CN110049064A - A kind of DNS abduction detection method based on internet of things equipment - Google Patents

A kind of DNS abduction detection method based on internet of things equipment Download PDF

Info

Publication number
CN110049064A
CN110049064A CN201910388568.8A CN201910388568A CN110049064A CN 110049064 A CN110049064 A CN 110049064A CN 201910388568 A CN201910388568 A CN 201910388568A CN 110049064 A CN110049064 A CN 110049064A
Authority
CN
China
Prior art keywords
dns
cache
internet
things equipment
score
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910388568.8A
Other languages
Chinese (zh)
Other versions
CN110049064B (en
Inventor
冯其
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Changhong Electric Co Ltd
Original Assignee
Sichuan Changhong Electric Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Changhong Electric Co Ltd filed Critical Sichuan Changhong Electric Co Ltd
Priority to CN201910388568.8A priority Critical patent/CN110049064B/en
Publication of CN110049064A publication Critical patent/CN110049064A/en
Application granted granted Critical
Publication of CN110049064B publication Critical patent/CN110049064B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a kind of, and the DNS based on internet of things equipment kidnaps detection method, including step S100: installing the log of agent programmed acquisition on internet of things equipment and is uploaded to message-oriented middleware;Cloud server consumes middleware message, analytical calculation testing result, and judges whether that DNS, which occurs, to be kidnapped, and save original log.Step S210: cloud server according to the device-fingerprint INFORMATION DISCOVERY assets and judges log source after getting the data that agent is acquired in rabbitmq;Step S220: by the MongoDB of device-fingerprint information deposit cloud server, as asset of equipments collection;Step S230: it carries out DNS and kidnaps analysis.The present invention judges from multiple dimensional analysis, increases the accuracy of detection, effectively reduces wrong report, fails to report.

Description

A kind of DNS abduction detection method based on internet of things equipment
Technical field
The present invention relates to field of information security technology, are a kind of DNS abduction detections based on internet of things equipment specifically Method.
Background technique
Internet of Things (Internet of things) equipment, i.e. IOT equipment, with the rise of Intelligent hardware technology, Internet of Things Net market exponentially growing trend, a large amount of IOT equipment publications, IOT equipment is highly susceptible to attacking for Malware and hacker Hit because IOT equipment performance, the speed of service and in terms of limited, equipment not integrated security mechanisms itself.Again In addition huge number of devices, once there is effective malicious attack, caused by endanger and can not despise.The development of IOT is such Rapidly, if do not caught up with safely necessarily infeasible.Currently, also occur numerous IOT Prevention-Security platforms in industry, for The network attacks such as trojan horse, Botnet, DDOS, DNS abduction have formulated a series of safety detection and preventing mechanism.At present IOT Prevention-Security detection of platform DNS is kidnapped, and the main method for using terminal parsing result and cloud dns resolution Comparative result is come Judge whether that DNS kidnapping accident occurs.But when cloud dns resolution server be held as a hostage or IOT equipment and cloud analysis take When device geographical location difference of being engaged in is too big, it is possible to the incomplete or inconsistent situation of parsing result occur, so that detection be made to produce Raw wrong report is failed to report.
Summary of the invention
The purpose of the present invention is to provide a kind of, and the DNS based on internet of things equipment kidnaps detection method, existing for solving DNS is detected in technology and is kidnapped judges whether that DNS, which occurs, to be kidnapped using the method for terminal analysis result and cloud analysis Comparative result, The problem of being easy to appear wrong report or failing to report.
The present invention is solved the above problems by following technical proposals:
A kind of DNS abduction detection method based on internet of things equipment, comprising:
Step S100: installing agent program on internet of things equipment, and the log of agent programmed acquisition is simultaneously uploaded in message Between part agent program;
Step S200: cloud server consumes middleware message, analytical calculation testing result, and judges whether that DNS occurs It kidnaps, and saves original log.
Further, the step S100 tool are as follows: Agent program uses Service form, after internet of things equipment Platform service carries out data acquisition, sends a message to rabbitmq message queue by mqtt agreement timing, the data include Device-fingerprint information and terminal D NS parse information, unique identification terminal wealth when the device-fingerprint information is found for assets Equipment;The terminal D NS parses information, for analysing whether that DNS, which occurs, to be kidnapped.
Further, the step S200 includes:
Step S210: cloud server refers to after getting the data that agent is acquired in rabbitmq according to the equipment Line INFORMATION DISCOVERY assets simultaneously judge log source;
Step S220: by the MongoDB of device-fingerprint information deposit cloud server, as asset of equipments collection;
Step S230: it carries out DNS and kidnaps analysis, specifically include:
Step A: obtaining domain name and terminal D NS parsing result, updates IP_CACHE, the IP_CACHE is for caching terminal Domain name is resolved to the history number of corresponding IP;Initialize ip_score=0;
Step B: judging whether domain name exists in DNS_CACHE, and the DNS_CACHE is slow for cloud dns resolution result It deposits;If being entered back into next step after otherwise updating DNS_CACHE if so, entering in next step;
Step C: terminal D NS parsing result and DNS_CACHE are compared, if terminal is matched with cloud, are judged to not sending out Raw DNS is kidnapped, and terminates current ip analysis;Otherwise, judge whether domain name is more than setting time T1 in DNS_CACHE, if so, more New DNS_CACHE, return step C;Otherwise, step D is executed;
Step D:ip_score increases corresponding dimension weight and threatens score, inquires and corresponds to resolved time of ip in IP_CACHE Number, if corresponding ip resolved number, which is greater than threshold value 1 and corresponds to the resolved number of ip accounting in all ip, is greater than threshold value 2, Then it is judged to not occurring DNS abduction, record and terminates current ip analysis;Otherwise, into next step;
Step E: judging whether the resolved number of corresponding ip accounting in all ip is less than threshold value 3, and the threshold value 3 is less than Threshold value 2, if so, ip_score, which increases corresponding dimension weight, threatens score, into next step;Otherwise, it is directly entered in next step;
Step F: the ip credit worthiness of corresponding ip is inquired, judges whether ip reputation is lower than threshold value 4, if so, ip_score Increase corresponding dimension weight and threaten score, into next step;Otherwise, it is directly entered in next step;
Step G: judging whether ip_score is greater than threshold value 5, if so, being judged to occurring DNS abduction, is otherwise judged to not sending out Raw DNS is kidnapped, and terminates this ip analysis.
Further, in the step H, it is judged to occurring DNS abduction, original log is stored in MongoDB, for subsequent Inquire foundation.
Further, the device-fingerprint information includes the address mac, type machine core and sequence number.
Compared with prior art, the present invention have the following advantages that and the utility model has the advantages that
(1) present invention, from the judgement of multiple dimensional analysis, increases under the premise of not influenced by IOT equipment itself limitation The accuracy of detection effectively reduces wrong report, fails to report.
(2) present invention acquires IOT device data using light weight method.It is set by installing agent in equipment to acquire Standby domain name mapping result data, will not influence the normal operation of IOT equipment.
Detailed description of the invention
Fig. 1 is the principle of the present invention block diagram;
Fig. 2 is the flow chart that DNS kidnaps analysis in the present invention.
Specific embodiment
The present invention is described in further detail below with reference to embodiment, embodiments of the present invention are not limited thereto.
Embodiment 1:
In conjunction with shown in attached drawing 1, a kind of DNS abduction detection method based on internet of things equipment, comprising:
Step S100: installing agent program in internet of things equipment, that is, IOT equipment, and Agent program uses Service shape Formula, the background service as internet of things equipment carry out data acquisition, send a message to rabbitmq by mqtt agreement timing The message queue of message-oriented middleware, the data include device-fingerprint information and terminal D NS parsing information, the device-fingerprint letter Unique identification terminal wealth equipment when breath is for assets discovery;The terminal D NS parses information, and DNS occurs for analysing whether It kidnaps.
Step S200: cloud server consumes rabbitmq message-oriented middleware message, analytical calculation testing result, and judges DNS abduction whether occurs, and saves original log, and the facility information of reported data for the first time deposit MongoDB is used as assets It was found that.
Internet of things equipment installs agent program, acquires for data, uploads data to message-oriented middleware, cloud by network End consumption middleware message, so that analytical calculation obtains testing result.Technical solution relates generally to two parts: data acquisition, number According to analysis.
Part of data acquisition is responsible for acquiring data from IOT terminal device.Since IOT equipment has low-power consumption, weak calculating etc. Characteristic, so being not suitable for carrying out the complex operations such as packet capturing, analytical calculation in IOT equipment.Therefore this patent uses lightweight side Method acquires IOT device data.Equipment domain name parsing result data are acquired by installing agent in equipment, hardly shadow Ring the normal operation of IOT equipment.Terminal agent uses the form of Service, and the background service as terminal carries out data and adopts Collection sends a message to rabbitmq message queue by mqtt agreement timing, and message is consumed in cloud from rabbitmq, is carried out Data analysis.The data of acquisition include Terminal fingerprints information (address mac, type machine core, sequence number etc.), terminal D NS parsing letter Breath.When Terminal fingerprints information is found for assets, unique identification terminal wealth equipment.Dns resolution information is sent out for analysing whether Raw DNS is kidnapped.It is as follows to acquire data reference format:
Wherein: base is Equipment Foundations information, and sn is equipment Serial Number, and mac is device hardware address, if you need to other information Extension can be increased;Details is that the specific dns of terminal parses information, and type is dns parsing for identity type, and domains is eventually The set of domains for holding parsing is saved in the form of key_values.Key is specific domain name, and value is corresponding parsing result, Wherein parsing result is list, may include one or more ip.
Data analysis is completed beyond the clouds, can reduce the resource consumption of IOT equipment in this way.When cloud is obtained from rabbitmq After the data for getting agent acquisition, according to device-fingerprint information realization assets discovery feature, according to the unique of device-fingerprint information Property judges log source.It was found that corresponding device-fingerprint information can be stored in mongodb database after assets, provided as equipment Produce collection.In conjunction with agent analysis of data collected, when determining to occur DNS kidnapping accident, corresponding assets can be positioned in asset concentration.
Embodiment 2:
On the basis of embodiment 1, in conjunction with shown in attached drawing 1 and Fig. 2, the step S200 includes:
Step S210: cloud server refers to after getting the data that agent is acquired in rabbitmq according to the equipment Line INFORMATION DISCOVERY assets simultaneously judge log source;
Step S220: by the MongoDB of device-fingerprint information deposit cloud server, as asset of equipments collection;
Step S230: it carries out DNS and kidnaps analysis, specifically include:
Step A:1) cloud analysis program parses log to be analyzed, obtain domain name and terminal D NS parsing result, traversal Dns resolution set obtains domain name to be analyzed.Domain name the results list to be analyzed is traversed, ip to be analyzed is obtained, updates IP_CACHE, The IP_CACHE is used to cache the history number that terminal domain name is resolved to corresponding IP;As terminal device across comparison dimension Foundation, and initialize the ip threaten score ip_score=0;
Step B: judging whether domain name exists in DNS_CACHE, and the DNS_CACHE is slow for cloud dns resolution result It deposits;If being entered back into next step after otherwise updating DNS_CACHE if so, entering in next step;
Step C: terminal D NS parsing result and DNS_CACHE are compared, if terminal is matched with cloud, are judged to not sending out Raw DNS is kidnapped, and terminates current ip analysis;Otherwise, judge domain name in DNS_CACHE whether more than 10 minutes, if so, update DNS_CACHE, return step C;Otherwise, step D is executed;
Step D:ip_score increases cloud dns resolution comparison dimension respective weights and threatens score, inquires in IP_CACHE The number that corresponding ip is resolved, if the number that corresponding ip resolved number is greater than threshold value 300 and corresponding ip is resolved is all Accounting is greater than 30% in ip, then is judged to not occurring DNS abduction, records and terminates current ip analysis;Otherwise, into next step;
Step E: judge that whether accounting is less than 0.1% in all ip for the resolved number of corresponding ip, if so, ip_score Increase across comparison dimension respective weights and threaten score, into next step;Otherwise, it is directly entered in next step;
Step F: inquiring the ip credit worthiness of corresponding ip, judge whether ip reputation is lower than 50, if so, ip_score increases Ip prestige dimension respective weights threaten score, into next step;Otherwise, it is directly entered in next step;
Step G: judging whether ip_score is greater than threshold value 80, if so, being judged to occurring DNS abduction, is otherwise determined as not DNS occurs to kidnap, terminates this ip analysis.
Further, in the step H, it is judged to occurring DNS abduction, original log is stored in MongoDB, for subsequent Inquire foundation.
Cloud dns resolution compares the threat score of dimension, across comparison dimension and the corresponding weight of ip prestige dimension, can To be set separately.Whether auxiliary judgment occurs DNS abduction.To increase accuracy, the reliability of testing result, detection leakage is reduced Report wrong report.
Further, the device-fingerprint information includes the address mac, type machine core and sequence number.
Although reference be made herein to invention has been described for explanatory embodiment of the invention, and above-described embodiment is only this hair Bright preferable embodiment, embodiment of the present invention are not limited by the above embodiments, it should be appreciated that those skilled in the art Member can be designed that a lot of other modification and implementations, these modifications and implementations will fall in principle disclosed in the present application Within scope and spirit.

Claims (5)

1. a kind of DNS based on internet of things equipment kidnaps detection method characterized by comprising
Step S100: installing agent program on internet of things equipment, and the log of agent programmed acquisition is simultaneously uploaded to message-oriented middleware Agent program;
Step S200: cloud server consumes middleware message, analytical calculation testing result, and judges whether that DNS, which occurs, to be kidnapped, And save original log.
2. a kind of DNS based on internet of things equipment according to claim 1 kidnaps detection method, which is characterized in that described Step S100 tool are as follows: Agent program uses Service form, and the background service as internet of things equipment carries out data acquisition, leads to It crosses mqtt agreement timing and sends a message to rabbitmq message queue, the data include device-fingerprint information and terminal D NS Parse information, unique identification terminal wealth equipment when the device-fingerprint information is found for assets;The terminal D NS parsing letter Breath, for analysing whether that DNS, which occurs, to be kidnapped.
3. a kind of DNS based on internet of things equipment according to claim 2 kidnaps detection method, which is characterized in that described Step S200 includes:
Step S210: cloud server is believed after getting the data that agent is acquired in rabbitmq according to the device-fingerprint Breath discovery assets simultaneously judge log source;
Step S220: by the MongoDB of device-fingerprint information deposit cloud server, as asset of equipments collection;
Step S230: it carries out DNS and kidnaps analysis, specifically include:
Step A: obtaining domain name and terminal D NS parsing result, updates IP_CACHE, the IP_CACHE is for caching terminal domain name It is resolved to the history number of corresponding IP;Initialize ip_score=0;
Step B: judging whether domain name exists in DNS_CACHE, and the DNS_CACHE is cloud dns resolution result cache;If It is, if entering in next step, to be entered back into next step after otherwise updating DNS_CACHE;
Step C: terminal D NS parsing result and DNS_CACHE are compared, if terminal is matched with cloud, are judged to that DNS does not occur It kidnaps, terminates current ip analysis;Otherwise, judge whether domain name is more than setting time T1 in DNS_CACHE, if so, updating DNS_CACHE, return step C;Otherwise, step D is executed;
Step D:ip_score increases corresponding dimension weight and threatens score, inquires and corresponds to the resolved number of ip in IP_CACHE, If the number that corresponding ip resolved number is greater than threshold value 1 and corresponding ip is resolved accounting in all ip is greater than threshold value 2, sentence It is set to and DNS abduction does not occur, record and terminates current ip analysis;Otherwise, into next step;
Step E: judging whether the resolved number of corresponding ip accounting in all ip is less than threshold value 3, and the threshold value 3 is less than threshold value 2, if so, ip_score, which increases corresponding dimension weight, threatens score, into next step;Otherwise, it is directly entered in next step;
Step F: inquiring the ip credit worthiness of corresponding ip, judge whether ip reputation is lower than threshold value 4, if so, ip_score increases Corresponding dimension weight threatens score, into next step;Otherwise, it is directly entered in next step;
Step G: judging whether ip_score is greater than threshold value 5, if so, being judged to occurring DNS abduction, is otherwise judged to not occurring DNS is kidnapped, and terminates this ip analysis.
4. a kind of DNS based on internet of things equipment according to claim 3 kidnaps detection method, which is characterized in that described In step H, it is judged to occurring DNS abduction, original log is stored in MongoDB, be used for subsequent query foundation.
5. a kind of DNS abduction detection method based on internet of things equipment described in any one of -4 according to claim 1, special Sign is that the device-fingerprint information includes the address mac, type machine core and sequence number.
CN201910388568.8A 2019-05-10 2019-05-10 DNS hijacking detection method based on Internet of things equipment Active CN110049064B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910388568.8A CN110049064B (en) 2019-05-10 2019-05-10 DNS hijacking detection method based on Internet of things equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910388568.8A CN110049064B (en) 2019-05-10 2019-05-10 DNS hijacking detection method based on Internet of things equipment

Publications (2)

Publication Number Publication Date
CN110049064A true CN110049064A (en) 2019-07-23
CN110049064B CN110049064B (en) 2021-04-06

Family

ID=67281469

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910388568.8A Active CN110049064B (en) 2019-05-10 2019-05-10 DNS hijacking detection method based on Internet of things equipment

Country Status (1)

Country Link
CN (1) CN110049064B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110581851A (en) * 2019-09-10 2019-12-17 四川长虹电器股份有限公司 cloud identification method for abnormal behaviors of Internet of things equipment
CN110855717A (en) * 2019-12-05 2020-02-28 浙江军盾信息科技有限公司 Method, device and system for protecting equipment of Internet of things
CN112422663A (en) * 2020-11-09 2021-02-26 浙江力太工业互联网有限公司 Data centralization system of industrial Internet of things and data aggregation, processing and storage method
CN112788159A (en) * 2020-12-31 2021-05-11 山西三友和智慧信息技术股份有限公司 Webpage fingerprint tracking method based on DNS traffic and KNN algorithm

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102082836A (en) * 2009-11-30 2011-06-01 中国移动通信集团四川有限公司 DNS (Domain Name Server) safety monitoring system and method
US9479495B2 (en) * 2014-12-18 2016-10-25 Go Daddy Operating Company, LLC Sending authentication codes to multiple recipients
US20180007088A1 (en) * 2016-06-29 2018-01-04 AVAST Software s.r.o. Detection of domain name system hijacking
CN107786565A (en) * 2017-11-02 2018-03-09 江苏物联网研究发展中心 A kind of distributed real-time intrusion detection method and detecting system
CN108282495A (en) * 2018-03-14 2018-07-13 北京奇艺世纪科技有限公司 A kind of DNS kidnaps defence method and device
CN109361676A (en) * 2018-11-01 2019-02-19 天津睿邦安通技术有限公司 A kind of DNS abduction defence method, apparatus and system based on firewall system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102082836A (en) * 2009-11-30 2011-06-01 中国移动通信集团四川有限公司 DNS (Domain Name Server) safety monitoring system and method
US9479495B2 (en) * 2014-12-18 2016-10-25 Go Daddy Operating Company, LLC Sending authentication codes to multiple recipients
US20180007088A1 (en) * 2016-06-29 2018-01-04 AVAST Software s.r.o. Detection of domain name system hijacking
CN107786565A (en) * 2017-11-02 2018-03-09 江苏物联网研究发展中心 A kind of distributed real-time intrusion detection method and detecting system
CN108282495A (en) * 2018-03-14 2018-07-13 北京奇艺世纪科技有限公司 A kind of DNS kidnaps defence method and device
CN109361676A (en) * 2018-11-01 2019-02-19 天津睿邦安通技术有限公司 A kind of DNS abduction defence method, apparatus and system based on firewall system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
徐涛: "基于IPv4的DNS攻击原理与防预", 《中国科技信息》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110581851A (en) * 2019-09-10 2019-12-17 四川长虹电器股份有限公司 cloud identification method for abnormal behaviors of Internet of things equipment
CN110855717A (en) * 2019-12-05 2020-02-28 浙江军盾信息科技有限公司 Method, device and system for protecting equipment of Internet of things
CN110855717B (en) * 2019-12-05 2022-03-04 杭州安恒信息安全技术有限公司 Method, device and system for protecting equipment of Internet of things
CN112422663A (en) * 2020-11-09 2021-02-26 浙江力太工业互联网有限公司 Data centralization system of industrial Internet of things and data aggregation, processing and storage method
CN112788159A (en) * 2020-12-31 2021-05-11 山西三友和智慧信息技术股份有限公司 Webpage fingerprint tracking method based on DNS traffic and KNN algorithm

Also Published As

Publication number Publication date
CN110049064B (en) 2021-04-06

Similar Documents

Publication Publication Date Title
CN110049064A (en) A kind of DNS abduction detection method based on internet of things equipment
CN109325351B (en) Security hole automatic verification system based on public testing platform
US8392963B2 (en) Techniques for tracking actual users in web application security systems
CN104348803B (en) Link kidnaps detection method, device, user equipment, Analysis server and system
CN108712426B (en) Crawler identification method and system based on user behavior buried points
CN108737439B (en) Large-scale malicious domain name detection system and method based on self-feedback learning
CN108183900B (en) Method, server, system, terminal device and storage medium for detecting mining script
CN108390864B (en) Trojan horse detection method and system based on attack chain behavior analysis
CN109039987A (en) A kind of user account login method, device, electronic equipment and storage medium
CN106027559A (en) Network session statistical characteristic based large-scale network scanning detection method
CN102413142A (en) Active defense method based on cloud platform
WO2012089005A1 (en) Method and apparatus for phishing web page detection
WO2017071148A1 (en) Cloud computing platform-based intelligent defense system
CN114021040B (en) Method and system for alarming and protecting malicious event based on service access
CN110221977A (en) Website penetration test method based on ai
CN113542227A (en) Account security protection method and device, electronic device and storage medium
CN113259392B (en) Network security attack and defense method, device and storage medium
WO2017063274A1 (en) Method for automatically determining malicious-jumping and malicious-nesting offensive websites
CN109257393A (en) XSS attack defence method and device based on machine learning
CN108322463A (en) Ddos attack detection method, device, computer equipment and storage medium
CN113810381B (en) Crawler detection method, web application cloud firewall device and storage medium
CN112866281B (en) Distributed real-time DDoS attack protection system and method
CN106302450A (en) A kind of based on the malice detection method of address and device in DDOS attack
CN113518077A (en) Malicious web crawler detection method, device, equipment and storage medium
CN114244564B (en) Attack defense method, device, equipment and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant