized in that it is described to be based on the user information, Update the first aggregation ratio step packet of the corresponding acquisition IP information of the server end in current point in time past preset time period It includes:
Based on the user information, server end each user terminal collected in the preset time period in the past is obtained IP sections;
Ordered arrangement is carried out to the IP section of each user terminal, obtains continuous IP section institute in the IP section of each user terminal The first accounting accounted for;
First accounting is set as first of the IP information of the corresponding acquisition of the server end in the preset time period in the past Aggregation ratio.
3. server end as claimed in claim 2 hits library recognition methods, which is characterized in that described to each user terminal IP sections of progress ordered arrangements, obtaining continuous IP section the first accounting step shared in the IP section of each user terminal includes:
The regional information according to belonging to each user terminal IP sections carries out territorial classification to each user terminal, obtains in the same area The IP section of each user terminal;
Ordered arrangement is carried out to the IP section of user terminal each in the same area, it is each in described the same area to obtain continuous IP section The first shared sub- accounting in the IP section of user terminal, and obtain the corresponding each first sub- accounting of different zones;
The sub- accounting of average treatment each first obtains continuous IP section and shared first accounts in the IP section of each user terminal Than.
4. server end as described in claim 1 hits library recognition methods, which is characterized in that when the update past presets Between in section the second aggregation ratio step of the protocol stack information of the corresponding acquisition of the server end include:
Obtain that described the received server-side different access is requested between corresponding each receiving time in preset time period in the past Every;
Judge whether each receiving time interval is that partial rules change, if each receiving time interval is part Rule variation, then the time interval for obtaining rule variation the second of all each receiving time intervals is accounted for described in answer seizure ratio Than;
Second accounting is set as the protocol stack information of the corresponding acquisition of the server end in the preset time period in the past Second aggregation ratio.
5. server end as claimed in claim 4 hits library recognition methods, which is characterized in that described to be set as second accounting The second aggregation ratio step of the protocol stack information of the corresponding acquisition of the server end includes: in the preset time period in the past
The different access for obtaining the received server-side in the preset time period in the past requests corresponding each request packet;
The attached bag lost in each request packet is obtained, obtains the packet loss of each request packet, and obtain packet loss phase Same each request packet;
From the identical each request packet of packet loss, transmission of the attached bag of the loss in corresponding requests packet is acquired Serial number;
Whether identical send sequence number described in judgement, if it is described send sequence number be it is identical, obtain the identical institute of the packet loss State request packet ratio of each request packet in all request packets;
Judge whether the request packet ratio is greater than default request packet ratio, if the request packet ratio is greater than default request packet ratio Second accounting is then set as the protocol stack information of the corresponding acquisition of the server end in the preset time period in the past by example Second aggregation ratio.
6. server end as described in claim 1 hits library recognition methods, which is characterized in that when the acquisition past presets Between in section the server end correspond to the third concentrating ratio step of user agent's UA information and include:
It obtains in the preset time period in the past, each operation system used in the collected each user terminal of server end System and version, cpu type, browser and version information, with obtain the operating system and version, cpu type, browser and The number of the identical user terminal of version;
Obtain the number of all collected each user terminals of server end of number accounting of the identical user terminal Mesh, to obtain the second accounting;
The third accounting is set as to described in the past the server end corresponds to the of user agent's UA information in preset time period Three aggregation ratios.
7. server end as claimed in any one of claims 1 to 6 hits library recognition methods, which is characterized in that the determination clothes Library risk step is hit in the presence of business device end
If detect access request again, correspondence, which is generated and fed back, needs to provide the prompt information of mobile phone identifying code.
8. a kind of server end hits library identification device, which is characterized in that the server end hits library identification device and includes:
Acquisition module when for often detecting the access request of user terminal, acquires the corresponding user information of the access request, In, the user information includes IP information, protocol stack information and user agent's UA information;
Module is obtained, for being based on the user information, updates the server end in current point in time past preset time period First aggregation ratio of corresponding acquisition IP information, updates the association of the corresponding acquisition of the server end in the preset time period in the past The second aggregation ratio of stack information is discussed, and updates user's generation of the corresponding acquisition of the server end in the preset time period in the past Manage the third concentrating ratio of UA information;
Determining module, if being greater than the first preset value for the first aggregation ratio, the second aggregation ratio is greater than the second preset value, When third concentrating ratio is greater than third preset value, determines that the server end exists and hit library risk.
9. a kind of server end hits library identification equipment, which is characterized in that it includes: storage that the server end, which hits library identification equipment, Device, processor, communication bus and the server end being stored on the memory hit library recognizer,
The communication bus is for realizing the communication connection between processor and memory;
The processor hits library recognizer for executing the server end, to realize such as any one of claims 1 to 7 institute The server end stated hits the step of library recognition methods.
10. a kind of readable storage medium storing program for executing, which is characterized in that be stored with server end on the readable storage medium storing program for executing and hit library identification journey Sequence, the server end, which is hit, realizes such as service of any of claims 1-7 when library recognizer is executed by processor Hit the step of library recognition methods in device end.
CN201811049718.4A 2018-09-07 2018-09-07 Server-side database collision identification method, device, equipment and readable storage medium Active CN109688099B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811049718.4A CN109688099B (en) 2018-09-07 2018-09-07 Server-side database collision identification method, device, equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811049718.4A CN109688099B (en) 2018-09-07 2018-09-07 Server-side database collision identification method, device, equipment and readable storage medium

