CN109981608A - Network security intrusion detecting system and method based on Web - Google Patents

Network security intrusion detecting system and method based on Web Download PDF

Info

Publication number
CN109981608A
CN109981608A CN201910172611.7A CN201910172611A CN109981608A CN 109981608 A CN109981608 A CN 109981608A CN 201910172611 A CN201910172611 A CN 201910172611A CN 109981608 A CN109981608 A CN 109981608A
Authority
CN
China
Prior art keywords
web
request
detection unit
rule
characteristic detection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910172611.7A
Other languages
Chinese (zh)
Inventor
胡磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Huaan Putt Network Technology Co Ltd
Original Assignee
Beijing Huaan Putt Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Huaan Putt Network Technology Co Ltd filed Critical Beijing Huaan Putt Network Technology Co Ltd
Priority to CN201910172611.7A priority Critical patent/CN109981608A/en
Publication of CN109981608A publication Critical patent/CN109981608A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses network security intrusion detecting systems and method based on Web, are related to technical field of network security.The present invention includes characteristic detection unit and abnormality detecting unit;Characteristic detection unit includes audit log database, testing console, property detector, firewall;Audit log database passes through information data transmission module respectively and is connected with testing console and property detector, and property detector is connected with firewall;Rule set is provided in property detector;Abnormality detecting unit includes Training Control platform, anomaly detector, abnormal template, request historical data base;Training Control platform passes through information data transmission module respectively and is connected with anomaly detector and abnormal template, anomaly detector connection request historical data base;Several models are provided in anomaly detector.The present invention solves the problems, such as that Web efficiency of intrusion detection is low, system rate of failing to report is high, rate of false alarm is high.

Description

Network security intrusion detecting system and method based on Web
Technical field
The invention belongs to technical field of network security, more particularly to based on Web network security intrusion detecting system and Network security intrusion detection method based on Web.
Background technique
With the rapid development of Internet, people, which stay indoors, can enjoy various services, Web from the appearance, Alarming development speed is just shown, into after 21 century, explosive growth is presented in Web application, not only large organization, machine Structure, enterprise etc. possess the portal website of oneself, even the personal homepage that can also possess oneself, releases news by Web, browse News, purchase and consumption have become the quotidian behavior of people's daily life.Although the development of Web technology is very mature, It is to still remain unsafe one side, the attack for Web is more and more, and the information such as privacy, account of people at any time may be used The threat that can be revealed and be stolen.
Using the Web of the Web Intrusion Detection Technique of single opportunity feature or single opportunity exception in existing technology Intrusion Detection Technique, but advantage and deficiency is both individually present;Web intrusion detection based on feature can identify known attack It hits, but unknown attack cannot be detected, need the feature database that timely updates, system rate of failing to report is high, rate of false alarm is low;Based on exception Web Intrusion Detection Technique is started late, and immature development has that rate of failing to report is low, rate of false alarm is high;Therefore it is directed to and asks above Topic provides a kind of network security intrusion detecting system based on Web and method is of great significance.
Summary of the invention
The purpose of the present invention is to provide network security intrusion detecting systems and method based on Web, mutual by providing Interactive characteristic detection unit and abnormality detecting unit is provided with audit log data library, feature detection in characteristic detection unit Device, testing console;Training Control platform, anomaly detector, request historical data base, abnormal mould are provided in abnormality detecting unit Plate;Property detector is connected with Web server, and characteristic detection unit judges whether Web request feature matches with internal rule, different Normal detection unit carries out abnormality detection Web request according to the detection template trained, thinks that feature detects after finding attack Unit sends an instruction, and instruction, which is taken, to be acted and execute accordingly;Testing console will receive detection log and with chart The safety officer that mode is presented to safety management end analyzes and manages, and solves that Web efficiency of intrusion detection is low, system leakage The problem that report rate is high, rate of false alarm is high.
In order to solve the above technical problems, the present invention is achieved by the following technical solutions:
Network security intrusion detecting system based on Web of the invention, including characteristic detection unit and abnormality detecting unit;
The characteristic detection unit includes audit log database, testing console, property detector, firewall;It is described Audit log database passes through information data transmission module respectively and is connected with testing console and property detector, the feature inspection Device is surveyed to be connected with firewall;Rule set is provided in the property detector;
The abnormality detecting unit includes Training Control platform, anomaly detector, abnormal template, request historical data base;Institute State that Training Control platform passes through information data transmission module and anomaly detector respectively and abnormal template is connected, the anomaly detector Connection request historical data base;Several models are provided in the anomaly detector;
Firewall and user/attack end in the characteristic detection unit is connected to the network, and the property detector and Web take Business device interactive connection, and Web request is issued to the request historical data base;The testing console and safety management end phase Even.
Further, the user/attack end is ordinary user end or attacks for testing the detection of Web intruding detection system End is attacked in the simulation of ability, and simulation attack end uses Web penetration testing tool;
The Web server is for disposing various Web applications, for by object of attack;The Web server uses Apache Server;
The characteristic detection unit is mentioned from known attack for detecting various known and being easy to extract the attack of feature Feature is taken, corresponding matching rule is formed, the characteristic detection unit is that the expanding element of Apache is integrated in Web server On;
The abnormality detecting unit is the Web intrusion detection subelement based on study, and the abnormality detecting unit is from a large amount of The normal Access Model that HTTP request message is established in normal web access data, sentences new web access according to model built It is disconnected whether to contain attack.
Further, the property detector in the characteristic detection unit includes generator, adaptation, movement device, rule Collection, translater, expansion interface, regulation engine;Transforming function transformation function and content capture are provided in the generator;
The audit log data library includes persistent storage, log, rule file.
Network security intrusion detection method based on Web, includes the following steps:
S01: the request that the user/attack end is sent to Web server is intercepted by characteristic detection unit;
S02: the characteristic detection unit matches Web request feature with its internal rule;
S03: judge whether the feature of the Web request matches with internal rule;
If so, assert that the request is an attack and executes movement corresponding to the rule, including blocks, loses It abandons, redirect, terminate after permission;
If it is not, then carrying out next step;
S04: abnormality detecting unit is sent this request to;
S05: the abnormality detecting unit carries out abnormality detection Web request according to the detection model come is trained, if hair Existing attack then sends an instruction to characteristic detection unit, it is instructed to take corresponding movement, and characteristic detection unit receives The movement is executed after to instruction;
S06: the console receives the log of Web server and each detection unit, is presented in a manner of patterned The safety officer at safety management end.
Further, characteristic detection unit judges whether Web request feature is matched with internal rule in the step S03 Method includes the method and the method for request processing stage of characteristic detection unit system initialisation phase;
The method of the system initialisation phase the following steps are included:
T01: loading module reads instruction array, establishes instruction Hash table;
T02: reading the rule in configuration file, establishes configuration tree;
T03: pass through the Hook Function of Apache, family regulation engine, metadata information needed for generating translation rule;
T04: traversal configuration tree, inquiry instruction Hash table generate each processing stage using regulation engine translation rule Rule set;
It is described request processing stage method the following steps are included:
P01: the generator summarizes from Web request obtains data generation detection target variable, if necessary will also be to mesh Mark variable does certain transformation, and therefrom capturing information is for subsequent step use;
P02: the adaptation matches target variable and predefined mode;
P03: if successful match, the movement device executes predefined movement to Web request, including prevention, redirection, Allow to act;
P04: in Hook Function implementation procedure, audit log and debugging log is written to disk, and utilize persistent storage Mechanism saves the status information across request, realizes stateful request processing.
The invention has the following advantages:
The present invention is by providing the characteristic detection unit interacted and abnormality detecting unit, setting in characteristic detection unit There are audit log data library, property detector, testing console;Training Control platform, abnormal inspection are provided in abnormality detecting unit Survey device, request historical data base, abnormal template;Property detector is connected with Web server, and characteristic detection unit judges that Web is asked Ask whether feature matches with internal rule, abnormality detecting unit carries out abnormal inspection to Web request according to the detection template trained It surveys, thinks that characteristic detection unit sends an instruction after finding attack, instruction, which is taken, to be acted and execute accordingly;Detection control Platform will receive detection log and graphically be presented to the safety officer at safety management end and analyzes and manage, and have The advantage that Web efficiency of intrusion detection is high, system rate of failing to report is low, rate of false alarm is low.
Certainly, it implements any of the products of the present invention and does not necessarily require achieving all the advantages described above at the same time.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, will be described below to embodiment required Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for ability For the those of ordinary skill of domain, without creative efforts, it can also be obtained according to these attached drawings other attached Figure.
Fig. 1 is the structural schematic diagram of the network security intrusion detecting system of the invention based on Web;
The structural schematic diagram of characteristic detection unit Fig. 2 of the invention;
The step schematic diagram of Fig. 3 network security intrusion detection method of the invention based on Web;
The method and step schematic diagram of the systematization initial stage of characteristic detection unit Fig. 4 of the invention;
The method and step schematic diagram of the request processing stage of characteristic detection unit Fig. 5 of the invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts all other Embodiment shall fall within the protection scope of the present invention.
Refering to Figure 1, the network security intrusion detecting system of the invention based on Web, including characteristic detection unit And abnormality detecting unit;
Characteristic detection unit includes audit log database, testing console, property detector, firewall;Audit log Database passes through information data transmission module respectively and is connected with testing console and property detector, property detector and firewall It is connected;Rule set is provided in property detector;
Abnormality detecting unit includes Training Control platform, anomaly detector, abnormal template, request historical data base;Training control Platform processed passes through information data transmission module respectively and is connected with anomaly detector and abnormal template, anomaly detector connection request history Database;Several models are provided in anomaly detector;
Firewall and user/attack end in characteristic detection unit is connected to the network, and property detector is interacted with Web server Connection, and Web request is issued to request historical data base;Testing console is connected with safety management end.
Wherein, user/attack end is ordinary user end or detects the mould of attacking ability for testing Web intruding detection system Quasi- attack end, simulation attack end use Web penetration testing tool, including Burp Suite and Metasploit;
Web server is for disposing various Web applications, for by object of attack;Web server uses Apache Server;
Characteristic detection unit is used to detect attack that is various known and being easy to extract feature, such as XSS attack and SQL injection, And feature is extracted from known attack, corresponding matching rule is formed, the expanding element that characteristic detection unit is Apache is integrated In intrusion detection delay caused by web access on Web server, is effectively reduced;
Abnormality detecting unit is the Web intrusion detection subelement based on study, and abnormality detecting unit is from a large amount of normal Web The normal Access Model that HTTP request message is established in access data, judges whether to contain according to model built to new web access There is attack.
As shown in Figure 2, wherein the property detector in characteristic detection unit includes generator, adaptation, movement device, rule Then collect, translater, expansion interface, regulation engine;Transforming function transformation function and content capture are provided in generator;
Audit log data library includes persistent storage, log, rule file.
As shown in figure 3, the network security intrusion detection method based on Web, includes the following steps:
S01: the request that user/attack end is sent to Web server is intercepted by characteristic detection unit;
S02: characteristic detection unit matches Web request feature with its internal rule;
S03: judge whether the feature of Web request matches with internal rule;
If so, assert that the request is an attack and executes movement corresponding to the rule, including blocks, loses It abandons, redirect, terminate after permission;
If it is not, then carrying out next step;
S04: abnormality detecting unit is sent this request to;
S05: abnormality detecting unit carries out abnormality detection Web request according to the detection model come is trained, if discovery is attacked Behavior is hit, then sends an instruction to characteristic detection unit, instructs it to take corresponding movement, characteristic detection unit receives finger The movement is executed after order;
S06: console receives the log of Web server and each detection unit, and safety is presented in a manner of patterned The safety officer of management end, is conveniently managed and analyzes.
Wherein, characteristic detection unit judges that Web request feature includes with the whether matched method of internal rule in step S03 The method and the method for request processing stage of characteristic detection unit system initialisation phase;
As shown in figure 4, the method for system initialisation phase the following steps are included:
T01: loading module reads instruction array, establishes instruction Hash table;
T02: reading the rule in configuration file, establishes configuration tree;
T03: pass through the Hook Function of Apache, family regulation engine, metadata information needed for generating translation rule;
T04: traversal configuration tree, inquiry instruction Hash table generate each processing stage using regulation engine translation rule Rule set;
As shown in figure 5, request processing stage method the following steps are included:
P01: generator summarizes from Web request obtains data generation detection target variable, if necessary to also become to target Amount does certain transformation, and therefrom capturing information is for subsequent step use;
P02: adaptation matches target variable and predefined mode;
P03: if successful match, movement device executes predefined movement, including prevention, redirection, permission to Web request Movement;
P04: in Hook Function implementation procedure, audit log and debugging log is written to disk, and utilize persistent storage Mechanism saves the status information across request, realizes stateful request processing.
The utility model has the advantages that
The present invention is by providing the characteristic detection unit interacted and abnormality detecting unit, setting in characteristic detection unit There are audit log data library, property detector, testing console;Training Control platform, abnormal inspection are provided in abnormality detecting unit Survey device, request historical data base, abnormal template;Property detector is connected with Web server, and characteristic detection unit judges that Web is asked Ask whether feature matches with internal rule, abnormality detecting unit carries out abnormal inspection to Web request according to the detection template trained It surveys, thinks that characteristic detection unit sends an instruction after finding attack, instruction, which is taken, to be acted and execute accordingly;Detection control Platform will receive detection log and graphically be presented to the safety officer at safety management end and analyzes and manage, and have The advantage that Web efficiency of intrusion detection is high, system rate of failing to report is low, rate of false alarm is low.
In the description of this specification, the description of reference term " one embodiment ", " example ", " specific example " etc. means Particular features, structures, materials, or characteristics described in conjunction with this embodiment or example are contained at least one implementation of the invention In example or example.In the present specification, schematic expression of the above terms may not refer to the same embodiment or example. Moreover, particular features, structures, materials, or characteristics described can be in any one or more of the embodiments or examples to close Suitable mode combines.
Present invention disclosed above preferred embodiment is only intended to help to illustrate the present invention.There is no detailed for preferred embodiment All details are described, are not limited the invention to the specific embodiments described.Obviously, according to the content of this specification, It can make many modifications and variations.These embodiments are chosen and specifically described to this specification, is in order to better explain the present invention Principle and practical application, so that skilled artisan be enable to better understand and utilize the present invention.The present invention is only It is limited by claims and its full scope and equivalent.

Claims (5)

1. the network security intrusion detecting system based on Web, it is characterised in that:
Including characteristic detection unit and abnormality detecting unit;
The characteristic detection unit includes audit log database, testing console, property detector, firewall;The examination Log database passes through information data transmission module respectively and is connected with testing console and property detector, the property detector It is connected with firewall;Rule set is provided in the property detector;
The abnormality detecting unit includes Training Control platform, anomaly detector, abnormal template, request historical data base;The instruction White silk console passes through information data transmission module respectively and is connected with anomaly detector and abnormal template, the anomaly detector connection Request historical data base;Several models are provided in the anomaly detector;
Firewall and user/attack end in the characteristic detection unit is connected to the network, the property detector and Web server Interactive connection, and Web request is issued to the request historical data base;The testing console is connected with safety management end.
2. the network security intrusion detecting system according to claim 1 based on Web, which is characterized in that the user/attack The simulation attack end that end is ordinary user end or detects attacking ability for testing Web intruding detection system is hit, the simulation is attacked End is hit using Web penetration testing tool;
The Web server is for disposing various Web applications, for by object of attack;The Web server is serviced using Apache Device;
The characteristic detection unit is used to detect attack that is various known and being easy to extract feature, and spy is extracted from known attack Sign, forms corresponding matching rule, and the characteristic detection unit is that the expanding element of Apache is integrated on Web server;
The abnormality detecting unit is the Web intrusion detection subelement based on study, and the abnormality detecting unit is from a large amount of normal Web access data in establish the normal Access Model of HTTP request message, be to new web access judgement according to model built It is no to contain attack.
3. the network security intrusion detecting system according to claim 1 based on Web, which is characterized in that the feature inspection The property detector surveyed in unit includes generator, adaptation, movement device, rule set, translater, expansion interface, regulation engine; Transforming function transformation function and content capture are provided in the generator;
The audit log data library includes persistent storage, log, rule file.
4. the network security intrusion detection method as described in any one of claims 1-3 based on Web, which is characterized in that including Following steps:
S01: the request that the user/attack end is sent to Web server is intercepted by characteristic detection unit;
S02: the characteristic detection unit matches Web request feature with its internal rule;
S03: judge whether the feature of the Web request matches with internal rule;
If so, assert that the request is an attack and executes movement corresponding to the rule, including blocking, discarding, again Orientation terminates after allowing;
If it is not, then carrying out next step;
S04: abnormality detecting unit is sent this request to;
S05: the abnormality detecting unit carries out abnormality detection Web request according to the detection model come is trained, if discovery is attacked Behavior is hit, then sends an instruction to characteristic detection unit, instructs it to take corresponding movement, characteristic detection unit receives finger The movement is executed after order;
S06: the console receives the log of Web server and each detection unit, and safety is presented in a manner of patterned The safety officer of management end.
5. the network security intrusion detection method according to claim 4 based on Web, which is characterized in that the step S03 Middle characteristic detection unit judges that Web request feature with the whether matched method of internal rule includes that characteristic detection unit system is initial The method and the method for request processing stage in change stage;
The method of the system initialisation phase the following steps are included:
T01: loading module reads instruction array, establishes instruction Hash table;
T02: reading the rule in configuration file, establishes configuration tree;
T03: pass through the Hook Function of Apache, family regulation engine, metadata information needed for generating translation rule;
T04: traversal configuration tree, inquiry instruction Hash table generate the rule of each processing stage using regulation engine translation rule Collection;
It is described request processing stage method the following steps are included:
P01: the generator summarizes from Web request obtains data generation detection target variable, if necessary to also become to target Amount does certain transformation, and therefrom capturing information is for subsequent step use;
P02: the adaptation matches target variable and predefined mode;
P03: if successful match, the movement device executes predefined movement, including prevention, redirection, permission to Web request Movement;
P04: in Hook Function implementation procedure, audit log and debugging log is written to disk, and utilize persisted storage mechanism The status information across request is saved, realizes stateful request processing.
CN201910172611.7A 2019-03-07 2019-03-07 Network security intrusion detecting system and method based on Web Pending CN109981608A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910172611.7A CN109981608A (en) 2019-03-07 2019-03-07 Network security intrusion detecting system and method based on Web

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910172611.7A CN109981608A (en) 2019-03-07 2019-03-07 Network security intrusion detecting system and method based on Web

Publications (1)

Publication Number Publication Date
CN109981608A true CN109981608A (en) 2019-07-05

Family

ID=67078208

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910172611.7A Pending CN109981608A (en) 2019-03-07 2019-03-07 Network security intrusion detecting system and method based on Web

Country Status (1)

Country Link
CN (1) CN109981608A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111431864A (en) * 2020-02-28 2020-07-17 深圳开源互联网安全技术有限公司 Internet of vehicles monitoring system, method and device and readable storage medium
CN111988342A (en) * 2020-09-18 2020-11-24 大连理工大学 Online automobile CAN network anomaly detection system
CN112134837A (en) * 2020-08-06 2020-12-25 瑞数信息技术(上海)有限公司 Method and system for detecting Web attack behavior
CN112491883A (en) * 2020-11-27 2021-03-12 杭州安恒信息安全技术有限公司 Method, device, electronic device and storage medium for detecting web attack
CN112653651A (en) * 2019-10-11 2021-04-13 四川无国界信息技术有限公司 Vulnerability mining method based on cloud computing
CN113839904A (en) * 2020-06-08 2021-12-24 北京梆梆安全科技有限公司 Security situation sensing method and system based on intelligent networked automobile

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103491060A (en) * 2012-06-13 2014-01-01 北京新媒传信科技有限公司 Method, device and system for defending against Web attacks
US20140040073A1 (en) * 2006-09-29 2014-02-06 Microsoft Corporation Comparative Shopping Tool
CN107493258A (en) * 2017-04-19 2017-12-19 安徽华脉科技发展有限公司 A kind of intruding detection system based on network security

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140040073A1 (en) * 2006-09-29 2014-02-06 Microsoft Corporation Comparative Shopping Tool
CN103491060A (en) * 2012-06-13 2014-01-01 北京新媒传信科技有限公司 Method, device and system for defending against Web attacks
CN107493258A (en) * 2017-04-19 2017-12-19 安徽华脉科技发展有限公司 A kind of intruding detection system based on network security

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张明等: "一种基于混合模式的Web 入侵检测系统架构研究", 《信息网络安全》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112653651A (en) * 2019-10-11 2021-04-13 四川无国界信息技术有限公司 Vulnerability mining method based on cloud computing
CN111431864A (en) * 2020-02-28 2020-07-17 深圳开源互联网安全技术有限公司 Internet of vehicles monitoring system, method and device and readable storage medium
CN113839904A (en) * 2020-06-08 2021-12-24 北京梆梆安全科技有限公司 Security situation sensing method and system based on intelligent networked automobile
CN113839904B (en) * 2020-06-08 2023-08-22 北京梆梆安全科技有限公司 Security situation awareness method and system based on intelligent network-connected automobile
CN112134837A (en) * 2020-08-06 2020-12-25 瑞数信息技术(上海)有限公司 Method and system for detecting Web attack behavior
CN111988342A (en) * 2020-09-18 2020-11-24 大连理工大学 Online automobile CAN network anomaly detection system
CN112491883A (en) * 2020-11-27 2021-03-12 杭州安恒信息安全技术有限公司 Method, device, electronic device and storage medium for detecting web attack

Similar Documents

Publication Publication Date Title
CN109981608A (en) Network security intrusion detecting system and method based on Web
CN111600856B (en) Safety system of operation and maintenance of data center
CN107196910B (en) Threat early warning monitoring system, method and deployment framework based on big data analysis
CN107087001B (en) distributed internet important address space retrieval system
CN107958322B (en) Urban network space comprehensive treatment system
CN103561012B (en) WEB backdoor detection method and system based on relevance tree
Yang et al. CARDS: A distributed system for detecting coordinated attacks
CN109818985A (en) A kind of industrial control system loophole trend analysis and method for early warning and system
CN104766011A (en) Sandbox detection alarming method and system based on main engine characteristic
CN103428196A (en) URL white list-based WEB application intrusion detecting method and apparatus
CN111510463B (en) Abnormal behavior recognition system
CN112887268B (en) Network security guarantee method and system based on comprehensive detection and identification
CN112347485A (en) Multi-engine vulnerability acquisition and automatic penetration processing method
CN103905459A (en) Cloud-based intelligent security defense system and defense method
CN105550593A (en) Cloud disk file monitoring method and device based on local area network
CN113794276A (en) Power distribution network terminal safety behavior monitoring system and method based on artificial intelligence
US20200067981A1 (en) Deception server deployment
CN105378745A (en) Disabling and initiating nodes based on security issue
Hwoij et al. SIEM architecture for the Internet of Things and smart city
Ali et al. Detection and prevention cyber-attacks for smart buildings via private cloud environment
CN109492390A (en) A kind of advanced duration threat analysis method based on attack time line
Park et al. How to design practical client honeypots based on virtual environment
CN104143064A (en) Website data security system based on association analysis of database activity and web access
CN116074280B (en) Application intrusion prevention system identification method, device, equipment and storage medium
Chai et al. Research of intelligent intrusion detection system based on web data mining technology

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190705

RJ01 Rejection of invention patent application after publication