CN110166476A - A kind of violence-averse crack method and device - Google Patents
A kind of violence-averse crack method and device Download PDFInfo
- Publication number
- CN110166476A CN110166476A CN201910463326.0A CN201910463326A CN110166476A CN 110166476 A CN110166476 A CN 110166476A CN 201910463326 A CN201910463326 A CN 201910463326A CN 110166476 A CN110166476 A CN 110166476A
- Authority
- CN
- China
- Prior art keywords
- information
- attack
- brute force
- record
- complaint
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention provides a kind of violence-averse crack method and device, log recording is authenticated by monitoring, when noting abnormalities authentication information, it obtains alert process record, complaint record and Brute Force and attacks information, the probability that the corresponding behavior of abnormal authentication information belongs to Brute Force attack is calculated, when the probability is greater than threshold value, blocking attack, warning message is sent to relative users, and records warning message;The solution of the present invention can monitor and the attack of active countermeasures Brute Force, and can continuously monitor, and can cope with continuous Brute Force attack.
Description
Technical field
The present invention relates to fields of communication technology, and in particular to a kind of violence-averse crack method and device.
Background technique
Brute Force refer to attacker by systematically combine various possible user authentication informations (such as logon account name,
Password etc.), various possibilities are attempted to crack the attack pattern of user account.Attacker usually uses automatized script or violence
Crack tool is attacked.Since attacker can use different username and password frequent progress login attempts, in log
In will appear the entries of many login failures, and these entries are usually from the same IP (Internet Protocol
Address, internet protocol address).It is main at present to be logged in by limitation IP, limit login failure number, user data is carried out
The means such as encryption are attacked to cope with Brute Force.Although these modes can protect user account information to a certain extent,
Can not the attack of active countermeasures Brute Force, and only to when time attack it is effective.
Summary of the invention
The present invention aiming at the above shortcomings existing in the prior art, provides a kind of violence-averse crack method and device, to
Solve the problem of it is existing it is violence-averse crack scheme can not active countermeasures Brute Force attack can not be used continuously.
The present invention is in order to solve the above technical problems, adopt the following technical scheme that
The present invention provides a kind of violence-averse crack method, which comprises
Monitoring certification log recording;
When there is abnormal authentication information, obtains alert process record, complaint record and Brute Force and attack information;
It is recorded according to the abnormal authentication information, Brute Force attack information, alert process record, complaint and preset sudden and violent
Power cracks challenge model, calculates the probability that the corresponding behavior of the abnormal authentication information belongs to Brute Force attack;
If the probability is greater than preset threshold value, attack is blocked, sends warning message to relative users, and described in record
Warning message.
Preferably, the acquisition alert process record, complaint record and Brute Force attack information, specifically include: respectively
Alert process record is obtained from the first block node, complaint record is obtained from the second block node, from third block node
Middle acquisition Brute Force attacks information;
It is described to record the warning message, it specifically includes: recording the warning message in the first block node.
Further, after the transmission warning message to relative users, the method also includes:
The feedback information that user sends is received, the feedback information includes the shape whether user confirms the warning message
State information;
Judge whether the behavior belongs to Brute Force attack according to the state information, if being not belonging to, described in releasing
Attack blocks.
Further, the violence-averse crack method further include: if judging, the behavior belongs to Brute Force attack,
This Brute Force attack information is recorded in the third block node.
Further, after the blocking attack, the method also includes:
Receive the complaint information that user sends;
Judge whether the complaint information is correct, if correctly, releasing the attack and blocking, and in the second block section
The complaint information is recorded in point.
The present invention also provides a kind of violence-averse crack servers, comprising: monitoring modular obtains module, computing module, first
Judgment module and processing module;
The monitoring modular is used for, monitoring certification log recording;
The acquisition module is used for, and when there is abnormal authentication information, obtains alert process record, complaint record and violence
Crack attack information;
The computing module is used for, recorded according to the abnormal authentication information, Brute Force attack information, alert process,
Complaint record and preset Brute Force challenge model, the corresponding behavior of the calculating exception authentication information belong to Brute Force and attack
The probability hit;
The first judgment module is used for, and judges whether the probability is greater than preset threshold value;
The processing module is used for, if the probability is greater than preset threshold value, blocks attack, is sent and is reported to relative users
Alert information, and record the warning message.
Preferably, the acquisition module is specifically used for, and alert process record is obtained from the first block node respectively, from the
Complaint record is obtained in two block nodes, and Brute Force is obtained from third block node and attacks information;
The processing module is specifically used for, and records the warning message in the first block node.
Further, the violence-averse crack servers further include: receiving module and the second judgment module;
The receiving module is used for, and receives the feedback information that user sends, the feedback information includes user to the report
The status information whether alert information confirms;
Second judgment module is used for, and judges whether the behavior belongs to Brute Force and attack according to the state information
It hits;
The processing module is also used to, when second judgment module judges that the behavior is not belonging to Brute Force attack
When, it releases the attack and blocks.
Further, the processing module is also used to, when second judgment module judges that the behavior belongs to violence
When cracking attack, this Brute Force attack information is recorded in the 4th block node.
Further, the receiving module is also used to, and receives the complaint information that user sends;
Second judgment module is also used to, and judges whether the complaint information is correct;
The processing module is also used to, and when second judgment module judges that the complaint information is correct, releases institute
It states attack to block, and records the complaint information in the third block node.
The present invention is by monitoring certification log recording, when noting abnormalities authentication information, obtains alert process record, complaint
Record and Brute Force attack information, the probability that the corresponding behavior of abnormal authentication information belongs to Brute Force attack are calculated, in institute
When stating probability greater than threshold value, attack is blocked, sends warning message to relative users, and record warning message;The solution of the present invention
It can monitor and active countermeasures Brute Force is attacked, and can continuously monitor, continuous Brute Force attack can be coped with.
Detailed description of the invention
Fig. 1 is one of the violence-averse crack method flow chart of the embodiment of the present invention;
Fig. 2 is the two of the violence-averse crack method flow chart of the embodiment of the present invention;
Fig. 3 is the three of the violence-averse crack method flow chart of the embodiment of the present invention;
Fig. 4 is the structural schematic diagram of the violence-averse crack servers of the embodiment of the present invention.
Specific embodiment
Below in conjunction with the attached drawing in the present invention, clear, complete description is carried out to the technical solution in the present invention, is shown
So, described embodiment is a part of the embodiments of the present invention, instead of all the embodiments.Based on the implementation in the present invention
Example, those of ordinary skill in the art's every other embodiment obtained without making creative work, all belongs to
In the scope of protection of the invention.
One embodiment of the present of invention provides a kind of violence-averse crack method, as shown in Figure 1, provided in an embodiment of the present invention
Violence-averse crack method the following steps are included:
Step 11, monitoring certification log recording.
Violence-averse crack servers real-time monitoring authenticates log recording, when every certification log recording includes at least certification
Between, certification IP, user name, the information such as authentication result, wherein authentication mode includes: real-name authentication, mobile phone/mailbox verifying etc..It needs
It is noted that in embodiments of the present invention, storing subscriber identity information using block chain technology, subscriber identity information is stored in
In at least one the 4th block node.
Step 12, when there is abnormal authentication information, alert process record, complaint record and Brute Force attack letter are obtained
Breath.
Wherein, alert process record storage appeals record storage in block chain in the first block node of block chain
In second block node, Brute Force attack information is stored in the third block node of block chain.
The acquisition alert process record, complaint record and Brute Force attack information, specifically include: respectively from the firstth area
Alert process record is obtained in block node, complaint record is obtained from the second block node, is obtained from third block node sudden and violent
Power cracks attack information.
Step 13, it records and presets according to abnormal authentication information, Brute Force attack information, alert process record, complaint
Brute Force challenge model, calculate the probability that the corresponding behavior of abnormal authentication information belongs to Brute Force attack.
Specifically, violence-averse crack servers determine the corresponding authentication operation of abnormal authentication information by machine learning algorithm
A possibility that belonging to Brute Force attack.Clf=ML (AbnormalAuth, BruteforceAttack, AlarmInfo,
ComplaintInfo)
Wherein, the Brute Force challenge model that Clf expression is generated using machine learning algorithm, AbnormalAuth,
BruteforceAttack, AlarmInfo, ComplaintInfo are four parameters of ML algorithm.AbnormalAuth indicates different
Normal authentication information, BruteforceAttack indicate that Brute Force attacks information, and AlarmInfo indicates alert process information,
ComplaintInfo indicates complaint information.
Possibility=Clf.predict (AbnormalAuth1, BruteforceAttack1, Alar mInfo1,
ComplaintInfo1);
The expression of this formula, which uses force, to be cracked the corresponding behavior of challenge model predicted anomaly authentication information and belongs to Brute Force
The probability of attack.Wherein, Possibility indicates that the corresponding behavior of abnormal authentication information belongs to the probability of Brute Force attack,
Clf.predict expression, which uses force, cracks the forecast function of challenge model, AbnormalAuth1,
BruteforceAttack1, AlarmInfo1, ComplaintInfo1 are four parameters of Clf.predict, are respectively indicated different
Existing Brute Force attack information, alert process information and complaint information in normal authentication information and block chain.
Step 14, judge whether the probability is greater than preset threshold value, if more than thening follow the steps 15;Otherwise, step is executed
Rapid 11.
Specifically, if violence-averse crack servers judge abnormal authentication information, corresponding behavior belongs to Brute Force attack
Probability is greater than preset threshold value, and the corresponding behavior of specification exception authentication information belongs to Brute Force attack, then blocks attack, Xiang Xiang
Warning message is sent using family, and records the warning message (i.e. execution step 15);If violence-averse crack servers judge different
The probability that the normal corresponding behavior of authentication information belongs to Brute Force attack is less than or equal to the threshold value, specification exception authentication information
Corresponding behavior is not belonging to Brute Force attack, then continues monitoring certification log recording (i.e. return step 11).
Step 15, attack is blocked, sends warning message to relative users, and record the warning message.
Specifically, violence-averse crack servers are attacked blocking and are reported by short message or lettergram mode to relative users transmission
After alert information, the warning message is recorded in the first block node.
It can be seen that the present invention by monitoring certification log recording, in the authentication information that notes abnormalities by step 11-15
When, it obtains alert process record, complaint record and Brute Force and attacks information, calculate the corresponding behavior of abnormal authentication information and belong to
The probability of Brute Force attack blocks attack when the probability is greater than threshold value, sends warning message to relative users, and remember
Record warning message;The solution of the present invention can monitor and the attack of active countermeasures Brute Force, and can continuously monitor, Ke Yiying
Continuous Brute Force is attacked.
Further, as shown in Fig. 2, it is (described violence-averse i.e. after step 15) sending warning message to relative users
Crack method is further comprising the steps of:
Step 16, the feedback information that user sends is received.
Wherein, feedback information includes the status information whether user confirms the warning message.User receives anti-sudden and violent
After the warning message that power crack servers are sent, confirm whether the corresponding behavior of exception authentication information is attack, if shape
State information is confirmation, illustrates that user confirms that the corresponding behavior of exception authentication information is attack;If status information is non-true
Recognize, illustrates that user does not approve that the corresponding behavior of exception authentication information is attack, i.e., the warning message is wrong report.
Step 17, judge whether the behavior belongs to Brute Force attack according to status information, if being not belonging to, execute step
Rapid 18;Otherwise, step 19 is executed.
Specifically, if violence-averse crack servers judge that the corresponding behavior of exception authentication information does not belong to according to status information
It is attacked in Brute Force, then releases attack and block (i.e. execution step 18);If violence-averse crack servers are sentenced according to status information
Break the corresponding behavior of exception authentication information belong to Brute Force attack, then record this Brute Force in third block node
Attack information (i.e. execution step 19).
Step 18, attack is released to block.
Step 19, this Brute Force attack information is recorded in third block node.
Further, as shown in figure 3, it is (described violence-averse i.e. after step 15) sending warning message to relative users
Crack method is further comprising the steps of:
Step 21, the complaint information that user sends is received.
If user has found that warning message is wrong report, can be appealed.
Step 22, judge whether complaint information is correct, if correctly, thening follow the steps 23;Otherwise, terminate process.
Specifically, whether correctly (judging whether it is wrong report) violence-averse crack servers judge to appeal information, if judgement
It is correct to appeal information, illustrates that warning message for wrong report, then releases attack and blocks, and the record complaint information in the second block node
(i.e. execution step 23);If judgement complaint information is incorrect, illustrating warning message not is wrong report, then terminates process.
Step 23, it releases attack to block, and the record complaint information in the second block node.
It should be noted that in this step, after releasing attack and blocking, short message or mail notification user can also be passed through
It blocks and releases, system is normal.
Based on the same technical idea, the embodiment of the present invention also provides a kind of violence-averse crack servers, as shown in figure 4,
The violence-averse crack servers may include: monitoring modular 41, obtain module 42, computing module 43,44 and of first judgment module
Processing module 45.
Monitoring modular 41 is used for, monitoring certification log recording.
It obtains module 42 to be used for, when there is abnormal authentication information, it is broken to obtain alert process record, complaint record and violence
Solution attack information.
Computing module 43 is used for, according to the abnormal authentication information, Brute Force attack information, alert process record, Shen
It tells record and preset Brute Force challenge model, calculates the corresponding behavior of the abnormal authentication information and belong to Brute Force attack
Probability.
First judgment module 44 is used for, and judges whether the probability is greater than preset threshold value.
Processing module 45 is used for, if the probability is greater than preset threshold value, blocks attack, is sent and is alarmed to relative users
Information, and record the warning message.
Preferably, it obtains module 42 to be specifically used for, alert process record is obtained from the first block node respectively, from second
Complaint record is obtained in block node, and Brute Force is obtained from third block node and attacks information.
Processing module 45 is specifically used for, and records the warning message in the first block node.
Further, the violence-averse crack servers further include receiving module 46 and the second judgment module 47.
Receiving module 47 is used for, and receives the feedback information that user sends, the feedback information includes user to the alarm
The status information whether information confirms.
Second judgment module 47 is used for, and judges whether the behavior belongs to Brute Force attack according to the state information.
Processing module 45 is also used to, when the second judgment module 47 judges that the behavior is not belonging to Brute Force attack,
The attack is released to block.
Further, processing module 45 is also used to, when the second judgment module 47 judges that the behavior belongs to Brute Force
When attack, this Brute Force attack information is recorded in the 4th block node.
Further, receiving module 46 is also used to, and receives the complaint information that user sends.
Second judgment module 47 is also used to, and judges whether the complaint information is correct.
Processing module 45 is also used to, and when the second judgment module 47 judges that the complaint information is correct, is attacked described in releasing
Blocking is hit, and records the complaint information in the third block node.
It is understood that the principle that embodiment of above is intended to be merely illustrative of the present and the exemplary implementation that uses
Mode, however the present invention is not limited thereto.For those skilled in the art, essence of the invention is not being departed from
In the case where mind and essence, various changes and modifications can be made therein, these variations and modifications are also considered as protection scope of the present invention.
Claims (10)
1. a kind of violence-averse crack method, which is characterized in that the described method includes:
Monitoring certification log recording;
When there is abnormal authentication information, obtains alert process record, complaint record and Brute Force and attack information;
It is broken according to the abnormal authentication information, Brute Force attack information, alert process record, complaint record and preset violence
Challenge model is solved, the probability that the corresponding behavior of the abnormal authentication information belongs to Brute Force attack is calculated;
If the probability is greater than preset threshold value, attack is blocked, sends warning message to relative users, and record the alarm
Information.
2. the method as described in claim 1, which is characterized in that the acquisition alert process record, complaint record and violence are broken
Solution attack information, specifically includes: obtaining alert process record from the first block node respectively, obtains from the second block node
Complaint record obtains Brute Force from third block node and attacks information;
It is described to record the warning message, it specifically includes: recording the warning message in the first block node.
3. method according to claim 2, which is characterized in that after the transmission warning message to relative users, the side
Method further include:
The feedback information that user sends is received, the feedback information includes that user believes the state whether warning message confirms
Breath;
Judge whether the behavior belongs to Brute Force attack according to the state information, if being not belonging to, releases the attack
It blocks.
4. method as claimed in claim 3, which is characterized in that further include: if judging, the behavior belongs to Brute Force and attacks
It hits, then records this Brute Force attack information in the third block node.
5. method as claimed in claim 3, which is characterized in that after the blocking attack, the method also includes:
Receive the complaint information that user sends;
Judge whether the complaint information is correct, if correctly, releasing the attack and blocking, and in the second block node
Record the complaint information.
6. a kind of violence-averse crack servers characterized by comprising monitoring modular, acquisition module, computing module, first are sentenced
Disconnected module and processing module;
The monitoring modular is used for, monitoring certification log recording;
The acquisition module is used for, and when there is abnormal authentication information, obtains alert process record, complaint record and Brute Force
Attack information;
The computing module is used for, according to the abnormal authentication information, Brute Force attack information, alert process record, complaint
Record and preset Brute Force challenge model calculate the corresponding behavior of the abnormal authentication information and belong to Brute Force attack
Probability;
The first judgment module is used for, and judges whether the probability is greater than preset threshold value;
The processing module is used for, if the probability is greater than preset threshold value, blocks attack, sends alarm signal to relative users
Breath, and record the warning message.