Publications (2)

Publication Number Publication Date
CN109688099A true CN109688099A (en) 2019-04-26
CN109688099B CN109688099B (en) 2022-09-20

Family

ID=66184500

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811049718.4A Active CN109688099B (en) 2018-09-07 2018-09-07 Server-side database collision identification method, device, equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN109688099B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110457611A (en) * 2019-07-30 2019-11-15 精硕科技(北京)股份有限公司 Realize method, apparatus, the browser and server of electric questionnaire anonymity answer
CN113179281A (en) * 2021-05-26 2021-07-27 中国银行股份有限公司 Method, device, equipment and storage medium for determining database collision attack
CN113347180A (en) * 2021-06-01 2021-09-03 重庆贝特计算机系统工程有限公司 Risk analysis method for network security three-synchronization process of computer application system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102739683A (en) * 2012-06-29 2012-10-17 杭州迪普科技有限公司 Network attack filtering method and device
CN104811449A (en) * 2015-04-21 2015-07-29 深信服网络科技(深圳)有限公司 Base collision attack detecting method and system
US20160352828A1 (en) * 2011-08-31 2016-12-01 Google Inc. Asynchronous and synchronous resource links
CN106470193A (en) * 2015-08-19 2017-03-01 互联网域名系统北京市工程研究中心有限公司 A kind of anti-DoS of DNS recursion server, the method and device of ddos attack
CN107277036A (en) * 2017-07-05 2017-10-20 云南撇捺势信息技术有限公司 Login validation method based on multistation point data, checking equipment and storage medium
CN107819606A (en) * 2017-09-29 2018-03-20 北京金山安全软件有限公司 Network attack alarm method and device
US20180131529A1 (en) * 2016-11-09 2018-05-10 Arizona Board Of Regents On Behalf Of Northern Arizona University Encoding ternary data for puf environments

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160352828A1 (en) * 2011-08-31 2016-12-01 Google Inc. Asynchronous and synchronous resource links
CN102739683A (en) * 2012-06-29 2012-10-17 杭州迪普科技有限公司 Network attack filtering method and device
CN104811449A (en) * 2015-04-21 2015-07-29 深信服网络科技(深圳)有限公司 Base collision attack detecting method and system
CN106470193A (en) * 2015-08-19 2017-03-01 互联网域名系统北京市工程研究中心有限公司 A kind of anti-DoS of DNS recursion server, the method and device of ddos attack
US20180131529A1 (en) * 2016-11-09 2018-05-10 Arizona Board Of Regents On Behalf Of Northern Arizona University Encoding ternary data for puf environments
CN107277036A (en) * 2017-07-05 2017-10-20 云南撇捺势信息技术有限公司 Login validation method based on multistation point data, checking equipment and storage medium
CN107819606A (en) * 2017-09-29 2018-03-20 北京金山安全软件有限公司 Network attack alarm method and device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110457611A (en) * 2019-07-30 2019-11-15 精硕科技(北京)股份有限公司 Realize method, apparatus, the browser and server of electric questionnaire anonymity answer
CN113179281A (en) * 2021-05-26 2021-07-27 中国银行股份有限公司 Method, device, equipment and storage medium for determining database collision attack
CN113347180A (en) * 2021-06-01 2021-09-03 重庆贝特计算机系统工程有限公司 Risk analysis method for network security three-synchronization process of computer application system

Also Published As

Publication number Publication date
CN109688099B (en) 2022-09-20

Similar Documents

Publication Publication Date Title
CN109660502A (en) Detection method, device, equipment and the storage medium of abnormal behaviour
CN108234653A (en) Method and device for processing service request
TWI230885B (en) Computer network system, computer system, method for communication between computer systems, method for measuring computer system performance, and storage medium
CN107277036B (en) Login validation method, verifying equipment and storage medium based on multistation point data
CN108696490A (en) The recognition methods of account permission and device
CN109688099A (en) Server end hits library recognition methods, device, equipment and readable storage medium storing program for executing
CN106411878B (en) Method, device and system for making access control strategy
CN108075934A (en) A kind of network quality monitoring method, apparatus and system
CN102710770A (en) Identification method for network access equipment and implementation system for identification method
CN109302394A (en) A kind of anti-simulation login method of terminal, device, server and storage medium
CN108881184A (en) Access request processing method, terminal, server and computer readable storage medium
CN108334774A (en) A kind of method, first server and the second server of detection attack
CN109861968A (en) Resource access control method, device, computer equipment and storage medium
CN109033801A (en) Method, mobile terminal and the storage medium of application program verification user identity
CN105022939B (en) Information Authentication method and device
CN107911340A (en) Login validation method, device, equipment and the storage medium of application program
CN109951579A (en) Domain name processing method, device, computer readable storage medium and computer equipment
CN108123961A (en) Information processing method, apparatus and system
CN110099129A (en) A kind of data transmission method and equipment
CN105516321A (en) Data acquisition method and device
CN107733883A (en) A kind of method and device for detecting batch registration account
CN107862091A (en) Realize the control method and device of web page access
CN109783335A (en) User's operation records restoring method, device, equipment and readable storage medium storing program for executing
CN110519280A (en) A kind of crawler recognition methods, device, computer equipment and storage medium
CN106850509A (en) Method for network access control and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant