CN110049064A - A kind of DNS abduction detection method based on internet of things equipment - Google Patents
A kind of DNS abduction detection method based on internet of things equipment Download PDFInfo
- Publication number
- CN110049064A CN110049064A CN201910388568.8A CN201910388568A CN110049064A CN 110049064 A CN110049064 A CN 110049064A CN 201910388568 A CN201910388568 A CN 201910388568A CN 110049064 A CN110049064 A CN 110049064A
- Authority
- CN
- China
- Prior art keywords
- dns
- cache
- internet
- things equipment
- score
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of, and the DNS based on internet of things equipment kidnaps detection method, including step S100: installing the log of agent programmed acquisition on internet of things equipment and is uploaded to message-oriented middleware;Cloud server consumes middleware message, analytical calculation testing result, and judges whether that DNS, which occurs, to be kidnapped, and save original log.Step S210: cloud server according to the device-fingerprint INFORMATION DISCOVERY assets and judges log source after getting the data that agent is acquired in rabbitmq;Step S220: by the MongoDB of device-fingerprint information deposit cloud server, as asset of equipments collection;Step S230: it carries out DNS and kidnaps analysis.The present invention judges from multiple dimensional analysis, increases the accuracy of detection, effectively reduces wrong report, fails to report.
Description
Technical field
The present invention relates to field of information security technology, are a kind of DNS abduction detections based on internet of things equipment specifically
Method.
Background technique
Internet of Things (Internet of things) equipment, i.e. IOT equipment, with the rise of Intelligent hardware technology, Internet of Things
Net market exponentially growing trend, a large amount of IOT equipment publications, IOT equipment is highly susceptible to attacking for Malware and hacker
Hit because IOT equipment performance, the speed of service and in terms of limited, equipment not integrated security mechanisms itself.Again
In addition huge number of devices, once there is effective malicious attack, caused by endanger and can not despise.The development of IOT is such
Rapidly, if do not caught up with safely necessarily infeasible.Currently, also occur numerous IOT Prevention-Security platforms in industry, for
The network attacks such as trojan horse, Botnet, DDOS, DNS abduction have formulated a series of safety detection and preventing mechanism.At present
IOT Prevention-Security detection of platform DNS is kidnapped, and the main method for using terminal parsing result and cloud dns resolution Comparative result is come
Judge whether that DNS kidnapping accident occurs.But when cloud dns resolution server be held as a hostage or IOT equipment and cloud analysis take
When device geographical location difference of being engaged in is too big, it is possible to the incomplete or inconsistent situation of parsing result occur, so that detection be made to produce
Raw wrong report is failed to report.
Summary of the invention
The purpose of the present invention is to provide a kind of, and the DNS based on internet of things equipment kidnaps detection method, existing for solving
DNS is detected in technology and is kidnapped judges whether that DNS, which occurs, to be kidnapped using the method for terminal analysis result and cloud analysis Comparative result,
The problem of being easy to appear wrong report or failing to report.
The present invention is solved the above problems by following technical proposals:
A kind of DNS abduction detection method based on internet of things equipment, comprising:
Step S100: installing agent program on internet of things equipment, and the log of agent programmed acquisition is simultaneously uploaded in message
Between part agent program;
Step S200: cloud server consumes middleware message, analytical calculation testing result, and judges whether that DNS occurs
It kidnaps, and saves original log.
Further, the step S100 tool are as follows: Agent program uses Service form, after internet of things equipment
Platform service carries out data acquisition, sends a message to rabbitmq message queue by mqtt agreement timing, the data include
Device-fingerprint information and terminal D NS parse information, unique identification terminal wealth when the device-fingerprint information is found for assets
Equipment;The terminal D NS parses information, for analysing whether that DNS, which occurs, to be kidnapped.
Further, the step S200 includes:
Step S210: cloud server refers to after getting the data that agent is acquired in rabbitmq according to the equipment
Line INFORMATION DISCOVERY assets simultaneously judge log source;
Step S220: by the MongoDB of device-fingerprint information deposit cloud server, as asset of equipments collection;
Step S230: it carries out DNS and kidnaps analysis, specifically include:
Step A: obtaining domain name and terminal D NS parsing result, updates IP_CACHE, the IP_CACHE is for caching terminal
Domain name is resolved to the history number of corresponding IP;Initialize ip_score=0;
Step B: judging whether domain name exists in DNS_CACHE, and the DNS_CACHE is slow for cloud dns resolution result
It deposits;If being entered back into next step after otherwise updating DNS_CACHE if so, entering in next step;
Step C: terminal D NS parsing result and DNS_CACHE are compared, if terminal is matched with cloud, are judged to not sending out
Raw DNS is kidnapped, and terminates current ip analysis;Otherwise, judge whether domain name is more than setting time T1 in DNS_CACHE, if so, more
New DNS_CACHE, return step C;Otherwise, step D is executed;
Step D:ip_score increases corresponding dimension weight and threatens score, inquires and corresponds to resolved time of ip in IP_CACHE
Number, if corresponding ip resolved number, which is greater than threshold value 1 and corresponds to the resolved number of ip accounting in all ip, is greater than threshold value 2,
Then it is judged to not occurring DNS abduction, record and terminates current ip analysis;Otherwise, into next step;
Step E: judging whether the resolved number of corresponding ip accounting in all ip is less than threshold value 3, and the threshold value 3 is less than
Threshold value 2, if so, ip_score, which increases corresponding dimension weight, threatens score, into next step;Otherwise, it is directly entered in next step;
Step F: the ip credit worthiness of corresponding ip is inquired, judges whether ip reputation is lower than threshold value 4, if so, ip_score
Increase corresponding dimension weight and threaten score, into next step;Otherwise, it is directly entered in next step;
Step G: judging whether ip_score is greater than threshold value 5, if so, being judged to occurring DNS abduction, is otherwise judged to not sending out
Raw DNS is kidnapped, and terminates this ip analysis.
Further, in the step H, it is judged to occurring DNS abduction, original log is stored in MongoDB, for subsequent
Inquire foundation.
Further, the device-fingerprint information includes the address mac, type machine core and sequence number.
Compared with prior art, the present invention have the following advantages that and the utility model has the advantages that
(1) present invention, from the judgement of multiple dimensional analysis, increases under the premise of not influenced by IOT equipment itself limitation
The accuracy of detection effectively reduces wrong report, fails to report.
(2) present invention acquires IOT device data using light weight method.It is set by installing agent in equipment to acquire
Standby domain name mapping result data, will not influence the normal operation of IOT equipment.
Detailed description of the invention
Fig. 1 is the principle of the present invention block diagram;
Fig. 2 is the flow chart that DNS kidnaps analysis in the present invention.
Specific embodiment
The present invention is described in further detail below with reference to embodiment, embodiments of the present invention are not limited thereto.
Embodiment 1:
In conjunction with shown in attached drawing 1, a kind of DNS abduction detection method based on internet of things equipment, comprising:
Step S100: installing agent program in internet of things equipment, that is, IOT equipment, and Agent program uses Service shape
Formula, the background service as internet of things equipment carry out data acquisition, send a message to rabbitmq by mqtt agreement timing
The message queue of message-oriented middleware, the data include device-fingerprint information and terminal D NS parsing information, the device-fingerprint letter
Unique identification terminal wealth equipment when breath is for assets discovery;The terminal D NS parses information, and DNS occurs for analysing whether
It kidnaps.
Step S200: cloud server consumes rabbitmq message-oriented middleware message, analytical calculation testing result, and judges
DNS abduction whether occurs, and saves original log, and the facility information of reported data for the first time deposit MongoDB is used as assets
It was found that.
Internet of things equipment installs agent program, acquires for data, uploads data to message-oriented middleware, cloud by network
End consumption middleware message, so that analytical calculation obtains testing result.Technical solution relates generally to two parts: data acquisition, number
According to analysis.
Part of data acquisition is responsible for acquiring data from IOT terminal device.Since IOT equipment has low-power consumption, weak calculating etc.
Characteristic, so being not suitable for carrying out the complex operations such as packet capturing, analytical calculation in IOT equipment.Therefore this patent uses lightweight side
Method acquires IOT device data.Equipment domain name parsing result data are acquired by installing agent in equipment, hardly shadow
Ring the normal operation of IOT equipment.Terminal agent uses the form of Service, and the background service as terminal carries out data and adopts
Collection sends a message to rabbitmq message queue by mqtt agreement timing, and message is consumed in cloud from rabbitmq, is carried out
Data analysis.The data of acquisition include Terminal fingerprints information (address mac, type machine core, sequence number etc.), terminal D NS parsing letter
Breath.When Terminal fingerprints information is found for assets, unique identification terminal wealth equipment.Dns resolution information is sent out for analysing whether
Raw DNS is kidnapped.It is as follows to acquire data reference format:
Wherein: base is Equipment Foundations information, and sn is equipment Serial Number, and mac is device hardware address, if you need to other information
Extension can be increased;Details is that the specific dns of terminal parses information, and type is dns parsing for identity type, and domains is eventually
The set of domains for holding parsing is saved in the form of key_values.Key is specific domain name, and value is corresponding parsing result,
Wherein parsing result is list, may include one or more ip.
Data analysis is completed beyond the clouds, can reduce the resource consumption of IOT equipment in this way.When cloud is obtained from rabbitmq
After the data for getting agent acquisition, according to device-fingerprint information realization assets discovery feature, according to the unique of device-fingerprint information
Property judges log source.It was found that corresponding device-fingerprint information can be stored in mongodb database after assets, provided as equipment
Produce collection.In conjunction with agent analysis of data collected, when determining to occur DNS kidnapping accident, corresponding assets can be positioned in asset concentration.
Embodiment 2:
On the basis of embodiment 1, in conjunction with shown in attached drawing 1 and Fig. 2, the step S200 includes:
Step S210: cloud server refers to after getting the data that agent is acquired in rabbitmq according to the equipment
Line INFORMATION DISCOVERY assets simultaneously judge log source;
Step S220: by the MongoDB of device-fingerprint information deposit cloud server, as asset of equipments collection;
Step S230: it carries out DNS and kidnaps analysis, specifically include:
Step A:1) cloud analysis program parses log to be analyzed, obtain domain name and terminal D NS parsing result, traversal
Dns resolution set obtains domain name to be analyzed.Domain name the results list to be analyzed is traversed, ip to be analyzed is obtained, updates IP_CACHE,
The IP_CACHE is used to cache the history number that terminal domain name is resolved to corresponding IP;As terminal device across comparison dimension
Foundation, and initialize the ip threaten score ip_score=0;
Step B: judging whether domain name exists in DNS_CACHE, and the DNS_CACHE is slow for cloud dns resolution result
It deposits;If being entered back into next step after otherwise updating DNS_CACHE if so, entering in next step;
Step C: terminal D NS parsing result and DNS_CACHE are compared, if terminal is matched with cloud, are judged to not sending out
Raw DNS is kidnapped, and terminates current ip analysis;Otherwise, judge domain name in DNS_CACHE whether more than 10 minutes, if so, update
DNS_CACHE, return step C;Otherwise, step D is executed;
Step D:ip_score increases cloud dns resolution comparison dimension respective weights and threatens score, inquires in IP_CACHE
The number that corresponding ip is resolved, if the number that corresponding ip resolved number is greater than threshold value 300 and corresponding ip is resolved is all
Accounting is greater than 30% in ip, then is judged to not occurring DNS abduction, records and terminates current ip analysis;Otherwise, into next step;
Step E: judge that whether accounting is less than 0.1% in all ip for the resolved number of corresponding ip, if so, ip_score
Increase across comparison dimension respective weights and threaten score, into next step;Otherwise, it is directly entered in next step;
Step F: inquiring the ip credit worthiness of corresponding ip, judge whether ip reputation is lower than 50, if so, ip_score increases
Ip prestige dimension respective weights threaten score, into next step;Otherwise, it is directly entered in next step;
Step G: judging whether ip_score is greater than threshold value 80, if so, being judged to occurring DNS abduction, is otherwise determined as not
DNS occurs to kidnap, terminates this ip analysis.
Further, in the step H, it is judged to occurring DNS abduction, original log is stored in MongoDB, for subsequent
Inquire foundation.
Cloud dns resolution compares the threat score of dimension, across comparison dimension and the corresponding weight of ip prestige dimension, can
To be set separately.Whether auxiliary judgment occurs DNS abduction.To increase accuracy, the reliability of testing result, detection leakage is reduced
Report wrong report.
Further, the device-fingerprint information includes the address mac, type machine core and sequence number.
Although reference be made herein to invention has been described for explanatory embodiment of the invention, and above-described embodiment is only this hair
Bright preferable embodiment, embodiment of the present invention are not limited by the above embodiments, it should be appreciated that those skilled in the art
Member can be designed that a lot of other modification and implementations, these modifications and implementations will fall in principle disclosed in the present application
Within scope and spirit.
Claims (5)
1. a kind of DNS based on internet of things equipment kidnaps detection method characterized by comprising
Step S100: installing agent program on internet of things equipment, and the log of agent programmed acquisition is simultaneously uploaded to message-oriented middleware
Agent program;
Step S200: cloud server consumes middleware message, analytical calculation testing result, and judges whether that DNS, which occurs, to be kidnapped,
And save original log.
2. a kind of DNS based on internet of things equipment according to claim 1 kidnaps detection method, which is characterized in that described
Step S100 tool are as follows: Agent program uses Service form, and the background service as internet of things equipment carries out data acquisition, leads to
It crosses mqtt agreement timing and sends a message to rabbitmq message queue, the data include device-fingerprint information and terminal D NS
Parse information, unique identification terminal wealth equipment when the device-fingerprint information is found for assets;The terminal D NS parsing letter
Breath, for analysing whether that DNS, which occurs, to be kidnapped.
3. a kind of DNS based on internet of things equipment according to claim 2 kidnaps detection method, which is characterized in that described
Step S200 includes:
Step S210: cloud server is believed after getting the data that agent is acquired in rabbitmq according to the device-fingerprint
Breath discovery assets simultaneously judge log source;
Step S220: by the MongoDB of device-fingerprint information deposit cloud server, as asset of equipments collection;
Step S230: it carries out DNS and kidnaps analysis, specifically include:
Step A: obtaining domain name and terminal D NS parsing result, updates IP_CACHE, the IP_CACHE is for caching terminal domain name
It is resolved to the history number of corresponding IP;Initialize ip_score=0;
Step B: judging whether domain name exists in DNS_CACHE, and the DNS_CACHE is cloud dns resolution result cache;If
It is, if entering in next step, to be entered back into next step after otherwise updating DNS_CACHE;
Step C: terminal D NS parsing result and DNS_CACHE are compared, if terminal is matched with cloud, are judged to that DNS does not occur
It kidnaps, terminates current ip analysis;Otherwise, judge whether domain name is more than setting time T1 in DNS_CACHE, if so, updating
DNS_CACHE, return step C;Otherwise, step D is executed;
Step D:ip_score increases corresponding dimension weight and threatens score, inquires and corresponds to the resolved number of ip in IP_CACHE,
If the number that corresponding ip resolved number is greater than threshold value 1 and corresponding ip is resolved accounting in all ip is greater than threshold value 2, sentence
It is set to and DNS abduction does not occur, record and terminates current ip analysis;Otherwise, into next step;
Step E: judging whether the resolved number of corresponding ip accounting in all ip is less than threshold value 3, and the threshold value 3 is less than threshold value
2, if so, ip_score, which increases corresponding dimension weight, threatens score, into next step;Otherwise, it is directly entered in next step;
Step F: inquiring the ip credit worthiness of corresponding ip, judge whether ip reputation is lower than threshold value 4, if so, ip_score increases
Corresponding dimension weight threatens score, into next step;Otherwise, it is directly entered in next step;
Step G: judging whether ip_score is greater than threshold value 5, if so, being judged to occurring DNS abduction, is otherwise judged to not occurring
DNS is kidnapped, and terminates this ip analysis.
4. a kind of DNS based on internet of things equipment according to claim 3 kidnaps detection method, which is characterized in that described
In step H, it is judged to occurring DNS abduction, original log is stored in MongoDB, be used for subsequent query foundation.
5. a kind of DNS abduction detection method based on internet of things equipment described in any one of -4 according to claim 1, special
Sign is that the device-fingerprint information includes the address mac, type machine core and sequence number.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910388568.8A CN110049064B (en) | 2019-05-10 | 2019-05-10 | DNS hijacking detection method based on Internet of things equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910388568.8A CN110049064B (en) | 2019-05-10 | 2019-05-10 | DNS hijacking detection method based on Internet of things equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110049064A true CN110049064A (en) | 2019-07-23 |
CN110049064B CN110049064B (en) | 2021-04-06 |
Family
ID=67281469
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910388568.8A Active CN110049064B (en) | 2019-05-10 | 2019-05-10 | DNS hijacking detection method based on Internet of things equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110049064B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110581851A (en) * | 2019-09-10 | 2019-12-17 | 四川长虹电器股份有限公司 | cloud identification method for abnormal behaviors of Internet of things equipment |
CN110855717A (en) * | 2019-12-05 | 2020-02-28 | 浙江军盾信息科技有限公司 | Method, device and system for protecting equipment of Internet of things |
CN112422663A (en) * | 2020-11-09 | 2021-02-26 | 浙江力太工业互联网有限公司 | Data centralization system of industrial Internet of things and data aggregation, processing and storage method |
CN112788159A (en) * | 2020-12-31 | 2021-05-11 | 山西三友和智慧信息技术股份有限公司 | Webpage fingerprint tracking method based on DNS traffic and KNN algorithm |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102082836A (en) * | 2009-11-30 | 2011-06-01 | 中国移动通信集团四川有限公司 | DNS (Domain Name Server) safety monitoring system and method |
US9479495B2 (en) * | 2014-12-18 | 2016-10-25 | Go Daddy Operating Company, LLC | Sending authentication codes to multiple recipients |
US20180007088A1 (en) * | 2016-06-29 | 2018-01-04 | AVAST Software s.r.o. | Detection of domain name system hijacking |
CN107786565A (en) * | 2017-11-02 | 2018-03-09 | 江苏物联网研究发展中心 | A kind of distributed real-time intrusion detection method and detecting system |
CN108282495A (en) * | 2018-03-14 | 2018-07-13 | 北京奇艺世纪科技有限公司 | A kind of DNS kidnaps defence method and device |
CN109361676A (en) * | 2018-11-01 | 2019-02-19 | 天津睿邦安通技术有限公司 | A kind of DNS abduction defence method, apparatus and system based on firewall system |
-
2019
- 2019-05-10 CN CN201910388568.8A patent/CN110049064B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102082836A (en) * | 2009-11-30 | 2011-06-01 | 中国移动通信集团四川有限公司 | DNS (Domain Name Server) safety monitoring system and method |
US9479495B2 (en) * | 2014-12-18 | 2016-10-25 | Go Daddy Operating Company, LLC | Sending authentication codes to multiple recipients |
US20180007088A1 (en) * | 2016-06-29 | 2018-01-04 | AVAST Software s.r.o. | Detection of domain name system hijacking |
CN107786565A (en) * | 2017-11-02 | 2018-03-09 | 江苏物联网研究发展中心 | A kind of distributed real-time intrusion detection method and detecting system |
CN108282495A (en) * | 2018-03-14 | 2018-07-13 | 北京奇艺世纪科技有限公司 | A kind of DNS kidnaps defence method and device |
CN109361676A (en) * | 2018-11-01 | 2019-02-19 | 天津睿邦安通技术有限公司 | A kind of DNS abduction defence method, apparatus and system based on firewall system |