7. violence-averse crack servers as claimed in claim 6, which is characterized in that the acquisition module is specifically used for, respectively
Alert process record is obtained from the first block node, complaint record is obtained from the second block node, from third block node
Middle acquisition Brute Force attacks information;
The processing module is specifically used for, and records the warning message in the first block node.
8. violence-averse crack servers as claimed in claim 7, which is characterized in that further include: receiving module and the second judgement
Module;
The receiving module is used for, and receives the feedback information that user sends, the feedback information includes user to the alarm signal
The status information whether breath confirms;
Second judgment module is used for, and judges whether the behavior belongs to Brute Force attack according to the state information;
The processing module is also used to, when second judgment module judges that the behavior is not belonging to Brute Force attack,
The attack is released to block.
9. violence-averse crack servers as claimed in claim 8, which is characterized in that the processing module is also used to, when described
When second judgment module judges that the behavior belongs to Brute Force attack, this violence is recorded in the 4th block node
Crack attack information.
10. violence-averse crack servers as claimed in claim 8, which is characterized in that the receiving module is also used to, and is received and is used
The complaint information that family is sent;
Second judgment module is also used to, and judges whether the complaint information is correct;
The processing module is also used to, and when second judgment module judges that the complaint information is correct, is attacked described in releasing
Blocking is hit, and records the complaint information in the third block node.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910463326.0A CN110166476B (en) | 2019-05-30 | 2019-05-30 | Anti-brute force cracking method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910463326.0A CN110166476B (en) | 2019-05-30 | 2019-05-30 | Anti-brute force cracking method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110166476A true CN110166476A (en) | 2019-08-23 |
CN110166476B CN110166476B (en) | 2021-09-17 |
Family
ID=67630402
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910463326.0A Active CN110166476B (en) | 2019-05-30 | 2019-05-30 | Anti-brute force cracking method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110166476B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111800432A (en) * | 2020-07-20 | 2020-10-20 | 博为科技有限公司 | Anti-brute force cracking method and device based on log analysis |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104636494A (en) * | 2015-03-04 | 2015-05-20 | 浪潮电子信息产业股份有限公司 | Log audit checking system based on Spark big data platform |
CN106503995A (en) * | 2016-11-17 | 2017-03-15 | 中国银行股份有限公司 | A kind of data sharing method, source node, destination node and system |
CN106686014A (en) * | 2017-03-14 | 2017-05-17 | 北京深思数盾科技股份有限公司 | Prevention method and prevention device of cyber attacks |
CN106775929A (en) * | 2016-11-25 | 2017-05-31 | 中国科学院信息工程研究所 | A kind of virtual platform safety monitoring method and system |
CN108111463A (en) * | 2016-11-24 | 2018-06-01 | 蓝盾信息安全技术有限公司 | The self study of various dimensions baseline and abnormal behaviour analysis based on average value and standard deviation |
CN108234462A (en) * | 2017-12-22 | 2018-06-29 | 杭州安恒信息技术有限公司 | A kind of method that intelligent intercept based on cloud protection threatens IP |
CN108400971A (en) * | 2018-01-25 | 2018-08-14 | 长春市万易科技有限公司 | A kind of anti-fake system and method |
CN109191136A (en) * | 2018-09-05 | 2019-01-11 | 北京芯盾时代科技有限公司 | A kind of e-bank is counter to cheat method and device |
CN109326337A (en) * | 2018-09-06 | 2019-02-12 | 西安电子科技大学 | Electronic medical record storage and shared model and method based on block chain |
CN109409896A (en) * | 2018-10-17 | 2019-03-01 | 北京芯盾时代科技有限公司 | Identification model training method, bank's fraud recognition methods and device are cheated by bank |
KR101957917B1 (en) * | 2018-08-28 | 2019-03-15 | 주식회사 요트북 | Server and system for provding marina operation management service using blockchain and information and communications technology |
CN109815203A (en) * | 2019-02-12 | 2019-05-28 | 山东超越数控电子股份有限公司 | A kind of log audit method and system based on block chain |
-
2019
- 2019-05-30 CN CN201910463326.0A patent/CN110166476B/en active Active
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104636494A (en) * | 2015-03-04 | 2015-05-20 | 浪潮电子信息产业股份有限公司 | Log audit checking system based on Spark big data platform |
CN106503995A (en) * | 2016-11-17 | 2017-03-15 | 中国银行股份有限公司 | A kind of data sharing method, source node, destination node and system |
CN108111463A (en) * | 2016-11-24 | 2018-06-01 | 蓝盾信息安全技术有限公司 | The self study of various dimensions baseline and abnormal behaviour analysis based on average value and standard deviation |
CN106775929A (en) * | 2016-11-25 | 2017-05-31 | 中国科学院信息工程研究所 | A kind of virtual platform safety monitoring method and system |
CN106686014A (en) * | 2017-03-14 | 2017-05-17 | 北京深思数盾科技股份有限公司 | Prevention method and prevention device of cyber attacks |
CN108234462A (en) * | 2017-12-22 | 2018-06-29 | 杭州安恒信息技术有限公司 | A kind of method that intelligent intercept based on cloud protection threatens IP |
CN108400971A (en) * | 2018-01-25 | 2018-08-14 | 长春市万易科技有限公司 | A kind of anti-fake system and method |
KR101957917B1 (en) * | 2018-08-28 | 2019-03-15 | 주식회사 요트북 | Server and system for provding marina operation management service using blockchain and information and communications technology |
CN109191136A (en) * | 2018-09-05 | 2019-01-11 | 北京芯盾时代科技有限公司 | A kind of e-bank is counter to cheat method and device |
CN109326337A (en) * | 2018-09-06 | 2019-02-12 | 西安电子科技大学 | Electronic medical record storage and shared model and method based on block chain |
CN109409896A (en) * | 2018-10-17 | 2019-03-01 | 北京芯盾时代科技有限公司 | Identification model training method, bank's fraud recognition methods and device are cheated by bank |
CN109815203A (en) * | 2019-02-12 | 2019-05-28 | 山东超越数控电子股份有限公司 | A kind of log audit method and system based on block chain |
Non-Patent Citations (3)
Title |
---|
唐斌等: "网络安全问题的发生机制及解决路径探析", 《数码世界》 * |
李大伟等: "基于区块链的密钥更新和可信定位系统", 《密码学报》 * |
翟社平等: "区块链中的隐私保护技术", 《西安邮电大学学报》 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111800432A (en) * | 2020-07-20 | 2020-10-20 | 博为科技有限公司 | Anti-brute force cracking method and device based on log analysis |
Also Published As
Publication number | Publication date |
---|---|
CN110166476B (en) | 2021-09-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Staniford-Chen et al. | Holding intruders accountable on the internet | |
JP4763819B2 (en) | Wireless LAN access point device and fraud management frame detection method | |
JP4911018B2 (en) | Filtering apparatus, filtering method, and program causing computer to execute the method | |
US9800589B1 (en) | Methods and apparatus for detecting malicious attacks | |
EP1533977B1 (en) | Detection of denial of service attacks against SIP (session initiation protocol) elements | |
US8825998B2 (en) | Security control in a communication system | |
CN110866246B (en) | Malicious code attack detection method and device and electronic equipment | |
CN102752269B (en) | Based on the method for the authentication of cloud computing, system and cloud server | |
KR20130005301A (en) | Method for adapting security policies of an information system infrastructure | |
EP2081356A1 (en) | Method of and telecommunication apparatus for SIP anomaly detection in IP networks | |
CN111865974A (en) | Network security defense system and method | |
US7603461B2 (en) | Methods, apparatus, and systems for distributed hypothesis testing in autonomic processing machines | |
CN116319099A (en) | Multi-terminal financial data management method and system | |
CN115396200A (en) | Cross-platform data security management application method, device and system | |
CN109257750A (en) | The intrusion detection method of multi-protocol layer based on trust and noise spot detection technique | |
CN110166476A (en) | A kind of violence-averse crack method and device | |
Dong et al. | Resilient cluster leader election for wireless sensor networks | |
CN111104655B (en) | BMC login method and related device | |
Chen et al. | Intrusion detection in wireless mesh networks | |
CN110912869A (en) | Big data-based monitoring and reminding method | |
CN116743469A (en) | Network security early warning processing method and electronic equipment | |
Hou et al. | A sink node assisted lightweight intrusion detection mechanism for WBAN | |
WO2001093531A2 (en) | Systems and methods for distributed network protection | |
CN106571937A (en) | Router, mobile terminal and alarm information sending and reception method | |
Fadlullah et al. | Combating against attacks on encrypted protocols |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |