CN109829310A - Defence method and device, system, storage medium, the electronic device of similar attack - Google Patents

Defence method and device, system, storage medium, the electronic device of similar attack Download PDF

Info

Publication number
CN109829310A
CN109829310A CN201811641170.2A CN201811641170A CN109829310A CN 109829310 A CN109829310 A CN 109829310A CN 201811641170 A CN201811641170 A CN 201811641170A CN 109829310 A CN109829310 A CN 109829310A
Authority
CN
China
Prior art keywords
attack
event
target
type
multiple target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811641170.2A
Other languages
Chinese (zh)
Other versions
CN109829310B (en
Inventor
陈俊儒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qianxin Technology Group Co Ltd
Qianxin Safety Technology Zhuhai Co Ltd
Original Assignee
360 Enterprise Safety Technology (zhuhai) Co Ltd
Beijing Qianxin Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CN201810420369.6A external-priority patent/CN108683652A/en
Priority claimed from CN201810668277.XA external-priority patent/CN108846287A/en
Application filed by 360 Enterprise Safety Technology (zhuhai) Co Ltd, Beijing Qianxin Technology Co Ltd filed Critical 360 Enterprise Safety Technology (zhuhai) Co Ltd
Publication of CN109829310A publication Critical patent/CN109829310A/en
Application granted granted Critical
Publication of CN109829310B publication Critical patent/CN109829310B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Abstract

The present invention provides a kind of defence method of similar attack and device, system, storage medium, electronic devices, wherein this method comprises: same type of multiple target attack events that detection occurs in predetermined period;Determine the firing area of the multiple target attack event;Target of attack into the firing area sends the warning information for being directed to the target attack event.Through the invention, the technical issues of cannot defending similar attack event in the related technology is solved.

Description

Defence method and device, system, storage medium, the electronic device of similar attack
Technical field
The present invention relates to network safety fileds, and defence method and device in particular to a kind of similar attack are System, storage medium, electronic device.
Background technique
Network attack is the attack that hacker or viral wooden horse etc. initiate electronic equipment, gives user by steal files etc. Bring massive losses.
In the related technology, in computer safety field, network attack becomes more and more specialized and specific aim at present.Face To such attack, often lack the entirety understanding to the attack, and it is defendd to be also to fight separately, not Form a good defense system.For example APT (advanced duration threat) is attacked or " shake net " virus, this attack is that have Purpose and targetedly only just has aggressiveness to specific industry or certain goal systems.And work as currently without scheme These attacks can obtain threat information when a small range occurs in advance, and in a wide range of interior progress early warning and defence. The defence of network attack is caused to lag.
For the above problem present in the relevant technologies, at present it is not yet found that the solution of effect.
Summary of the invention
The embodiment of the invention provides a kind of defence method of similar attack and device, system, storage medium, electronics dresses It sets.
According to one embodiment of present invention, a kind of defence method of similar attack is provided, comprising: detection is in predetermined week The same type of multiple target attack events occurred in phase;Determine the firing area of the multiple target attack event;To institute The target of attack stated in firing area sends the warning information for being directed to the target attack event.
Optionally, same type of multiple target attack events that detection occurs in predetermined period include: detection pre- The multiple attacks occurred in fixed cycle;It is identified in the multiple attack by the behavioural characteristic of attack and is each attacked Hit the attack type of event;Count the quantity of attack in each attack type;The quantity of attack is greater than default threshold The attack set of any attack type of value is determined as the multiple target attack event.
Optionally, the attack of each attack in the multiple attack is identified by the behavioural characteristic of attack Type includes: to obtain the network behavior feature of attack;The control of attack connection is identified according to the network behavior feature Servomechanism processed;The multiple attacks for connecting same control servomechanism are determined as same attack type.
Optionally, target of attack in Xiang Suoshu firing area sends the warning information for the attack and includes: Target of attack into the firing area sends the pre-alert notification for being directed to the attack, wherein the pre-alert notification is taken Defence policies with the target attack event.
Optionally, the firing area for determining the multiple target attack event includes at least one of: being determined described more The attack geographic area of a target attack event;Determine the attack enterprise of the multiple target attack event;It determines the multiple The attacking network of target attack event;Determine the attack server of the multiple target attack event;Determine the multiple target The attack device type of attack;Determine the attack software type of the multiple target attack event.
According to another embodiment of the invention, a kind of defence installation of similar attack is provided, comprising: detection module, For detecting the same type of multiple target attack events occurred in predetermined period;Determining module is described more for determining The firing area of a target attack event;Sending module is sent for the target of attack into the firing area for described The warning information of target attack event.
Optionally, the detection module includes: detection unit, for detecting the multiple attack things occurred in predetermined period Part;Recognition unit identifies attacking for each attack in the multiple attack for the behavioural characteristic by attack Hit type;Statistic unit, for counting the quantity of attack in each attack type;Determination unit is used for attack Quantity be greater than the attack set of any attack type of preset threshold and be determined as the multiple target attack event.
Optionally, the recognition unit includes: acquisition subelement, for obtaining the network behavior feature of attack;Know Small pin for the case unit, for identifying the control servomechanism of attack connection according to the network behavior feature;It determines subelement, is used for The multiple attacks for connecting same control servomechanism are determined as same attack type.
Optionally, the sending module includes: transmission unit, sends needle for the target of attack into the firing area To the pre-alert notification of the attack, wherein the pre-alert notification carries the defence policies of the target attack event.
Optionally, the determining module includes at least one of: the first determination unit, for determining the multiple target The attack geographic area of attack;Second determination unit, for determining the attack enterprise of the multiple target attack event;The Three determination units, for determining the attacking network of the multiple target attack event;4th determination unit is described more for determining The attack server of a target attack event;5th determination unit, for determining that the attack of the multiple target attack event is set Standby type;6th determination unit, for determining the attack software type of the multiple target attack event.
According to still another embodiment of the invention, a kind of system of defense of similar attack is additionally provided, comprising: first service Device, second server, terminal, wherein the first server includes: detection module, is occurred in predetermined period for detecting Same type of multiple target attack events;Determining module, for determining the firing area of the multiple target attack event; Sending module sends the warning information for being directed to the target attack event for the target of attack into the firing area;The Two servers are connected between the first server and the terminal, comprising: acquisition module, for acquiring the terminal Attack, and the attack is uploaded to the first server;Forwarding module, for receiving the warning information, And the warning information is transmitted to the terminal.
According to still another embodiment of the invention, a kind of storage medium is additionally provided, meter is stored in the storage medium Calculation machine program, wherein the computer program is arranged to execute the step in any of the above-described embodiment of the method when operation.
According to still another embodiment of the invention, a kind of electronic device, including memory and processor are additionally provided, it is described Computer program is stored in memory, the processor is arranged to run the computer program to execute any of the above-described Step in embodiment of the method.
Through the invention, the same type of multiple target attack events occurred in predetermined period are detected, determining After the firing area for stating multiple target attack events, the target of attack in Xiang Suoshu firing area, which is sent, is directed to the target attack The warning information of event is on the defensive by being found to have targeted attack, and then to relevant target of attack, Issue defence warning information to each target that may be attacked, can prevent the type attack it is further diffusion and it is right The target that do not attack damages, and solves the technical issues of cannot defending similar attack event in the related technology.Realize and When obtain active threat information, and other similar targets of attack are done and are targetedly defendd.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present invention, constitutes part of this application, this hair Bright illustrative embodiments and their description are used to explain the present invention, and are not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is a kind of hardware block diagram of the defence server of similar attack of the embodiment of the present invention;
Fig. 2 is a kind of flow chart of the defence method of similar attack according to an embodiment of the present invention;
Fig. 3 is the schematic diagram that the embodiment of the present invention carries out similar attack in specific geographical area;
Fig. 4 is the structural block diagram of the defence installation of similar attack according to an embodiment of the present invention.
Specific embodiment
In order to make those skilled in the art more fully understand application scheme, below in conjunction in the embodiment of the present application Attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is only The embodiment of the application a part, instead of all the embodiments.Based on the embodiment in the application, ordinary skill people Member's every other embodiment obtained without making creative work, all should belong to the model of the application protection It encloses.It should be noted that in the absence of conflict, the features in the embodiments and the embodiments of the present application can be mutual group It closes.
It should be noted that the description and claims of this application and term " first " in above-mentioned attached drawing, " Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should be understood that using in this way Data be interchangeable under appropriate circumstances, so as to embodiments herein described herein can in addition to illustrating herein or Sequence other than those of description is implemented.In addition, term " includes " and " having " and their any deformation, it is intended that cover Cover it is non-exclusive include, for example, the process, method, system, product or equipment for containing a series of steps or units are not necessarily limited to Step or unit those of is clearly listed, but may include be not clearly listed or for these process, methods, product Or other step or units that equipment is intrinsic.
Embodiment 1