Non-Patent Citations (1)
Title |
---|
徐涛: "基于IPv4的DNS攻击原理与防预", 《中国科技信息》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110581851A (en) * | 2019-09-10 | 2019-12-17 | 四川长虹电器股份有限公司 | cloud identification method for abnormal behaviors of Internet of things equipment |
CN110855717A (en) * | 2019-12-05 | 2020-02-28 | 浙江军盾信息科技有限公司 | Method, device and system for protecting equipment of Internet of things |
CN110855717B (en) * | 2019-12-05 | 2022-03-04 | 杭州安恒信息安全技术有限公司 | Method, device and system for protecting equipment of Internet of things |
CN112422663A (en) * | 2020-11-09 | 2021-02-26 | 浙江力太工业互联网有限公司 | Data centralization system of industrial Internet of things and data aggregation, processing and storage method |
CN112788159A (en) * | 2020-12-31 | 2021-05-11 | 山西三友和智慧信息技术股份有限公司 | Webpage fingerprint tracking method based on DNS traffic and KNN algorithm |
Also Published As
Publication number | Publication date |
---|---|
CN110049064B (en) | 2021-04-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110049064A (en) | A kind of DNS abduction detection method based on internet of things equipment | |
CN109325351B (en) | Security hole automatic verification system based on public testing platform | |
US8392963B2 (en) | Techniques for tracking actual users in web application security systems | |
CN104348803B (en) | Link kidnaps detection method, device, user equipment, Analysis server and system | |
CN108712426B (en) | Crawler identification method and system based on user behavior buried points | |
CN108737439B (en) | Large-scale malicious domain name detection system and method based on self-feedback learning | |
CN108183900B (en) | Method, server, system, terminal device and storage medium for detecting mining script | |
CN108390864B (en) | Trojan horse detection method and system based on attack chain behavior analysis | |
CN109039987A (en) | A kind of user account login method, device, electronic equipment and storage medium | |
CN106027559A (en) | Network session statistical characteristic based large-scale network scanning detection method | |
CN102413142A (en) | Active defense method based on cloud platform | |
WO2012089005A1 (en) | Method and apparatus for phishing web page detection | |
WO2017071148A1 (en) | Cloud computing platform-based intelligent defense system | |
CN114021040B (en) | Method and system for alarming and protecting malicious event based on service access | |
CN110221977A (en) | Website penetration test method based on ai | |
CN113542227A (en) | Account security protection method and device, electronic device and storage medium | |
CN113259392B (en) | Network security attack and defense method, device and storage medium | |
WO2017063274A1 (en) | Method for automatically determining malicious-jumping and malicious-nesting offensive websites | |
CN109257393A (en) | XSS attack defence method and device based on machine learning | |
CN108322463A (en) | Ddos attack detection method, device, computer equipment and storage medium | |
CN113810381B (en) | Crawler detection method, web application cloud firewall device and storage medium | |
CN112866281B (en) | Distributed real-time DDoS attack protection system and method | |
CN106302450A (en) | A kind of based on the malice detection method of address and device in DDOS attack | |
CN113518077A (en) | Malicious web crawler detection method, device, equipment and storage medium | |
CN114244564B (en) | Attack defense method, device, equipment and readable storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |