CN110177102A - Anti-attack method, electronic equipment, system and medium based on fringe node - Google Patents

Anti-attack method, electronic equipment, system and medium based on fringe node Download PDF

Info

Publication number
CN110177102A
CN110177102A CN201910453146.4A CN201910453146A CN110177102A CN 110177102 A CN110177102 A CN 110177102A CN 201910453146 A CN201910453146 A CN 201910453146A CN 110177102 A CN110177102 A CN 110177102A
Authority
CN
China
Prior art keywords
node
transmitted
fringe node
application program
fringe
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910453146.4A
Other languages
Chinese (zh)
Inventor
杜琛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Onething Technology Co Ltd
Original Assignee
Shenzhen Onething Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Onething Technology Co Ltd filed Critical Shenzhen Onething Technology Co Ltd
Priority to CN201910453146.4A priority Critical patent/CN110177102A/en
Publication of CN110177102A publication Critical patent/CN110177102A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes

Abstract

The invention discloses a kind of anti-attack method based on fringe node, electronic equipment, system and media, which comprises obtains the nodal information of each fringe node;Node to be transmitted is determined according to the nodal information of each fringe node;Node to be transmitted described in encrypted transmission is to configuring interface document;When receiving the connection request that application program is sent by the configuration interface document, the application program is authenticated;When the application program passes through authentication, connection is established for the application program and the node to be transmitted.The present invention can prevent the attack of network based on fringe node, and while defence, due to there is the participation of each fringe node, effectively reduce cost.

Description

Anti-attack method, electronic equipment, system and medium based on fringe node
Technical field
The present invention relates to Internet technical fields, more particularly to the anti-attack method based on fringe node, electronic equipment, are System and medium.
Background technique
With increasingly developed, the network attack increasingly day-to-day of internet, and face more and more common and high-incidence net Network attack becomes current many cloud security factories using the defence that a large amount of node carries out flow 1:1 in the prior art scheme The selection of quotient.
But above-mentioned defense mechanism usually requires that virtually continuous Internet protocol address, attacker beat in a computer room How many flows, user then defend how many flow, and cost is sufficiently expensive.
Summary of the invention
The main purpose of the present invention is to provide anti-attack method, electronic equipment, system and medium based on fringe node, It is intended to prevent the attack of network based on fringe node, and while defence, due to there is the participation of each fringe node, effectively drops Low cost.
To achieve the above object, the present invention provides a kind of anti-attack method based on fringe node, which comprises
Obtain the nodal information of each fringe node;
Node to be transmitted is determined according to the nodal information of each fringe node;
Node to be transmitted described in encrypted transmission is to configuring interface document;
When receive application program by it is described configuration interface document send connection request when, to the application program into Row authentication;
When the application program passes through authentication, connection is established for the application program and the node to be transmitted.
Preferably, when the nodal information of each fringe node can not be got, the method also includes:
Using distributed hash table algorithm probe node as the node to be transmitted.
Preferably, the nodal information according to each fringe node determines that node to be transmitted includes:
Internet Service Provider, number of network connections and the load of each fringe node are determined from the nodal information;
Obtain the first weight of the Internet Service Provider, the second weight of the number of network connections and described The third weight of load;
According to the Internet Service Provider, the number of network connections, the load and first weight, institute The second weight, the third weight are stated, the scoring of each fringe node is calculated;
By the scoring of each fringe node according to being ranked up from high to low;
The node of default position before coming is obtained as the node to be transmitted.
Preferably, node to be transmitted described in the encrypted transmission to configuration interface document includes:
The node to be transmitted is encrypted using RSA cryptographic algorithms;
By encrypted node-node transmission to be transmitted to the configuration interface document.
Preferably, after establishing connection with the node to be transmitted for the application program, when by Denial of Service attack When, the method also includes:
The time-out of shaking hands of transmission control protocol is adjusted, until detecting completion of shaking hands;And/or
Transparent transmission is carried out using proxy server technology.
Preferably, described when being attacked by CC after establishing connection with the node to be transmitted for the application program Method further include:
Control enters 302 access states;And/or
Corresponding visitation frequency is configured for each Internet protocol address, when the access frequency for having the first Internet protocol address It is secondary when being more than or equal to corresponding first threshold, within a preset time, intercept the access of first Internet protocol address; And/or
When the request header for detecting the second Internet protocol address is illegal, with intercepting second Internet protocol The access of location;And/or
When having detected third Internet protocol address by attacking at a slow speed, the third Internet protocol address is intercepted Access.
To achieve the above object, the present invention further provides a kind of electronic equipment, the electronic equipment includes:
Memory stores at least one instruction;And
Processor executes the instruction stored in the memory to realize the anti-attack method based on fringe node.
Preferably, the electronic equipment is the node of component content distribution network or block chain network.
To achieve the above object, the present invention further provides a kind of the attack protection system based on fringe node, the system Include:
Acquiring unit, for obtaining the nodal information of each fringe node;
Determination unit, for determining node to be transmitted according to the nodal information of each fringe node;
Transmission unit, for node to be transmitted described in encrypted transmission to configuring interface document;
Authenticating unit, for when receive application program by it is described configuration interface document send connection request when, it is right The application program is authenticated;
Connection unit, for when the application program passes through authentication, being the application program and the node to be transmitted Establish connection.
Preferably, the system also includes:
Probe unit, for being calculated using distributed hashtable when the nodal information of each fringe node can not be got Method probe node is as the node to be transmitted.
Preferably, the determination unit is specifically used for:
Internet Service Provider, number of network connections and the load of each fringe node are determined from the nodal information;
Obtain the first weight of the Internet Service Provider, the second weight of the number of network connections and described The third weight of load;
According to the Internet Service Provider, the number of network connections, the load and first weight, institute The second weight, the third weight are stated, the scoring of each fringe node is calculated;
By the scoring of each fringe node according to being ranked up from high to low;
The node of default position before coming is obtained as the node to be transmitted.
Preferably, the transmission unit is specifically used for:
The node to be transmitted is encrypted using RSA cryptographic algorithms;
By encrypted node-node transmission to be transmitted to the configuration interface document.
Preferably, the system also includes:
Adjustment unit, for being taken when by refusal after establishing connection with the node to be transmitted for the application program When business attack, the time-out of shaking hands of transmission control protocol is adjusted, until detecting completion of shaking hands;And/or
Transparent transmission unit, for carrying out transparent transmission using proxy server technology.
Preferably, the system also includes:
Control unit, for being attacked when by CC after establishing connection with the node to be transmitted for the application program When, control enters 302 access states;And/or
Interception unit, for configuring corresponding visitation frequency for each Internet protocol address, when there is the first internet protocol When discussing the visitation frequency of address more than or equal to corresponding first threshold, within a preset time, first internet is intercepted The access of protocol address;And/or
The interception unit is also used to when the request header for detecting the second Internet protocol address is illegal, is intercepted The access of second Internet protocol address;And/or
The interception unit is also used to when having detected third Internet protocol address by attacking at a slow speed, intercepts institute State the access of third Internet protocol address.
To achieve the above object, the present invention further provides a kind of computer program products, including computer instruction, when it When running on computers, computer is allowed to execute the anti-attack method based on fringe node.
In conclusion the present invention can obtain the nodal information of each fringe node, and according to the section of each fringe node Point information determines node to be transmitted, and node to be transmitted described in further encrypted transmission is to configuring interface document, when receiving application When the connection request that program is sent by the configuration interface document, the application program is authenticated, applies journey when described When sequence passes through authentication, connection is established for the application program and the node to be transmitted, to prevent network based on fringe node Attack, and defence while, due to there is the participation of each fringe node, effectively reduce cost.
Detailed description of the invention
Fig. 1 is the flow diagram of one embodiment of the invention;
Fig. 2 is the schematic diagram of internal structure for the electronic equipment that one embodiment of the invention discloses;
Fig. 3 is that the present invention is based on the functional block diagrams of the attack protection system of fringe node;
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Main element symbol description
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right The present invention is further elaborated.It should be appreciated that described herein, specific examples are only used to explain the present invention, not For limiting the present invention.Based on the embodiments of the present invention, those of ordinary skill in the art are not before making creative work Every other embodiment obtained is put, shall fall within the protection scope of the present invention.
The description and claims of this application and term " first ", " second ", " third ", " in above-mentioned attached drawing The (if present)s such as four " are to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should manage The data that solution uses in this way are interchangeable under appropriate circumstances, so that the embodiments described herein can be in addition to illustrating herein Or the sequence other than the content of description is implemented.In addition, term " includes " and " having " and their any deformation, it is intended that Cover it is non-exclusive include, for example, containing the process, method, system, product or equipment of a series of steps or units need not limit In step or unit those of is clearly listed, but may include be not clearly listed or for these process, methods, produce The other step or units of product or equipment inherently.
It should be noted that the description for being related to " first ", " second " etc. in the present invention is used for description purposes only, and cannot It is interpreted as its relative importance of indication or suggestion or implicitly indicates the quantity of indicated technical characteristic.Define as a result, " the One ", the feature of " second " can explicitly or implicitly include at least one of the features.In addition, the skill between each embodiment Art scheme can be combined with each other, but must be based on can be realized by those of ordinary skill in the art, when technical solution Will be understood that the combination of this technical solution is not present in conjunction with there is conflicting or cannot achieve when, also not the present invention claims Protection scope within.
The present invention provides a kind of anti-attack method based on fringe node.
Referring to Fig.1, Fig. 1 is the flow diagram of one embodiment of the invention.According to different requirements, in the flow diagram The sequence of step can change, and certain steps can be omitted.
The anti-attack method based on fringe node is applied in one or more electronic equipment, the electronic equipment It is that one kind can be according to the instruction for being previously set or storing, the automatic equipment for carrying out numerical value calculating and/or information processing, the electricity The hardware of sub- equipment includes but is not limited to microprocessor, specific integrated circuit (Application Specific Integrated Circuit, ASIC), programmable gate array (Field-Programmable Gate Array, FPGA), digital processing unit (Digital Signal Processor, DSP), embedded device etc..
The electronic equipment can be any electronic product that human-computer interaction can be carried out with user, for example, personal meter Calculation machine, tablet computer, smart phone, personal digital assistant (Personal Digital Assistant, PDA), game machine, friendship Mutual formula Web TV (Internet Protocol Television, IPTV), intellectual wearable device etc..
The electronic equipment can also include the network equipment and/or user equipment.Wherein, the network equipment includes, but It is not limited to single network server, the server group of multiple network servers composition or based on cloud computing (Cloud Computing the cloud being made of a large amount of hosts or network server).
Network locating for the electronic equipment include but is not limited to internet, wide area network, Metropolitan Area Network (MAN), local area network, it is virtual specially With network (Virtual Private Network, VPN) etc..
In one embodiment, this method comprises:
S10 obtains the nodal information of each fringe node.
In at least one embodiment of the present invention, the fringe node includes various user nodes, and since user saves The diversity of point, therefore, the fringe node also has different performances.
Such as: the fringe node can be the node by Intelligent hardware (such as: playing objective cloud) connection network, can also be with It is using the node of the routing device connection network of any manufacturer, the present invention does not limit herein.
In at least one embodiment of the present invention, the nodal information includes, but are not limited to following one or more Combination:
Internet Service Provider (Internet Service Provider, ISP), number of network connections, and load.
It at least one embodiment of the present invention, may include an overall control center in network system, by described total Control center arranges the nodal information of each fringe node.
Further, the fringe node may include distribution node and defence node.Wherein, the distribution node is main For distribution node etc., and the defence node is then mainly used for being on the defensive to various network attacks.
Further, the nodal information of each fringe node is obtained from the overall control center by the distribution node.
In at least one embodiment of the present invention, described when the nodal information of each fringe node can not be got Method further include:
The electronic equipment uses distributed hash table algorithm (Distributed Hash Table, DHT) probe node As the node to be transmitted.
, can be in the distribution node due to lost contacts whole by attack by above embodiment, i.e., the described electronics is set When the standby nodal information that can not get each fringe node, detected using distributed hash table algorithm decentralization, And random probing is to interim, available node, when under attack, still not influence to operate normally.
S11 determines node to be transmitted according to the nodal information of each fringe node.
In at least one embodiment of the present invention, the node to be transmitted may include multiple (such as: 5-10), so as to After a node is attacked, there are also other nodes can be used, and then avoids causing the normal use of network due to attack It influences.
In at least one embodiment of the present invention, the electronic equipment is determined according to the nodal information of each fringe node Node to be transmitted includes:
The electronic equipment determines that the Internet Service Provider of each fringe node, network connect from the nodal information Number and load are connect, and obtains the first weight of the Internet Service Provider, the second weight of the number of network connections, and The third weight of the load, the electronic equipment is according to the Internet Service Provider, number of network connections, described negative Load and first weight, second weight, the third weight, calculate the scoring of each fringe node, and will be each According to being ranked up from high to low, the electronic equipment is obtained described in the node conduct for coming preceding default position for the scoring of fringe node Node to be transmitted.
It is understood that the electronic equipment will preferentially select have identical fortune when determining the node to be transmitted The node of quotient is sought, also, the fewer the number of network connections the better, the lower the load then the better.
Further, based on different business demands, the demand to bandwidth etc. is also different, therefore, first power Weight, second weight and the third weight also will be different, i.e., described first weight, second weight and third power Weight can be configured according to actual needs, and the present invention does not limit herein.
By above embodiment, the electronic equipment can get optimal section to be transmitted for different situations Point, and then node is forwarded in right amount, and determine nearest and optimal transmission path, accelerate connection.
S12, node to be transmitted described in encrypted transmission is to configuring interface document.
In at least one embodiment of the present invention, the configuration interface document may include SDK (Software Development Kit, Software Development Kit), the SDK can be integrated into application program, for user's networking.
In at least one embodiment of the present invention, node to be transmitted described in the electronic equipment encrypted transmission to configuration connects Mouthful document includes:
The electronic equipment encrypts the node to be transmitted using RSA cryptographic algorithms, and by encrypted node to be transmitted It is transmitted to the configuration interface document.
Wherein, the RSA cryptographic algorithms are a kind of rivest, shamir, adelmans, have safe and efficient characteristic.
It is understood that since the node to be transmitted cannot expose in a network, in order to avoid by hacker attack, because This, the electronic equipment encrypts the node to be transmitted using RSA cryptographic algorithms, to realize safe transmission.
Specifically, the electronic equipment can be using RSA cryptographic algorithms to the IP (Internet of the node to be transmitted Protocol Address, Internet protocol address) it is encrypted.
Further, after encryption, in order to reduce development cost, the electronic equipment can also be by the node to be transmitted It is mounted under same or same group of domain name, the present invention does not limit.
S13 applies journey to described when receiving the connection request that application program is sent by the configuration interface document Sequence is authenticated.
In at least one embodiment of the present invention, the electronic equipment is after encrypting the node to be transmitted, A key will be generated.
Further, the electronic equipment verifies the key of the application program, to realize the mirror to the application program Power.
In at least one embodiment of the present invention, in order to further increase the safety of transmission, the electronic equipment is also Shell adding processing can be carried out to the key and further protect the node to be transmitted to hide the node to be transmitted.
S14 establishes connection when the application program passes through authentication for the application program and the node to be transmitted.
In at least one embodiment of the present invention, connection is being established for the application program and the node to be transmitted Afterwards, when by Denial of Service attack (SYN Flood), the method also includes:
(1) electronic equipment adjusts transmission control protocol (Transmission Control Protocol, TCP) Shake hands overtime (TimeOut), until detecting completion of shaking hands.
Specifically, the TimeOut of the electronic equipment adjustment TCP three-way handshake, until detecting that TCP three-way handshake is complete At to bear semi-connection state.
(2) electronic equipment carries out transparent transmission using proxy server technology (Proxy Server).
Specifically, the electronic equipment uses proxy server technology, is transferred to user's in the data for needing user Meanwhile guaranteeing that the IP of real server is not exposed, and then effectively increase the safety of server.
In at least one embodiment of the present invention, connection is being established for the application program and the node to be transmitted Afterwards, when attacking (ChallengeCollapsar) by CC, the method also includes:
(1) the electronic equipment control enters 302 access states.
Specifically, the electronic equipment control attacker jumps in preconfigured server, to protect really clothes Business device, and then effectively avoid unauthorized access.
(2) electronic equipment is that each Internet protocol address configures corresponding visitation frequency, when there is the first internet When the visitation frequency of protocol address is more than or equal to corresponding first threshold, within a preset time, the electronic equipment is intercepted The access of first Internet protocol address.
Wherein, the preset time can be custom-configured, such as 20 minutes.
By above embodiment, different visitation frequencies is formulated for different clients, to carry out specific aim to user Protection.
(3) when the request header (Header) for detecting the second Internet protocol address is illegal, the electronic equipment Intercept the access of second Internet protocol address.
Specifically, when detecting in the request header there is no key-value pair (Key-Value), the electronic equipment is intercepted The access of second Internet protocol address, to avoid unauthorized access.
(4) when having detected third Internet protocol address by attacking at a slow speed, the electronic equipment intercepts described the The access of three Internet protocol addresses.
Wherein, described the case where attack refers in a long time, receives only several characters at a slow speed.
By above embodiment, harm caused by attacking at a slow speed can be effectively prevent.
In conclusion the present invention can obtain the nodal information of each fringe node, and according to the section of each fringe node Point information determines node to be transmitted, and node to be transmitted described in further encrypted transmission is to configuring interface document, when receiving application When the connection request that program is sent by the configuration interface document, the application program is authenticated, applies journey when described When sequence passes through authentication, connection is established for the application program and the node to be transmitted, to prevent network based on fringe node Attack, and defence while, due to there is the participation of each fringe node, effectively reduce cost.
Referring to fig. 2, in the present embodiment, the electronic equipment 1 be it is a kind of can according to the instruction for being previously set or storing, The automatic equipment for carrying out numerical value calculating and/or information processing, hardware includes but is not limited to microprocessor, specific integrated circuit (Application Specific Integrated Circuit, ASIC), programmable gate array (Field- Programmable Gate Array, FPGA), it is digital processing unit (Digital Signal Processor, DSP), embedded Equipment etc..
The electronic equipment 1, which can also be but not limited to any one, to pass through keyboard, mouse, remote controler, touching with user The modes such as template or voice-operated device carry out the electronic product of human-computer interaction, for example, personal computer (Personal Computer, PC), tablet computer, smart phone, personal digital assistant (Personal Digital Assistant, PDA), game machine, friendship Mutual formula Web TV (Internet Protocol Television, IPTV), intellectual wearable device, palm PC, just The calculating such as computer, intelligent router, mine machine, network storage equipment terminal device, desktop PC, cloud server are taken to set It is standby etc..
Network locating for the electronic equipment 1 include but is not limited to internet, wide area network, Metropolitan Area Network (MAN), local area network, it is virtual specially With network (Virtual Private Network, VPN) etc..
The electronic equipment 1 can be the node of component content distribution network or block chain network.
The electronic equipment 1 may include memory 12, processor 13 and bus, can also include being stored in the storage In device 12 and the computer program that can be run on the processor 13, such as the attack protection program based on fringe node.
It will be understood by those skilled in the art that the schematic diagram is only the example of electronic equipment 1, not structure paired electrons The restriction of equipment 1 may include perhaps combining certain components or different components, example than illustrating more or fewer components Such as described electronic equipment 1 can also include input-output equipment, network access equipment.
Wherein, memory 12 include at least a type of readable storage medium storing program for executing, the readable storage medium storing program for executing include flash memory, Mobile hard disk, multimedia card, card-type memory (for example, SD or DX memory etc.), magnetic storage, disk, CD etc..Storage Device 12 can be the internal storage unit of electronic equipment 1, such as the mobile hard disk of the electronic equipment 1 in some embodiments.It deposits What reservoir 12 was also possible to be equipped on the External memory equipment of electronic equipment 1, such as electronic equipment 1 in further embodiments inserts Formula mobile hard disk, intelligent memory card (Smart Media Card, SMC) are connect, secure digital (Secure Digital, SD) blocks, Flash card (Flash Card) etc..Further, memory 12 can also both include the internal storage unit of electronic equipment 1 or wrap Include External memory equipment.Memory 12 can be not only used for the application software and Various types of data that storage is installed on electronic equipment 1, example Such as code of the attack protection program based on fringe node, can be also used for temporarily storing and has exported or will export Data.
Processor 13 can be in some embodiments a central processing unit (Central Processing Unit, CPU), controller, microcontroller, microprocessor or other data processing chips, the program for being stored in run memory 12 Code or processing data, such as execute the attack protection program etc. based on fringe node.
The processor 13 executes the operating system of the electronic equipment 1 and the types of applications program of installation.The place Reason device 13 executes the application program to realize the step in above-mentioned each anti-attack method embodiment based on fringe node, example Step S10, S11, S12, S13, S14 as shown in Figure 1.
Alternatively, the processor 13 realizes each module in above-mentioned each Installation practice/mono- when executing the computer program The function of member, such as: obtain the nodal information of each fringe node;It is determined according to the nodal information of each fringe node to be transmitted Node;Node to be transmitted described in encrypted transmission is to configuring interface document;Pass through the configuration interface text when receiving application program When the connection request that shelves are sent, the application program is authenticated;It is the application when the application program passes through authentication Program and the node to be transmitted establish connection.
The bus can be Peripheral Component Interconnect standard (peripheral component interconnect, abbreviation PCI) bus or expanding the industrial standard structure (extended industry standard architecture, abbreviation EISA) Bus etc..The bus can be divided into address bus, data/address bus, control bus etc..For convenient for indicating, only with an arrow in Fig. 2 Head indicates, it is not intended that an only bus or a type of bus.
Illustratively, the computer program can be divided into one or more module/units, one or more A module/unit is stored in the memory 12, and is executed by the processor 13, to complete the present invention.It is one Or multiple module/units can be the series of computation machine program instruction section that can complete specific function, the instruction segment is for retouching State implementation procedure of the computer program in the electronic equipment 1.It is obtained for example, the computer program can be divided into Take unit 110, determination unit 111, transmission unit 112, authenticating unit 113, connection unit 114, probe unit 115, adjustment single Member 116, control unit 117, interception unit 118 and transparent transmission unit 119.
Further, electronic equipment can also include network interface, network interface optionally may include wireline interface and/ Or wireless interface (such as WI-FI interface, blue tooth interface), commonly used in being built between the electronic equipment 1 and other electronic equipments Vertical communication connection.
Optionally, the electronic equipment 1 can also include user interface, user interface may include display (Display), Input unit such as keyboard (Keyboard), optional user interface can also include standard wireline interface and wireless interface.It can Selection of land, in some embodiments, display can be light-emitting diode display, liquid crystal display, touch-control liquid crystal display and OLED (Organic Light-Emitting Diode, Organic Light Emitting Diode) touches device etc..Wherein, display can also be appropriate Referred to as display screen or display unit, for showing the information handled in the electronic device 1 and for showing visual user Interface.
If the integrated module/unit of the electronic equipment 1 is realized in the form of SFU software functional unit and as independent Product when selling or using, can store in a computer readable storage medium.Based on this understanding, the present invention is real All or part of the process in existing above-described embodiment method, can also instruct relevant hardware come complete by computer program At the computer program can be stored in a computer readable storage medium, which is being executed by processor When, it can be achieved that the step of above-mentioned each embodiment of the method.
Wherein, the computer program includes computer program code, and the computer program code can be source code Form, object identification code form, executable file or certain intermediate forms etc..The computer-readable medium may include: can Carry any entity or device, recording medium, USB flash disk, mobile hard disk, magnetic disk, CD, computer of the computer program code Memory, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium etc..It should be noted that the computer-readable medium The content for including can carry out increase and decrease appropriate according to the requirement made laws in jurisdiction with patent practice, such as in certain departments Method administrative area does not include electric carrier signal and telecommunication signal according to legislation and patent practice, computer-readable medium.
Fig. 2 is illustrated only with component 12-13, and the electronic equipment 1 of the attack protection program based on fringe node, ability Field technique personnel it is understood that Fig. 2 shows structure do not constitute the restriction to the electronic equipment 1, may include ratio It illustrates less perhaps more components and perhaps combines certain components or different component layouts.
In conjunction with Fig. 1, it is a kind of based on edge section to realize that the memory 12 in the electronic equipment 1 stores multiple instruction The multiple instruction can be performed to realize in the anti-attack method of point, the processor 13: obtaining the node of each fringe node Information;Node to be transmitted is determined according to the nodal information of each fringe node;Node to be transmitted described in encrypted transmission to configuration connects Mouth document;When receive application program by it is described configuration interface document send connection request when, to the application program into Row authentication;When the application program passes through authentication, connection is established for the application program and the node to be transmitted.
Preferred embodiment according to the present invention, the processor 13 also execute multiple instruction and include:
Using distributed hash table algorithm probe node as the node to be transmitted.
Preferred embodiment according to the present invention, the processor 13 also execute multiple instruction and include:
Internet Service Provider, number of network connections and the load of each fringe node are determined from the nodal information;
Obtain the first weight of the Internet Service Provider, the second weight of the number of network connections and described The third weight of load;
According to the Internet Service Provider, the number of network connections, the load and first weight, institute The second weight, the third weight are stated, the scoring of each fringe node is calculated;
By the scoring of each fringe node according to being ranked up from high to low;
The node of default position before coming is obtained as the node to be transmitted.
Preferred embodiment according to the present invention, the processor 13 also execute multiple instruction and include:
The node to be transmitted is encrypted using RSA cryptographic algorithms;
By encrypted node-node transmission to be transmitted to the configuration interface document.
Preferred embodiment according to the present invention, the processor 13 also execute multiple instruction and include:
The time-out of shaking hands of transmission control protocol is adjusted, until detecting completion of shaking hands;And/or
Transparent transmission is carried out using proxy server technology.
Preferred embodiment according to the present invention, the processor 13 also execute multiple instruction and include:
Control enters 302 access states;And/or
Corresponding visitation frequency is configured for each Internet protocol address, when the access frequency for having the first Internet protocol address It is secondary when being more than or equal to corresponding first threshold, within a preset time, intercept the access of first Internet protocol address; And/or
When the request header for detecting the second Internet protocol address is illegal, with intercepting second Internet protocol The access of location;And/or
When having detected third Internet protocol address by attacking at a slow speed, the third Internet protocol address is intercepted Access.
Referring to Fig. 3, for the present invention is based on the functional block diagrams of the attack protection system of fringe node.It is described to be based on edge The attack protection system 11 of node includes acquiring unit 110, determination unit 111, transmission unit 112, authenticating unit 113, connection list Member 114, probe unit 115, adjustment unit 116, control unit 117, interception unit 118 and transparent transmission unit 119.Alleged by the present invention Module/unit refer to that one kind can be performed by processor 13, and the series of computation machine journey of fixed function can be completed Sequence section, storage is in memory 12.It in the present embodiment, will be in subsequent embodiment about the function of each module/unit It is described in detail.
Acquiring unit 110 obtains the nodal information of each fringe node.
In at least one embodiment of the present invention, the fringe node includes various user nodes, and since user saves The diversity of point, therefore, the fringe node also has different performances.
Such as: the fringe node can be the node by Intelligent hardware (such as: playing objective cloud) connection network, can also be with It is using the node of the routing device connection network of any manufacturer, the present invention does not limit herein.
In at least one embodiment of the present invention, the nodal information includes, but are not limited to following one or more Combination:
Internet Service Provider (Internet Service Provider, ISP), number of network connections, and load.
It at least one embodiment of the present invention, may include an overall control center in network system, by described total Control center arranges the nodal information of each fringe node.
Further, the fringe node may include distribution node and defence node.Wherein, the distribution node is main For distribution node etc., and the defence node is then mainly used for being on the defensive to various network attacks.
Further, the nodal information of each fringe node is obtained from the overall control center by the distribution node.
In at least one embodiment of the present invention, described when the nodal information of each fringe node can not be got Method further include:
Probe unit 115 is made using distributed hash table algorithm (Distributed Hash Table, DHT) probe node For the node to be transmitted.
, can be in the distribution node due to lost contacts whole by attack by above embodiment, i.e., the described acquisition is single When member 110 can not get the nodal information of each fringe node, the probe unit 115 is gone using distributed hash table algorithm It is detected to centralization, and random probing is to interim, available node, it is normal still not influence when under attack Operation.
Determination unit 111 determines node to be transmitted according to the nodal information of each fringe node.
In at least one embodiment of the present invention, the node to be transmitted may include multiple (such as: 5-10), so as to After a node is attacked, there are also other nodes can be used, and then avoids causing the normal use of network due to attack It influences.
In at least one embodiment of the present invention, the determination unit 111 is according to the nodal information of each fringe node Determine that node to be transmitted includes:
The determination unit 111 determines Internet Service Provider, the net of each fringe node from the nodal information Network connection number and load, and the first weight of the Internet Service Provider, the second weight of the number of network connections are obtained, And the third weight of the load, the determination unit 111 is according to the Internet Service Provider, the network connection Several, the described load and first weight, second weight, the third weight, calculate commenting for each fringe node Point, and by the scoring of each fringe node according to being ranked up from high to low, the acquisition of determination unit 111 presets position before coming Node as the node to be transmitted.
It is understood that the determination unit 111 will preferentially select to have identical when determining the node to be transmitted The node of operator, also, the fewer the number of network connections the better, and the lower the load then the better.
Further, based on different business demands, the demand to bandwidth etc. is also different, therefore, first power Weight, second weight and the third weight also will be different, i.e., described first weight, second weight and third power Weight can be configured according to actual needs, and the present invention does not limit herein.
By above embodiment, the determination unit 111 can get optimal to be transmitted for different situations Node, and then node is forwarded in right amount, and determine nearest and optimal transmission path, accelerate connection.
Node to be transmitted described in 112 encrypted transmission of transmission unit is to configuring interface document.
In at least one embodiment of the present invention, the configuration interface document may include SDK (Software Development Kit, Software Development Kit), the SDK can be integrated into application program, for user's networking.
In at least one embodiment of the present invention, node to be transmitted described in 112 encrypted transmission of transmission unit is to matching Setting interface document includes:
The transmission unit 112 encrypts the node to be transmitted using RSA cryptographic algorithms, and by encrypted section to be transmitted Point is transmitted to the configuration interface document.
Wherein, the RSA cryptographic algorithms are a kind of rivest, shamir, adelmans, have safe and efficient characteristic.
It is understood that since the node to be transmitted cannot expose in a network, in order to avoid by hacker attack, because This, the transmission unit 112 encrypts the node to be transmitted using RSA cryptographic algorithms, to realize safe transmission.
Specifically, the transmission unit 112 can be using RSA cryptographic algorithms to the IP of the node to be transmitted (Internet Protocol Address, Internet protocol address) is encrypted.
Further, after encryption, in order to reduce development cost, the transmission unit 112 can also will be described to be transmitted Node is mounted under same or same group of domain name, and the present invention does not limit.
When receiving the connection request that application program is sent by the configuration interface document, 113 pairs of institutes of authenticating unit Application program is stated to be authenticated.
In at least one embodiment of the present invention, the transmission unit 112 is encrypted to the node to be transmitted Afterwards, a key will be generated.
Further, the authenticating unit 113 verifies the key of the application program, to realize to the application program Authentication.
In at least one embodiment of the present invention, in order to further increase the safety of transmission, the transmission unit 112 Shell adding processing can also be carried out to the key and further protect the node to be transmitted to hide the node to be transmitted.
When the application program passes through authentication, connection unit 114 is that the application program is built with the node to be transmitted Vertical connection.
In at least one embodiment of the present invention, connection is being established for the application program and the node to be transmitted Afterwards, when by Denial of Service attack (SYN Flood), the method also includes:
(1) adjustment unit 116 adjusts holding for transmission control protocol (Transmission Control Protocol, TCP) Hand time-out (TimeOut), until detecting completion of shaking hands.
Specifically, the adjustment unit 116 adjusts the TimeOut of TCP three-way handshake, until detecting TCP three-way handshake It completes, to bear semi-connection state.
(2) transparent transmission unit 119 carries out transparent transmission using proxy server technology (Proxy Server).
Specifically, the transparent transmission unit 119 uses proxy server technology, is transferred to user in the data for needing user While, guarantee that the IP of real server is not exposed, and then effectively increase the safety of server.
In at least one embodiment of the present invention, connection is being established for the application program and the node to be transmitted Afterwards, when attacking (ChallengeCollapsar) by CC, the method also includes:
(1) control of control unit 117 enters 302 access states.
Specifically, described control unit 117 controls attacker and jumps in preconfigured server, real to protect Server, and then effectively avoid unauthorized access.
(2) interception unit 118 is that each Internet protocol address configures corresponding visitation frequency, when there is the first internet protocol When discussing the visitation frequency of address more than or equal to corresponding first threshold, within a preset time, the interception unit 118 is intercepted The access of first Internet protocol address.
Wherein, the preset time can be custom-configured, such as 20 minutes.
By above embodiment, different visitation frequencies is formulated for different clients, to carry out specific aim to user Protection.
(3) when the request header (Header) for detecting the second Internet protocol address is illegal, the interception unit 118 intercept the access of second Internet protocol address.
Specifically, when detecting in the request header there is no key-value pair (Key-Value), the interception unit 118 The access for intercepting second Internet protocol address, to avoid unauthorized access.
(4) when having detected third Internet protocol address by attacking at a slow speed, the interception unit 118 intercepts described The access of third Internet protocol address.
Wherein, described the case where attack refers in a long time, receives only several characters at a slow speed.
By above embodiment, harm caused by attacking at a slow speed can be effectively prevent.
In conclusion the present invention can obtain the nodal information of each fringe node, and according to the section of each fringe node Point information determines node to be transmitted, and node to be transmitted described in further encrypted transmission is to configuring interface document, when receiving application When the connection request that program is sent by the configuration interface document, the application program is authenticated, applies journey when described When sequence passes through authentication, connection is established for the application program and the node to be transmitted, to prevent network based on fringe node Attack, and defence while, due to there is the participation of each fringe node, effectively reduce cost.
In the above-described embodiments, can come wholly or partly by software, hardware, firmware or any combination thereof real It is existing.When implemented in software, it can entirely or partly realize in the form of a computer program product.
The computer program product includes one or more computer instructions.Load and execute on computers the meter When calculation machine program instruction, entirely or partly generate according to process or function described in the embodiment of the present invention.The computer can To be general purpose computer, special purpose computer, computer network or other programmable devices.The computer instruction can be deposited Storage in a computer-readable storage medium, or from a computer readable storage medium to another computer readable storage medium Transmission, for example, the computer instruction can pass through wired (example from a web-site, computer, server or data center Such as coaxial cable, optical fiber, Digital Subscriber Line (DSL)) or wireless (such as infrared, wireless, microwave) mode to another website Website, computer, server or data center are transmitted.The computer readable storage medium can be computer and can deposit Any usable medium of storage either includes that the data storages such as one or more usable mediums integrated server, data center are set It is standby.The usable medium can be magnetic medium, (for example, floppy disk, mobile hard disk, tape), optical medium (for example, DVD) or Semiconductor medium (such as solid-state mobile hard disk Solid State Disk (SSD)) etc..
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed system, device and method can be with It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the unit It divides, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components It can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown or The mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, the indirect coupling of device or unit It closes or communicates to connect, can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product When, it can store in a computer readable storage medium.Based on this understanding, the technical solution of the application is substantially The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words It embodies, which is stored in a storage medium, including some instructions are used so that a computer Equipment (can be personal computer, server or the network equipment etc.) executes the complete of each embodiment the method for the application Portion or part steps.And storage medium above-mentioned includes: USB flash disk, mobile mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic or disk etc. are various can store journey The medium of sequence code.
It should be noted that the serial number of the above embodiments of the invention is only for description, do not represent the advantages or disadvantages of the embodiments.And The terms "include", "comprise" herein or any other variant thereof is intended to cover non-exclusive inclusion, so that packet Process, device, article or the method for including a series of elements not only include those elements, but also including being not explicitly listed Other element, or further include for this process, device, article or the intrinsic element of method.Do not limiting more In the case where, the element that is limited by sentence "including a ...", it is not excluded that including process, device, the article of the element Or there is also other identical elements in method.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills Art field, is included within the scope of the present invention.

Claims (10)

1. a kind of anti-attack method based on fringe node, which is characterized in that the described method includes:
Obtain the nodal information of each fringe node;
Node to be transmitted is determined according to the nodal information of each fringe node;
Node to be transmitted described in encrypted transmission is to configuring interface document;
When receiving the connection request that application program is sent by the configuration interface document, reflect to the application program Power;
When the application program passes through authentication, connection is established for the application program and the node to be transmitted.
2. as described in claim 1 based on the anti-attack method of fringe node, which is characterized in that when each side can not be got When the nodal information of edge node, the method also includes:
Using distributed hash table algorithm probe node as the node to be transmitted.
3. as described in claim 1 based on the anti-attack method of fringe node, which is characterized in that described according to each edge section The nodal information of point determines that node to be transmitted includes:
Internet Service Provider, number of network connections and the load of each fringe node are determined from the nodal information;
Obtain the first weight of the Internet Service Provider, the second weight of the number of network connections and the load Third weight;
According to the Internet Service Provider, the number of network connections, the load and first weight, described Two weights, the third weight, calculate the scoring of each fringe node;
By the scoring of each fringe node according to being ranked up from high to low;
The node of default position before coming is obtained as the node to be transmitted.
4. as described in claim 1 based on the anti-attack method of fringe node, which is characterized in that described in the encrypted transmission to Transmission node extremely configures interface document
The node to be transmitted is encrypted using RSA cryptographic algorithms;
By encrypted node-node transmission to be transmitted to the configuration interface document.
5. as described in claim 1 based on the anti-attack method of fringe node, which is characterized in that for the application program with After the node to be transmitted establishes connection, when by Denial of Service attack, the method also includes:
The time-out of shaking hands of transmission control protocol is adjusted, until detecting completion of shaking hands;And/or
Transparent transmission is carried out using proxy server technology.
6. as described in claim 1 based on the anti-attack method of fringe node, which is characterized in that for the application program with After the node to be transmitted establishes connection, when being attacked by CC, the method also includes:
Control enters 302 access states;And/or
Corresponding visitation frequency is configured for each Internet protocol address, when there is the visitation frequency of the first Internet protocol address big When corresponding first threshold, within a preset time, the access of first Internet protocol address is intercepted;And/ Or
When the request header for detecting the second Internet protocol address is illegal, second Internet protocol address is intercepted Access;And/or
When having detected third Internet protocol address by attacking at a slow speed, the visit of the third Internet protocol address is intercepted It asks.
7. a kind of electronic equipment, which is characterized in that the electronic equipment includes:
Memory stores at least one instruction;And
Processor, execute the instruction that stores in the memory with realize as described in any one of claim 1 to 6 based on The anti-attack method of fringe node.
8. electronic equipment according to claim 7, which is characterized in that the electronic equipment be component content distribution network or The node of person's block chain network.
9. a kind of attack protection system based on fringe node, which is characterized in that the system comprises:
Acquiring unit, for obtaining the nodal information of each fringe node;
Determination unit, for determining node to be transmitted according to the nodal information of each fringe node;
Transmission unit, for node to be transmitted described in encrypted transmission to configuring interface document;
Authenticating unit, for when receive application program by it is described configuration interface document send connection request when, to described Application program is authenticated;
Connection unit, for when the application program passes through authentication, being that the application program and the node to be transmitted are established Connection.
10. a kind of computer readable storage medium, which is characterized in that be stored on the computer readable storage medium based on side The attack protection program of edge node, the attack protection program based on fringe node can be executed by one or more processor, with Realize such as the anti-attack method described in any one of claims 1 to 6 based on fringe node.
CN201910453146.4A 2019-05-28 2019-05-28 Anti-attack method, electronic equipment, system and medium based on fringe node Pending CN110177102A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910453146.4A CN110177102A (en) 2019-05-28 2019-05-28 Anti-attack method, electronic equipment, system and medium based on fringe node

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910453146.4A CN110177102A (en) 2019-05-28 2019-05-28 Anti-attack method, electronic equipment, system and medium based on fringe node

Publications (1)

Publication Number Publication Date
CN110177102A true CN110177102A (en) 2019-08-27

Family

ID=67695797

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910453146.4A Pending CN110177102A (en) 2019-05-28 2019-05-28 Anti-attack method, electronic equipment, system and medium based on fringe node

Country Status (1)

Country Link
CN (1) CN110177102A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110191139A (en) * 2019-07-17 2019-08-30 中国联合网络通信集团有限公司 A kind of method for authenticating and system, the method for accessing terminal to network
CN111026748A (en) * 2019-11-05 2020-04-17 广州市玄武无线科技股份有限公司 Data compression method, device and system for network access frequency management and control
CN112953986A (en) * 2019-12-10 2021-06-11 华为技术有限公司 Management method and device for edge application
CN114466008A (en) * 2021-12-22 2022-05-10 天翼云科技有限公司 Cloud side communication system, method and device, electronic equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012003890A1 (en) * 2010-07-09 2012-01-12 Telefonaktiebolaget L M Ericsson (Publ) Switching node with load balancing of bursts of packets
CN107800723A (en) * 2017-12-06 2018-03-13 中盈优创资讯科技有限公司 CC attack guarding methods and equipment
CN108737544A (en) * 2018-05-22 2018-11-02 中国联合网络通信集团有限公司 CDN node dispatching method and device
CN109005164A (en) * 2018-07-20 2018-12-14 深圳市网心科技有限公司 A kind of network system, equipment, network data exchange method and storage medium
CN109428839A (en) * 2017-08-31 2019-03-05 华为技术有限公司 A kind of CDN dispatching method, equipment and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012003890A1 (en) * 2010-07-09 2012-01-12 Telefonaktiebolaget L M Ericsson (Publ) Switching node with load balancing of bursts of packets
CN109428839A (en) * 2017-08-31 2019-03-05 华为技术有限公司 A kind of CDN dispatching method, equipment and system
CN107800723A (en) * 2017-12-06 2018-03-13 中盈优创资讯科技有限公司 CC attack guarding methods and equipment
CN108737544A (en) * 2018-05-22 2018-11-02 中国联合网络通信集团有限公司 CDN node dispatching method and device
CN109005164A (en) * 2018-07-20 2018-12-14 深圳市网心科技有限公司 A kind of network system, equipment, network data exchange method and storage medium

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110191139A (en) * 2019-07-17 2019-08-30 中国联合网络通信集团有限公司 A kind of method for authenticating and system, the method for accessing terminal to network
CN111026748A (en) * 2019-11-05 2020-04-17 广州市玄武无线科技股份有限公司 Data compression method, device and system for network access frequency management and control
CN111026748B (en) * 2019-11-05 2020-11-17 广州市玄武无线科技股份有限公司 Data compression method, device and system for network access frequency management and control
CN112953986A (en) * 2019-12-10 2021-06-11 华为技术有限公司 Management method and device for edge application
WO2021115270A1 (en) * 2019-12-10 2021-06-17 华为技术有限公司 Edge application management method, and device
CN112953986B (en) * 2019-12-10 2024-03-12 华为云计算技术有限公司 Edge application management method and device
CN114466008A (en) * 2021-12-22 2022-05-10 天翼云科技有限公司 Cloud side communication system, method and device, electronic equipment and storage medium
CN114466008B (en) * 2021-12-22 2023-10-13 天翼云科技有限公司 Cloud edge communication system, cloud edge communication method, cloud edge communication device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
US11496377B2 (en) Anomaly detection through header field entropy
US10554622B2 (en) Secure application delivery system with dial out and associated method
US20210029156A1 (en) Security monitoring system for internet of things (iot) device environments
CN110177102A (en) Anti-attack method, electronic equipment, system and medium based on fringe node
US10826872B2 (en) Security policy for browser extensions
US9661013B2 (en) Manipulating API requests to indicate source computer application trustworthiness
WO2017039971A1 (en) User-aware datacenter security policies
RU2584506C1 (en) System and method of protecting operations with electronic money
KR102451237B1 (en) Security for container networks
US8856308B1 (en) Cloud scale automatic identity management
TW201445962A (en) Internet protocol threat prevention
US10484418B2 (en) Systems and methods for updating security policies for network traffic
US10637829B2 (en) Passport-controlled firewall
KR101076683B1 (en) Apparatus and method for splitting host-based networks
US11652824B2 (en) Trustworthiness evaluation of network devices
US11784993B2 (en) Cross site request forgery (CSRF) protection for web browsers
Mishra et al. An enhanced DDoS TCP flood attack defence system in a cloud computing
US11451560B2 (en) Systems and methods for pre-configuration attestation of network devices
Benzidane et al. Application-based authentication on an inter-VM traffic in a cloud environment
EP3012771B1 (en) System and method for protecting electronic money transactions
Krishna et al. Cloud-Centric Networking Using Virtualization and Resource Sharing
Díaz García et al. Multiprotocol Authentication Device for HPC and Cloud Environments Based on Elliptic Curve Cryptography
Mudge Live-fire security testing with armitage and metasploit
Kiliç Software defined implementation of cyber attack detection and prevention
Xing Establishing the software-defined networking based defensive system in clouds

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190827