Embodiment of the method provided by the embodiment of the present application one can mobile terminal, terminal, server or It is executed in similar arithmetic unit.For running on the server, Fig. 1 is a kind of the anti-of similar attack of the embodiment of the present invention The hardware block diagram of imperial server.As shown in Figure 1, server 10 may include one or more (only showing one in Fig. 1) (processor 102 can include but is not limited to the processing dress of Micro-processor MCV or programmable logic device FPGA etc. to processor 102 Set) and memory 104 for storing data, optionally, above-mentioned server can also include setting for the transmission of communication function Standby 106 and input-output equipment 108.It will appreciated by the skilled person that structure shown in FIG. 1 is only to illustrate, The structure of above-mentioned server is not caused to limit.For example, server 10 may also include it is more or less than shown in Fig. 1 Component, or with the configuration different from shown in Fig. 1.
Memory 104 can be used for storing computer program, for example, the software program and module of application software, such as this hair The corresponding computer program of defence method of one of bright embodiment similar attack, processor 102 are stored in by operation Computer program in reservoir 104 realizes above-mentioned method thereby executing various function application and data processing.Storage Device 104 may include high speed random access memory, may also include nonvolatile memory, as one or more magnetic storage device, Flash memory or other non-volatile solid state memories.In some instances, memory 104 can further comprise relative to processing The remotely located memory of device 102, these remote memories can pass through network connection to server 10.The example of above-mentioned network Including but not limited to internet, intranet, local area network, mobile radio communication and combinations thereof.
Transmitting device 106 is used to that data to be received or sent via a network.Above-mentioned network specific example may include The wireless network that the communication providers of server 10 provide.In an example, transmitting device 106 includes a network adapter (Network Interface Controller, referred to as NIC), can be connected by base station with other network equipments so as to It is communicated with internet.In an example, transmitting device 106 can be radio frequency (Radio Frequency, referred to as RF) Module is used to wirelessly be communicated with internet.
A kind of defence method of similar attack is provided in the present embodiment, and Fig. 2 is one kind according to an embodiment of the present invention The flow chart of the defence method of similar attack, as shown in Fig. 2, the process includes the following steps:
Step S202 detects the same type of multiple target attack events occurred in predetermined period;
Using loophole existing for network or hardware entities and safety defect to the hardware, software and its system of network system In the attack that carries out of data, network attack can be divided into active attack and passive attack, wherein active attack will lead to certain The generation of data flow distorted with false data stream, this kind of attack, which can be divided into, distorts, forges message data and terminal (refusal clothes Business).Attacker does not make any modification to data information in passive attack, but can intercept or the data of interception facility, wherein cuts It takes/eavesdrops and refer to that attacker obtains information or related data in the case where agreeing to without user and approving, including eavesdrop, flow The attack patterns such as amount analysis, the data flow for cracking weak encryption.
The target attack event of the present embodiment can occur in computer, notebook, printer, camera, USB flash disk, server Etc. the electronic equipment that can be accessed network or can be controlled.
Step S204 determines the firing area of the multiple target attack event;
The present embodiment firing area refers to the range that target attack event occurs, including target attack event may occur All objects of attack, there are same or similar features for the object of attack in firing area, e.g., connect the same server, It is mounted with the same software, work is logged using the same account in the same geographic area, in the same local area network Deng.
Target of attack in step S206, Xiang Suoshu firing area sends the early warning letter for the target attack event Breath.
Through the above steps, the same type of multiple target attack events occurred in predetermined period are detected, in determination After the firing area of the multiple target attack event, the target of attack in Xiang Suoshu firing area is sent attacks for the target The warning information for hitting event is prevented by being found to have targeted attack, and then to relevant target of attack It is imperial, defence warning information is issued to each target that may be attacked, the further diffusion of the type attack can be prevented It is damaged with to the target that do not attack, solves the technical issues of cannot defending similar attack event in the related technology.It realizes Timely acquisition active threat information, and other similar targets of attack are done and are targetedly defendd.
In an optional embodiment of the present embodiment, the same type of multiple mesh occurred in predetermined period are detected Marking attack includes:
S11 detects the multiple attacks occurred in predetermined period;
It is collapsed in terminal device, the security software of terminal monitors attack or the attack of user's active upload Event, it is believed that be that attack has occurred;
S12 identifies the attack class of each attack in the multiple attack by the behavioural characteristic of attack Type;
The behavioural characteristic of the present embodiment includes network behavior feature, interbehavior feature etc., is included in attack process The server of middle connection, the interface of calling, the network used, the software etc. of unlatching;
Optionally, the attack of each attack in the multiple attack is identified by the behavioural characteristic of attack Type includes: to obtain the network behavior feature of attack;The control of attack connection is identified according to the network behavior feature Servomechanism (command and control server, C&C server) processed;Multiple attacks of same control servomechanism will be connected Event is determined as same attack type;
S13 counts the quantity of attack in each attack type;
The attack set that the quantity of attack is greater than any attack type of preset threshold is determined as institute by S14 State multiple target attack events.
In one example, predetermined period is one day, monitors that 50 attacks have occurred, wherein the first kind 30 times, 11 times of Second Type, other types are all not above 3 times;By taking preset threshold is 10 times as an example, the first kind and second The attack of type is target attack event, is had occurred repeatedly in predetermined period, it is known that the attack of the type is that have The attack set of the first kind and Second Type is identified as first by the attack organizing, there is object, having planning Target attack event and the second target attack event, then determine its firing area according to affair character respectively.
In an optional embodiment of the present embodiment, the target of attack in Xiang Suoshu firing area is sent for described The warning information of attack includes: that the target of attack transmission into the firing area is logical for the early warning of the attack Know, wherein the pre-alert notification carries the defence policies of the target attack event, and defence policies are used to indicate terminal and user How the target attack event is defendd.Pre-alert notification can also include the description information of target attack event, and have occurred and that The equipment of target attack event, such as the equipment of virus infection.
In the present embodiment, firing area is that the range of the object of attack of target attack event, including terminal set occurs, Geographic range, network range etc. can determine attacking for the multiple target attack event by big data come analytical attack range Hitting range can be, but not limited to are as follows:
Example one: the attack geographic area of the multiple target attack event is determined;Target attack thing occurs by analysis The MAC Address and IP address of the equipment of part, it may be determined that the generation position of attack, and then can determine multiple target attack events Attack geographic area, such as concentrate on Beijing, then the network terminal in Beijing can targetedly be reminded;Fig. 3 It is the schematic diagram that the embodiment of the present invention carries out similar attack in specific geographical area, wherein multiple objects of attack in the city A occur The attack of same type, and there is no the events of hitting in the city B, then the attack geographic area of target attack event is the city A.
Example two: the attack enterprise of the multiple target attack event is determined;Target attack event occurs by analysis The account information of equipment, affiliated operation user information etc. can determine the unit and enterprise that the target attack event occurs;Such as attack The event of hitting concentrates on the computer of Microsoft employee, then can targetedly be reminded entire wechat company;
Example three: the attacking network of the multiple target attack event is determined;Target attack event occurs by analysis The network (e.g., portal address, IP address etc.) that equipment is connected, such as company Intranet, the network clothes for specifying network operator to provide Business etc., if attack concentrates on the user of Tie Tong network, then can remind the user equipment of entire Tie Tong net;
Example four: the attack server of the multiple target attack event is determined;Attack is possibly through server It accesses and controlling terminal, equipment is controlled by fishing website, such as the data server of some URL connection, passes through analysis hair The history access record of server or browser that the equipment of raw target attack event connected, can determine target attack event Server, such as the data server of some illegal website;
Example five: the attack device type of the multiple target attack event is determined;Target attack thing occurs by analysis The device attribute information of part determines device type, such as operating system, manufacturer, as attack concentrates on Android operation system Equipment on, then can remind and entirely be mounted with the user equipment of Android operation system;
Example six: the attack software type of the multiple target attack event is determined.Target attack thing occurs by analysis The software that the equipment of part is installed, or software mutually associated with target attack event attack software belonging to file etc., can To determine that attack concentrates the designated software of attack, then user equipment or the software development for being mounted with the designated software can be reminded Person.
Optionally, the executing subject of above-mentioned steps can be the one or more clients of connection or the cloud service of server Device etc., client can be mobile terminal, PC etc., but not limited to this.
Through the above description of the embodiments, those skilled in the art can be understood that according to above-mentioned implementation The method of example can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but it is very much In the case of the former be more preferably embodiment.Based on this understanding, technical solution of the present invention is substantially in other words to existing The part that technology contributes can be embodied in the form of software products, which is stored in a storage In medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be mobile phone, calculate Machine, server or network equipment etc.) execute method described in each embodiment of the present invention.
Embodiment 2
A kind of defence installation of similar attack is additionally provided in the present embodiment, can be terminal or server, the device For realizing above-described embodiment and preferred embodiment, the descriptions that have already been made will not be repeated.As used below, term The combination of the software and/or hardware of predetermined function may be implemented in " module ".Although device is preferably described in following embodiment It is realized with software, but the realization of the combination of hardware or software and hardware is also that may and be contemplated.
Fig. 4 is the structural block diagram of the defence installation of similar attack according to an embodiment of the present invention, can be applied in client Or in server, as shown in figure 4, the device includes: detection module 40, determining module 42, sending module 44, wherein
Detection module 40, for detecting the same type of multiple target attack events occurred in predetermined period;
Determining module 42, for determining the firing area of the multiple target attack event;
Sending module 44 is sent for the target of attack into the firing area for the pre- of the target attack event Alert information.
Optionally, the detection module includes: detection unit, for detecting the multiple attack things occurred in predetermined period Part;Recognition unit identifies attacking for each attack in the multiple attack for the behavioural characteristic by attack Hit type;Statistic unit, for counting the quantity of attack in each attack type;Determination unit is used for attack Quantity be greater than the attack set of any attack type of preset threshold and be determined as the multiple target attack event.
Optionally, the recognition unit includes: acquisition subelement, for obtaining the network behavior feature of attack;Know Small pin for the case unit, for identifying the control servomechanism of attack connection according to the network behavior feature;It determines subelement, is used for The multiple attacks for connecting same control servomechanism are determined as same attack type.
Optionally, the sending module includes: transmission unit, sends needle for the target of attack into the firing area To the pre-alert notification of the attack, wherein the pre-alert notification carries the defence policies of the target attack event.
Optionally, the determining module includes at least one of: the first determination unit, for determining the multiple target The attack geographic area of attack;Second determination unit, for determining the attack enterprise of the multiple target attack event;The Three determination units, for determining the attacking network of the multiple target attack event;4th determination unit is described more for determining The attack server of a target attack event;5th determination unit, for determining that the attack of the multiple target attack event is set Standby type;6th determination unit, for determining the attack software type of the multiple target attack event.
The present embodiment additionally provides a kind of system of defense of similar attack, comprising: first server, second server, eventually End, wherein the first server includes: detection module, for detect occur in predetermined period it is same type of multiple Target attack event;Determining module, for determining the firing area of the multiple target attack event;Sending module, for Target of attack in the firing area sends the warning information for being directed to the target attack event;Second server is connected to Between the first server and the terminal, comprising: acquisition module, for acquiring the attack of the terminal, and by institute It states attack and is uploaded to the first server;Forwarding module, for receiving the warning information, and by the warning information It is transmitted to the terminal.
Optionally, first server is cloud server, connects second server, and second server is connection user terminal Access server.
It should be noted that above-mentioned modules can be realized by software or hardware, for the latter, Ke Yitong Following manner realization is crossed, but not limited to this: above-mentioned module is respectively positioned in same processor;Alternatively, above-mentioned modules are with any Combined form is located in different processors.
Embodiment 3
The embodiments of the present invention also provide a kind of storage medium, computer program is stored in the storage medium, wherein The computer program is arranged to execute the step in any of the above-described embodiment of the method when operation.
Optionally, in the present embodiment, above-mentioned storage medium can be set to store by executing based on following steps Calculation machine program:
S1 detects the same type of multiple target attack events occurred in predetermined period;
S2 determines the firing area of the multiple target attack event;
Target of attack in S3, Xiang Suoshu firing area sends the warning information for being directed to the target attack event.
Optionally, in the present embodiment, above-mentioned storage medium can include but is not limited to: USB flash disk, read-only memory (Read- Only Memory, referred to as ROM), it is random access memory (Random Access Memory, referred to as RAM), mobile hard The various media that can store computer program such as disk, magnetic or disk.
The embodiments of the present invention also provide a kind of electronic device, including memory and processor, stored in the memory There is computer program, which is arranged to run computer program to execute the step in any of the above-described embodiment of the method Suddenly.
Optionally, above-mentioned electronic device can also include transmission device and input-output equipment, wherein the transmission device It is connected with above-mentioned processor, which connects with above-mentioned processor.
Optionally, in the present embodiment, above-mentioned processor can be set to execute following steps by computer program:
S1 detects the same type of multiple target attack events occurred in predetermined period;
S2 determines the firing area of the multiple target attack event;
Target of attack in S3, Xiang Suoshu firing area sends the warning information for being directed to the target attack event.
Optionally, the specific example in the present embodiment can be with reference to described in above-described embodiment and optional embodiment Example, details are not described herein for the present embodiment.
Above-mentioned the embodiment of the present application serial number is for illustration only, does not represent the advantages or disadvantages of the embodiments.
In above-described embodiment of the application, all emphasizes particularly on different fields to the description of each embodiment, do not have in some embodiment The part of detailed description, reference can be made to the related descriptions of other embodiments.
In several embodiments provided herein, it should be understood that disclosed technology contents can pass through others Mode is realized.Wherein, the apparatus embodiments described above are merely exemplary, such as the division of the unit, only A kind of logical function partition, there may be another division manner in actual implementation, for example, multiple units or components can combine or Person is desirably integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual Between coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or communication link of unit or module It connects, can be electrical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product When, it can store in a computer readable storage medium.Based on this understanding, the technical solution of the application is substantially The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words It embodies, which is stored in a storage medium, including some instructions are used so that a computer Equipment (can for personal computer, server or network equipment etc.) execute each embodiment the method for the application whole or Part steps.And storage medium above-mentioned includes: that USB flash disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited Reservoir (RAM, Random Access Memory), mobile hard disk, magnetic or disk etc. be various to can store program code Medium.
The above is only the preferred embodiment of the application, it is noted that for the ordinary skill people of the art For member, under the premise of not departing from the application principle, several improvements and modifications can also be made, these improvements and modifications are also answered It is considered as the protection scope of the application.

Claims (10)

1. a kind of defence method of similar attack characterized by comprising
Detect the same type of multiple target attack events occurred in predetermined period;
Determine the firing area of the multiple target attack event;
Target of attack into the firing area sends the warning information for being directed to the target attack event.
2. the method according to claim 1, wherein detection occur in predetermined period it is same type of multiple Target attack event includes:
Detect the multiple attacks occurred in predetermined period;
The attack type of each attack in the multiple attack is identified by the behavioural characteristic of attack;
Count the quantity of attack in each attack type;
The attack set that the quantity of attack is greater than any attack type of preset threshold is determined as the multiple mesh Mark attack.
3. the method stated according to claim 2, which is characterized in that identify the multiple attack by the behavioural characteristic of attack The attack type of each attack includes: in event
Obtain the network behavior feature of attack;
The control servomechanism of attack connection is identified according to the network behavior feature;
The multiple attacks for connecting same control servomechanism are determined as same attack type.
4. the method stated according to claim 1, which is characterized in that the target of attack in Xiang Suoshu firing area is sent for described The warning information of attack includes:
Target of attack into the firing area sends the pre-alert notification for being directed to the attack, wherein the early warning is logical Know the defence policies for carrying the target attack event.
5. the method stated according to claim 1, which is characterized in that the firing area for determining the multiple target attack event includes At least one of:
Determine the attack geographic area of the multiple target attack event;
Determine the attack enterprise of the multiple target attack event;
Determine the attacking network of the multiple target attack event;
Determine the attack server of the multiple target attack event;
Determine the attack device type of the multiple target attack event;
Determine the attack software type of the multiple target attack event.
6. a kind of defence installation of similar attack characterized by comprising
Detection module, for detecting the same type of multiple target attack events occurred in predetermined period;
Determining module, for determining the firing area of the multiple target attack event;
Sending module sends the early warning letter for the target attack event for the target of attack into the firing area Breath.
7. device according to claim 6, which is characterized in that the detection module includes:
Detection unit, for detecting the multiple attacks occurred in predetermined period;
Recognition unit identifies attacking for each attack in the multiple attack for the behavioural characteristic by attack Hit type;
Statistic unit, for counting the quantity of attack in each attack type;
Determination unit is determined for the quantity of attack to be greater than to the attack set of any attack type of preset threshold For the multiple target attack event.
8. a kind of system of defense of similar attack characterized by comprising first server, second server, terminal, wherein The first server includes:
Detection module, for detecting the same type of multiple target attack events occurred in predetermined period;
Determining module, for determining the firing area of the multiple target attack event;
Sending module sends the early warning letter for the target attack event for the target of attack into the firing area Breath;
Second server is connected between the first server and the terminal, comprising:
Acquisition module is uploaded to the first server for acquiring the attack of the terminal, and by the attack;
Forwarding module is transmitted to the terminal for receiving the warning information, and by the warning information.
9. a kind of storage medium, which is characterized in that be stored with computer program in the storage medium, wherein the computer Program is arranged to perform claim when operation and requires method described in 1 to 5 any one.
10. a kind of electronic device, including memory and processor, which is characterized in that be stored with computer journey in the memory Sequence, the processor are arranged to run the computer program in method described in perform claim 1 to 5 any one of requirement.
CN201811641170.2A 2018-05-04 2018-12-29 Similar attack defense method, device, system, storage medium and electronic device Active CN109829310B (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN201810420369.6A CN108683652A (en) 2018-05-04 2018-05-04 A kind of method and device of the processing attack of Behavior-based control permission
CN2018104203696 2018-05-04
CN201810668277X 2018-06-26
CN201810668277.XA CN108846287A (en) 2018-06-26 2018-06-26 A kind of method and device of detection loophole attack

Publications (2)

Publication Number Publication Date
CN109829310A true CN109829310A (en) 2019-05-31
CN109829310B CN109829310B (en) 2021-04-27

Family

ID=66259682

Family Applications (11)

Application Number Title Priority Date Filing Date
CN201811640220.5A Pending CN109871690A (en) 2018-05-04 2018-12-29 The management method and device of equipment permission, storage medium, electronic device
CN201811645703.4A Active CN109766699B (en) 2018-05-04 2018-12-29 Operation behavior intercepting method and device, storage medium and electronic device
CN201811640165.XA Active CN109766696B (en) 2018-05-04 2018-12-29 Method and device for setting software permission, storage medium and electronic device
CN201811640174.9A Pending CN109871689A (en) 2018-05-04 2018-12-29 Hold-up interception method and device, storage medium, the electronic device of operation behavior
CN201811645250.5A Pending CN109711169A (en) 2018-05-04 2018-12-29 Means of defence and device, system, storage medium, the electronic device of system file
CN201811641292.1A Active CN110443041B (en) 2018-05-04 2018-12-29 Method, device and system for managing equipment authority, storage medium and electronic device
CN201811645506.2A Pending CN109711170A (en) 2018-05-04 2018-12-29 Protect the method and device of the abnormal operation behavior of PDF
CN201811645720.8A Pending CN109766700A (en) 2018-05-04 2018-12-29 Access control method and device, the storage medium, electronic device of file
CN201811640656.4A Active CN109829308B (en) 2018-05-04 2018-12-29 Control policy management method and device, storage medium and electronic device
CN201811641170.2A Active CN109829310B (en) 2018-05-04 2018-12-29 Similar attack defense method, device, system, storage medium and electronic device
CN201811645563.0A Active CN109711171B (en) 2018-05-04 2018-12-29 Method, device and system for positioning software bugs, storage medium and electronic device

Family Applications Before (9)

Application Number Title Priority Date Filing Date
CN201811640220.5A Pending CN109871690A (en) 2018-05-04 2018-12-29 The management method and device of equipment permission, storage medium, electronic device
CN201811645703.4A Active CN109766699B (en) 2018-05-04 2018-12-29 Operation behavior intercepting method and device, storage medium and electronic device
CN201811640165.XA Active CN109766696B (en) 2018-05-04 2018-12-29 Method and device for setting software permission, storage medium and electronic device
CN201811640174.9A Pending CN109871689A (en) 2018-05-04 2018-12-29 Hold-up interception method and device, storage medium, the electronic device of operation behavior
CN201811645250.5A Pending CN109711169A (en) 2018-05-04 2018-12-29 Means of defence and device, system, storage medium, the electronic device of system file
CN201811641292.1A Active CN110443041B (en) 2018-05-04 2018-12-29 Method, device and system for managing equipment authority, storage medium and electronic device
CN201811645506.2A Pending CN109711170A (en) 2018-05-04 2018-12-29 Protect the method and device of the abnormal operation behavior of PDF
CN201811645720.8A Pending CN109766700A (en) 2018-05-04 2018-12-29 Access control method and device, the storage medium, electronic device of file
CN201811640656.4A Active CN109829308B (en) 2018-05-04 2018-12-29 Control policy management method and device, storage medium and electronic device

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN201811645563.0A Active CN109711171B (en) 2018-05-04 2018-12-29 Method, device and system for positioning software bugs, storage medium and electronic device

Country Status (1)

Country Link
CN (11) CN109871690A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113395288A (en) * 2021-06-24 2021-09-14 浙江德迅网络安全技术有限公司 Active defense DDOS system based on SDWAN
CN115967548A (en) * 2022-12-04 2023-04-14 广州魔番网络科技有限公司 Safety protection index optimization method based on big data information safety and artificial intelligence system

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110347655A (en) * 2019-06-12 2019-10-18 江苏富山软件科技有限公司 A kind of distributed file system access frame
CN112395537A (en) * 2019-08-15 2021-02-23 奇安信安全技术(珠海)有限公司 Website tamper-proofing method and device, storage medium and electronic device
CN110532764B (en) * 2019-08-19 2022-03-11 维沃移动通信有限公司 Authority processing method, mobile terminal and readable storage medium
CN110968872A (en) * 2019-11-20 2020-04-07 北京国舜科技股份有限公司 File vulnerability detection processing method and device, electronic equipment and storage medium
CN110908822B (en) * 2019-11-26 2022-02-22 珠海格力电器股份有限公司 Intelligent hardware anti-false-collision method and device, storage medium and electronic equipment
CN111049855B (en) * 2019-12-25 2022-02-01 北京天融信网络安全技术有限公司 Label-based policy configuration method and device
CN113515389B (en) * 2020-04-09 2024-03-01 奇安信安全技术(珠海)有限公司 Method and device for calling intermediate interface, system, storage medium and electronic device
CN111881467B (en) * 2020-06-12 2022-10-28 海光信息技术股份有限公司 Method and device for protecting file by using security processor, CPU and computer equipment
WO2022032950A1 (en) * 2020-08-10 2022-02-17 华为技术有限公司 Defense method, defense apparatus and defense system for malicious software
CN112149159A (en) * 2020-08-26 2020-12-29 网神信息技术(北京)股份有限公司 Permission setting method and device of terminal, electronic equipment and storage medium
CN112311851B (en) * 2020-09-25 2022-04-01 新华三大数据技术有限公司 Network policy configuration method and device
CN112769806B (en) * 2020-12-31 2023-06-23 北京明朝万达科技股份有限公司 Method and device for controlling operation behaviors on terminal equipment and electronic equipment
CN112765663B (en) * 2021-01-25 2024-04-26 北京北信源信息安全技术有限公司 File access control method, device, equipment, server and storage medium
CN113032830A (en) * 2021-03-26 2021-06-25 北京有竹居网络技术有限公司 Electronic equipment control method and device and electronic equipment
CN113051550A (en) * 2021-03-30 2021-06-29 深信服科技股份有限公司 Terminal equipment, protection method and device thereof and readable storage medium
CN113625968B (en) * 2021-08-12 2024-03-01 网易(杭州)网络有限公司 File authority management method and device, computer equipment and storage medium
CN114338139B (en) * 2021-12-27 2023-03-24 北京安博通科技股份有限公司 Method for internet behavior management supporting terminal type control
CN115062588A (en) * 2022-05-11 2022-09-16 华为技术有限公司 Method and electronic equipment for converting file format

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080148404A1 (en) * 2006-12-19 2008-06-19 International Business Machines Corporation Method, system, and program product for characterizing computer attackers
CN101827096A (en) * 2010-04-09 2010-09-08 潘燕辉 Cloud computing-based multi-user collaborative safety protection system and method
CN101834875A (en) * 2010-05-27 2010-09-15 华为技术有限公司 Method, device and system for defending DDoS (Distributed Denial of Service) attacks
CN104468632A (en) * 2014-12-31 2015-03-25 北京奇虎科技有限公司 Loophole attack prevention method, device and system
CN106384051A (en) * 2016-09-29 2017-02-08 汉兴德创(武汉)科技有限公司 Cloud computing-based multi-user cooperative security protection system

Family Cites Families (73)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100489728C (en) * 2004-12-02 2009-05-20 联想(北京)有限公司 Method for establishing trustable operational environment in a computer
US9307397B2 (en) * 2005-04-29 2016-04-05 Jasper Technologies, Inc. Method for enabling a wireless device with customer-specific services
CN100465983C (en) * 2006-09-15 2009-03-04 毛德操 Method for controlling file access in operation system according to user's action history
CN101217396B (en) * 2007-12-29 2010-08-11 华中科技大学 An Ad hoc network invasion detecting method and system based on trust model
US20100005514A1 (en) * 2008-07-01 2010-01-07 Chengdu Huawei Symantec Technologies Co., Ltd. Method, system and server for file rights control
CN101667230B (en) * 2008-09-02 2013-10-23 北京瑞星信息技术有限公司 Method and device for monitoring script execution
CN101697212A (en) * 2009-10-15 2010-04-21 金蝶软件(中国)有限公司 ERP system and method and device for controlling user permissions thereof
US20120297461A1 (en) * 2010-12-02 2012-11-22 Stephen Pineau System and method for reducing cyber crime in industrial control systems
US20120159567A1 (en) * 2010-12-21 2012-06-21 Enterproid Hk Ltd Contextual role awareness
CN102622536B (en) * 2011-01-26 2014-09-03 中国科学院软件研究所 Method for catching malicious codes
US9275345B1 (en) * 2011-02-11 2016-03-01 Allure Security Technology, Inc. System level user behavior biometrics using feature extraction and modeling
US9529996B2 (en) * 2011-10-11 2016-12-27 Citrix Systems, Inc. Controlling mobile device access to enterprise resources
US20140032733A1 (en) * 2011-10-11 2014-01-30 Citrix Systems, Inc. Policy-Based Application Management
CN102567675B (en) * 2012-02-15 2015-09-30 合一网络技术(北京)有限公司 Method for managing user right under a kind of operation system and system
CN103313343B (en) * 2012-03-13 2018-12-18 百度在线网络技术(北京)有限公司 A kind of method and apparatus for realizing user access control
WO2014062804A1 (en) * 2012-10-16 2014-04-24 Citrix Systems, Inc. Application wrapping for application management framework
CN103020529B (en) * 2012-10-31 2015-12-09 中国航天科工集团第二研究院七○六所 A kind of software vulnerability analytical approach based on model of place
CN103839003B (en) * 2012-11-22 2018-01-30 腾讯科技(深圳)有限公司 Malicious file detection method and device
CN103020512B (en) * 2012-11-26 2015-03-04 清华大学 Realization method and control system for safe control flow of system
CN103294950B (en) * 2012-11-29 2016-07-06 北京安天电子设备有限公司 A kind of high-power secret information stealing malicious code detecting method based on backward tracing and system
CN102945356B (en) * 2012-12-12 2015-11-18 上海交通大学 The access control method of search engine under cloud environment and system
US9245128B2 (en) * 2013-03-06 2016-01-26 Microsoft Technology Licensing, Llc Limiting enterprise applications and settings on devices
CN103198253B (en) * 2013-03-29 2016-03-30 北京奇虎科技有限公司 The method and system of operating file
CN103440460A (en) * 2013-09-09 2013-12-11 中国农业银行股份有限公司 Application system change validation method and system
CN103440140A (en) * 2013-09-11 2013-12-11 昆山富泰科电脑有限公司 System for classifying applications of intelligent device and setting use permission
CN103559446B (en) * 2013-11-13 2017-02-08 厦门市美亚柏科信息股份有限公司 Dynamic virus detection method and device for equipment based on Android system
CN103617379B (en) * 2013-11-29 2016-08-17 乐视云计算有限公司 A kind of method for broadcasting multimedia file and player
IL229907A (en) * 2013-12-10 2015-02-26 David Almer Mobile device with improved security
CN103646215A (en) * 2013-12-23 2014-03-19 北京奇虎科技有限公司 Application installation control method, related system and related device
US20160292433A1 (en) * 2013-12-30 2016-10-06 Huawei Device Co., Ltd Permission management method and apparatus
US9519758B2 (en) * 2014-02-04 2016-12-13 Pegasus Media Security, Llc System and process for monitoring malicious access of protected content
CN105224868B (en) * 2014-06-03 2019-07-23 腾讯科技(深圳)有限公司 The detection method and device of system vulnerability attack
CN104239801B (en) * 2014-09-28 2017-10-24 北京奇虎科技有限公司 The recognition methods of 0day leaks and device
CN104239764B (en) * 2014-10-15 2017-07-07 北京奇虎科技有限公司 The management-control method and device of terminal device and its systemic-function
CN104318160B (en) * 2014-10-29 2017-12-26 北京奇虎科技有限公司 The method and apparatus of killing rogue program
CN104361285B (en) * 2014-11-20 2017-12-12 工业和信息化部电信研究院 The safety detection method and device of mobile device application program
CN104462985A (en) * 2014-11-28 2015-03-25 北京奇虎科技有限公司 Detecting method and device of bat loopholes
CN104468563A (en) * 2014-12-03 2015-03-25 北京奇虎科技有限公司 Website bug protection method, device and system
CN104573515A (en) * 2014-12-19 2015-04-29 百度在线网络技术(北京)有限公司 Virus processing method, device and system
CN104506630B (en) * 2014-12-25 2019-04-16 深圳市华宝电子科技有限公司 Permissions data generation method, server and system based on user role
CN104680084B (en) * 2015-03-20 2017-12-12 北京瑞星信息技术股份有限公司 The method and system of privacy of user is protected in computer
CN106295344A (en) * 2015-05-15 2017-01-04 中兴通讯股份有限公司 A kind of method and apparatus ensureing terminal security
CN106295328B (en) * 2015-05-20 2019-06-18 阿里巴巴集团控股有限公司 File test method, apparatus and system
CN104899511B (en) * 2015-05-21 2018-01-19 成都中科慧创科技有限公司 A kind of active defense method based on program behavior algorithm
CN106529230A (en) * 2015-09-11 2017-03-22 上海中和软件有限公司 Role-based permission control mechanism
US9740877B2 (en) * 2015-09-22 2017-08-22 Google Inc. Systems and methods for data loss prevention while preserving privacy
CN106650438A (en) * 2015-11-04 2017-05-10 阿里巴巴集团控股有限公司 Method and device for detecting baleful programs
CN105323384A (en) * 2015-11-25 2016-02-10 上海斐讯数据通信技术有限公司 Method for switching multi-scenario mode and mobile terminal
US10958435B2 (en) * 2015-12-21 2021-03-23 Electro Industries/ Gauge Tech Providing security in an intelligent electronic device
CN107103245B (en) * 2016-02-23 2022-08-02 中兴通讯股份有限公司 File authority management method and device
CN107229860A (en) * 2016-03-24 2017-10-03 中国电子科技集团公司电子科学研究院 The method and system of safety management desktop application in environment is concentrated
CN106055986A (en) * 2016-05-06 2016-10-26 北京优炫软件股份有限公司 Method and device for permission control
CN107451159A (en) * 2016-05-31 2017-12-08 中国移动通信集团广东有限公司 A kind of data bank access method and device
CN107508783A (en) * 2016-06-14 2017-12-22 阿里巴巴集团控股有限公司 A kind for the treatment of method and apparatus of data
CN106169047A (en) * 2016-07-11 2016-11-30 北京金山安全软件有限公司 Method and device for opening monitoring camera and electronic equipment
CN106228067A (en) * 2016-07-15 2016-12-14 江苏博智软件科技有限公司 Malicious code dynamic testing method and device
CN107872433A (en) * 2016-09-27 2018-04-03 腾讯科技(深圳)有限公司 A kind of auth method and its equipment
CN106529290B (en) * 2016-10-11 2020-02-18 北京金山安全软件有限公司 Malicious software protection method and device and electronic equipment
CN106548048A (en) * 2016-10-28 2017-03-29 北京优炫软件股份有限公司 A kind of method for Process flowchart, device and system
CN108062479A (en) * 2016-11-08 2018-05-22 杭州施强教育科技有限公司 A kind of enterprise management system user right collocation method
CN106874761A (en) * 2016-12-30 2017-06-20 北京邮电大学 A kind of Android system malicious application detection method and system
CN107016283B (en) * 2017-02-15 2019-09-10 中国科学院信息工程研究所 Android privilege-escalation attack safety defense method and device based on integrity verification
CN106775903B (en) * 2017-02-24 2021-02-09 北京小米移动软件有限公司 Security policy file updating method and device
CN107066889A (en) * 2017-04-25 2017-08-18 北京洋浦伟业科技发展有限公司 A kind of data access control method and system based on geographical location information
CN107169359A (en) * 2017-06-06 2017-09-15 北京奇虎科技有限公司 Utilize the document means of defence and device, electronic equipment for triggering file realization
CN107391977B (en) * 2017-07-04 2020-11-24 创新先进技术有限公司 Permission control and automatic switching method, device and equipment
CN107480551B (en) * 2017-07-06 2020-11-20 网易(杭州)网络有限公司 File management method and device
CN107392016A (en) * 2017-07-07 2017-11-24 四川大学 A kind of web data storehouse attack detecting system based on agency
CN107508801B (en) * 2017-08-04 2020-09-08 安徽智圣通信技术股份有限公司 Method and device for preventing file from being tampered
CN107657169B (en) * 2017-10-10 2020-02-21 泰康保险集团股份有限公司 Authority management method, device, medium and electronic equipment
CN107832590A (en) * 2017-11-06 2018-03-23 珠海市魅族科技有限公司 Terminal control method and device, terminal and computer-readable recording medium
CN107896210A (en) * 2017-11-14 2018-04-10 北京知道创宇信息技术有限公司 Safety protecting method, device, server and storage medium
CN109063436A (en) * 2018-07-30 2018-12-21 中国石油化工股份有限公司 Support the enterprise-level authority managing and controlling and methods for using them more applied

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080148404A1 (en) * 2006-12-19 2008-06-19 International Business Machines Corporation Method, system, and program product for characterizing computer attackers
CN101827096A (en) * 2010-04-09 2010-09-08 潘燕辉 Cloud computing-based multi-user collaborative safety protection system and method
CN101834875A (en) * 2010-05-27 2010-09-15 华为技术有限公司 Method, device and system for defending DDoS (Distributed Denial of Service) attacks
CN104468632A (en) * 2014-12-31 2015-03-25 北京奇虎科技有限公司 Loophole attack prevention method, device and system
CN106384051A (en) * 2016-09-29 2017-02-08 汉兴德创(武汉)科技有限公司 Cloud computing-based multi-user cooperative security protection system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113395288A (en) * 2021-06-24 2021-09-14 浙江德迅网络安全技术有限公司 Active defense DDOS system based on SDWAN
CN115967548A (en) * 2022-12-04 2023-04-14 广州魔番网络科技有限公司 Safety protection index optimization method based on big data information safety and artificial intelligence system
CN115967548B (en) * 2022-12-04 2024-04-09 深圳市众志天成科技有限公司 Safety protection index optimization method based on big data information safety and artificial intelligence system

Also Published As

Publication number Publication date
CN109871690A (en) 2019-06-11
CN110443041B (en) 2022-09-30
CN109711171A (en) 2019-05-03
CN109829308B (en) 2022-02-15
CN109829308A (en) 2019-05-31
CN109766699B (en) 2022-02-15
CN109711171B (en) 2021-07-20
CN109766699A (en) 2019-05-17
CN109829310B (en) 2021-04-27
CN109711170A (en) 2019-05-03
CN109766700A (en) 2019-05-17
CN109766696B (en) 2021-01-15
CN109766696A (en) 2019-05-17
CN109711169A (en) 2019-05-03
CN109871689A (en) 2019-06-11
CN110443041A (en) 2019-11-12

Similar Documents

Publication Publication Date Title
CN109829310A (en) Defence method and device, system, storage medium, the electronic device of similar attack
CN110445770A (en) Attack Source positioning and means of defence, electronic equipment and computer storage medium
CN105915532B (en) A kind of recognition methods of host of falling and device
CN104333529B (en) The detection method and system of HTTP dos attacks under a kind of cloud computing environment
Beitollahi et al. Tackling application-layer DDoS attacks
CN112738071B (en) Method and device for constructing attack chain topology
CA2954552C (en) Method for detecting an attack in a computer network
CN103746885A (en) Test system and test method oriented to next-generation firewall
CN111935172A (en) Network abnormal behavior detection method based on network topology, computer device and computer readable storage medium
CN106302450B (en) A kind of detection method and device based on malice address in DDOS attack
CN104135474B (en) Intrusion Detection based on host goes out the Network anomalous behaviors detection method of in-degree
JP2015079512A (en) Cyber attack detection device and method based on event analysis
CN103379099A (en) Hostile attack identification method and system
CN109462599A (en) A kind of honey jar management system
CN106650436A (en) Safety detecting method and device based on local area network
CN106161395A (en) A kind of prevent the method for Brute Force, Apparatus and system
Udhayan et al. Statistical segregation method to minimize the false detections during ddos attacks.
CN109587167A (en) A kind of method and apparatus of Message processing
CN107645478A (en) Network attack defending system, method and device
CN111970300A (en) Network intrusion prevention system based on behavior inspection
CN106357660A (en) Method and device for detecting IP (internet protocol) of spoofing source in DDOS (distributed denial of service) defense system
CN107241338A (en) Network anti-attack devices, systems, and methods, computer-readable recording medium and storage control
CN110933111A (en) DDoS attack identification method and device based on DPI
CN110213254A (en) A kind of method and apparatus that Internet protocol IP packet is forged in identification
CN109743314A (en) Monitoring method, device, computer equipment and its storage medium of Network Abnormal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 519085 No. 501, 601, building 14, kechuangyuan, Gangwan No. 1, Jintang Road, Tangjiawan Town, high tech Zone, Zhuhai City, Guangdong Province

Patentee after: Qianxin Safety Technology (Zhuhai) Co.,Ltd.

Patentee after: Qianxin Technology Group Co., Ltd

Address before: 519085 No. 501, 601, building 14, kechuangyuan, Gangwan No. 1, Jintang Road, Tangjiawan Town, high tech Zone, Zhuhai City, Guangdong Province

Patentee before: 360 ENTERPRISE SECURITY TECHNOLOGY (ZHUHAI) Co.,Ltd.

Patentee before: Beijing Qianxin Technology Co., Ltd