CN110545259A - application layer attack protection method based on message replacement and protection system thereof - Google Patents

application layer attack protection method based on message replacement and protection system thereof Download PDF

Info

Publication number
CN110545259A
CN110545259A CN201910685588.1A CN201910685588A CN110545259A CN 110545259 A CN110545259 A CN 110545259A CN 201910685588 A CN201910685588 A CN 201910685588A CN 110545259 A CN110545259 A CN 110545259A
Authority
CN
China
Prior art keywords
message
terminal
module
level
segment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910685588.1A
Other languages
Chinese (zh)
Inventor
金驰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Ha Software Co Ltd
Original Assignee
Suzhou Ha Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Ha Software Co Ltd filed Critical Suzhou Ha Software Co Ltd
Priority to CN201910685588.1A priority Critical patent/CN110545259A/en
Publication of CN110545259A publication Critical patent/CN110545259A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0464Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

An application layer attack protection method and a protection system based on message replacement comprise the following steps: presetting a terminal blacklist and a terminal whitelist; receiving a message sent by a terminal, and extracting information of the terminal; judging the security of the terminal according to a preset blacklist and a white list; if the terminal is in the blacklist, rejecting the message of the terminal; if the terminal is out of the blacklist and the white list, recording the terminal into a grey list and carrying out message replacement verification; receiving the message sent finally in the grey list and marking the message as a first-level message; embedding an encryption segment in the first-level message to enable the first-level message to become a second-level message; the terminal receives the second-level message, extracts the encrypted segment for processing and embeds the encrypted segment into the second-level message to generate a third-level message, and the terminal uploads the third-level message; extracting the processed encrypted segment from the processed three-level message, and matching the processed encrypted segment; and if the processed encrypted segment fails to be matched, discarding the message of the terminal.

Description

application layer attack protection method based on message replacement and protection system thereof
Technical Field
The invention relates to the technical field of network communication, in particular to an application layer attack protection method and a protection system based on message replacement.
Background
The application layer, also called Application Entity (AE), is composed of several application specific service elements (SASE) and one or more Common Application Service Elements (CASE). Each SASE provides specific application services such as File Transport Access and Management (FTAM), electronic message processing (MHS), virtual terminal protocol (VAP), and the like. The CASE provides a common set of application services, such as contact control service element (ACSE), Reliable Transport Service Element (RTSE), and Remote Operations Service Element (ROSE).
The application layer DDoS attack is developed on the basis of the network layer DDoS attack, the application layer DDoS attack is a novel attack mode, the nature of the attack mode is also based on a flood type attack mode, namely, an attacker sends a large amount of high-frequency legal requests to an attack target through a proxy server or a zombie network so as to achieve the purpose of consuming the bandwidth of the attack target, however, the more main purpose of the application layer DDoS attack is to consume host resources.
An attacker sends request data packets to an attack target host through a large number of puppet machines, which is not the mainstream attack mode of application layer DDoS attack. In this regard, DDoS attacks at the application layer are far more complex than DDoS attacks at the network layer, and may implement more functions. Thus, application layer DDoS attacks may produce greater destructive power. The attack mode that a simple HTTP request can trigger a server to execute a series of complex operations is one of differences between application layer DDoS attacks and network layer DDoS attacks.
therefore, there is a need to identify the legitimacy of an initiated request to reduce the probability that host resources are consumed.
disclosure of Invention
the purpose of the invention is as follows:
aiming at the problems mentioned in the background technology, the invention provides an application layer attack protection method based on message replacement and a protection system thereof.
The technical scheme is as follows:
An application layer attack protection method based on message replacement is characterized by comprising the following steps:
Presetting a terminal blacklist and a terminal whitelist;
Receiving a message sent by a terminal, and extracting information of the terminal;
Judging the security of the terminal according to a preset blacklist and a white list;
if the terminal is in the white list, receiving the message of the terminal and forwarding the message of the terminal to a server;
if the terminal is in the blacklist, rejecting the message of the terminal;
If the terminal is out of the blacklist and the white list, recording the terminal into a grey list and carrying out message replacement verification;
message replacement verification comprises;
receiving a message finally sent in a grey list, and marking the message as a primary message;
Embedding an encryption segment in the primary message to enable the primary message to become a secondary message, and feeding the secondary message back to the terminal;
The terminal receives the second-level message, extracts the encrypted segment for processing and embeds the encrypted segment into the second-level message to generate a third-level message, and the terminal uploads the third-level message;
Extracting the processed encrypted segment from the processed three-level message, and matching the processed encrypted segment;
And if the processed encrypted segment fails to be matched, discarding the message of the terminal.
as a preferred embodiment of the present invention, the processing of the encrypted piece includes:
The terminal inspects the second-level message;
extracting the encryption section embedded in the second-level message by comparing the first-level message;
the terminal analyzes the encrypted segment;
the terminal extracts the content in the encrypted segment and replaces the encrypted segment according to the content of the encrypted segment;
and the terminal embeds the replaced encryption segment into the second-level message to generate a third-level message.
a preferred embodiment of the present invention includes:
if the encryption section matching of the terminal three-level message in the grey list fails, carrying out grey marking on the terminal;
and if the grey mark of the terminal exceeds the preset times, extracting the terminal from the grey list and adding the terminal into the black list.
a preferred embodiment of the present invention includes:
if the processed encrypted segment is successfully matched, establishing connection between the terminal and the server;
And the terminal sends the initially sent message to the server.
as a preferred aspect of the present invention, before the blacklist determination for the terminal, the method further includes:
Monitoring the flow of the server, and if the flow of the server is greater than a preset flow threshold value;
and then, judging the security of the terminal according to a preset blacklist and a white list.
a protection system of an application layer attack protection method based on message replacement comprises the following steps: the system comprises a terminal, a server and a protection module;
The protection module comprises a message receiving module, an information extraction module, a judgment module, a transmission module, a marking module, an encryption module, a message output module, an encryption extraction module and a matching module;
The message receiving module is used for receiving a message sent by the terminal;
The information extraction module is used for extracting the information of the terminal sending the message;
The judging module is used for judging whether the terminal is in a blacklist or not and judging whether the terminal is in a white list or not;
The transmission module is used for transmitting the legal message to the server;
The marking module is used for marking the message sent by the terminal in the grey list;
the encryption module is used for embedding an encryption section in the primary message;
The message output module is used for forwarding a message;
The encryption extraction module is used for extracting the processed encryption section in the three-level message;
The matching module is used for matching the encrypted segments.
as a preferred aspect of the present invention, a terminal includes: the device comprises a viewing module, a terminal extraction module, an encryption segment replacement module and a message generation module;
the inspection module is used for inspecting the secondary message;
the terminal extraction module is used for extracting the encryption section embedded in the secondary message;
The encrypted segment replacing module is used for replacing the encrypted segment;
And the message generation module is used for embedding the replaced encryption segment into the second-level message to generate a third-level message.
the invention comprises a gray marking module as a preferable mode;
The grey marking module is used for carrying out grey marking on the terminal.
as a preferred mode of the present invention, the protection module includes a flow monitoring module;
The flow monitoring module is used for monitoring the flow of the server.
the invention realizes the following beneficial effects:
1. And monitoring a request initiated by the terminal, extracting information of the terminal initiating the request, and judging the security of the terminal according to the contents of the blacklist and the whitelist.
2. and marking the terminals which are not in the black list and the white list into a grey list, carrying out heat preservation replacement detection on the terminals in the grey list, judging the properties of the terminals through message replacement detection, and discarding the messages of the terminals if the message replacement detection judgment fails.
3. monitoring the flow of the server, and starting message replacement detection on the terminal when the flow is within a preset range.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
Fig. 1 is a flowchart of a method for protecting against an attack on an application layer based on message replacement according to the present invention.
fig. 2 is a flowchart of message replacement verification of an application layer attack protection method based on message replacement according to the present invention.
fig. 3 is a protection schematic diagram of an application layer attack protection method based on message replacement according to the present invention.
Wherein: 1. the system comprises a terminal, 2, a server and 3, a protection module.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
example one
reference is made to fig. 1-3 for an example.
a common network layer DDoS attack is to use some features of a TCP/IP protocol family to control a large number of puppet machines to send reasonable requests to consume CPU and memory resources of an attack target host, and due to the fast consumption of resources of the attack target host, a legitimate user cannot obtain the requested service.
An application layer attack protection method based on message replacement is characterized by comprising the following steps:
and presetting a black list and a white list of the terminal 1. The main objective of the resource exhaustion type attack is to consume the bandwidth of the system or resources, etc., and an attacker sends a large amount of illegal request data packets, so that the attack target quickly consumes the resources or the bandwidth, and cannot respond to the requests of other normal users.
Specifically, if the information of the terminal 1 is recorded in the white list, it is indicated that the terminal 1 is legal, the terminal 1 will not attack the server 2, and forward the packet sent by the terminal 1 to the HTTPS server 2, and if the information of the terminal 1 is recorded in the black list, it is indicated that the terminal 1 may attack the server 2, and in order to ensure the normal operation of the server 2, the packet sent by the terminal 1 is discarded.
s101: receiving the message sent by the terminal 1, and extracting the information of the terminal 1.
S102: and judging the safety of the terminal 1 according to a preset blacklist and a preset white list.
s103: if the terminal 1 is in the white list, receiving the message of the terminal 1, and forwarding the message of the terminal 1 to the server 2.
S104: and if the terminal 1 is in the blacklist, rejecting the message of the terminal 1.
S105: if the terminal 1 is out of the black list and the white list, the terminal 1 is recorded into a grey list and message replacement verification is carried out.
The preset terminals 1 in the black list and the white list may be historical access terminals 1 of the server 2 or preset terminals 1 of the server 2.
After receiving the handshake request, the information of the terminal 1 is extracted, where the information of the terminal 1 includes an IP address, device information, an access account, and the like. And searching the black list and the white list according to the information of the terminal 1.
If the information of the terminal 1 exists in the blacklist, the handshake request of the terminal 1 is rejected, and the message sent by the terminal 1 is discarded.
If the white list contains the information of the terminal 1, the handshake request of the terminal 1 is received, and the message sent by the terminal 1 is received.
If the terminal 1 is out of the black list and the white list, the terminal 1 is marked into a grey list, and the message is verified again.
Message replacement verification comprises;
S201: and receiving the finally sent message in the grey list, and marking the message as a primary message.
s202: and embedding an encryption segment in the primary message to enable the primary message to become a secondary message, and feeding the secondary message back to the terminal 1.
S203: the terminal 1 receives the second-level message, extracts the encrypted segment for processing and embeds the encrypted segment into the second-level message to generate a third-level message, and the terminal 1 uploads the third-level message.
S204: and extracting the processed encrypted segment from the processed three-level message, and matching the processed encrypted segment.
S205: if the processed encrypted segment fails to be matched, the message of the terminal 1 is discarded.
and marking the message primarily sent by the terminal 1 in the grey name list as a first-level message, and detecting the first-level message.
and embedding an encryption segment in the primary message, wherein the encryption segment can be a preset field or a random field. And embedding an encryption segment in the primary message to generate a secondary message, and feeding the secondary message back to the terminal 1.
And the terminal 1 receives the second-level message, extracts the encrypted segment in the second-level message, processes the encrypted segment, and continuously embeds the processed encrypted segment into the second-level message to generate a third-level message.
Wherein the processing of the encrypted segment may include decryption of the encrypted segment.
And the terminal 1 uploads the three-level message, the system extracts the processed encryption segment, matches the processed encryption segment, and if the matching fails, the message is still discarded. If the matching is successful, receiving the message of the terminal 1.
The application layer DDoS attack is a novel attack mode, the nature of the attack mode is also based on a flood type attack mode, namely an attacker sends a large number of high-frequency legal requests to an attack target through the proxy server 2 or a botnet to achieve the purpose of consuming the bandwidth of the attack target, and the more main purpose of the application layer DDoS attack is to consume host resources, so that the consumption of the attack on the host resources can be effectively controlled by discarding illegal messages.
example two
the present embodiment is substantially the same as the first embodiment, except that, as a preferred mode of the present embodiment, the processing of the encrypted segment includes:
S301: and the terminal 1 inspects the secondary message.
S302: and comparing the first-level message and the second-level message to extract the embedded encrypted segment in the second-level message.
S303: the terminal 1 parses the encrypted segment.
S304: the terminal 1 extracts the content in the encrypted segment and replaces the encrypted segment according to the content of the encrypted segment.
S305: and the terminal 1 embeds the replaced encryption segment into the second-level message to generate a third-level message.
And the terminal 1 receives the fed back secondary message and carries out security detection on the secondary message.
And extracting and analyzing the encryption segment embedded in the second message according to the first message, wherein the encryption segment can specifically comprise verification of the host validity.
and the terminal 1 carries out replacement after the encrypted segment is processed, and embeds the encrypted segment into the second message to generate a third message.
As a preferable mode of the present embodiment, the method includes:
and if the encrypted sections of the three-level messages of the terminal 1 in the grey list fail to be matched, carrying out grey marking on the terminal 1.
And if the grey mark of the terminal 1 exceeds the preset times, extracting the terminal 1 from the grey list and adding the terminal 1 into the black list.
specifically, the matching of the processed encrypted segment includes matching of the analysis content of the encrypted segment, and the system generates the encrypted segment and generates the analysis content of the encrypted segment.
the terminal 1 embeds the analyzed encrypted segment content into the second-level message to generate a third-level message, and the system extracts the processed encrypted segment in the third-level message and matches the initially generated encrypted segment analysis content.
and if the matching contents are not consistent, the matching fails.
If the matching fails once, the system performs a gray marking on the terminal 1 once, and if the gray marking exceeds the preset times, the terminal 1 is added into the blacklist.
Specifically, the preset number of times may be set to 3 to 10 times.
as a preferable mode of the present embodiment, the method includes:
and if the processed encrypted segments are successfully matched, establishing connection between the terminal 1 and the server 2.
The terminal 1 transmits the initially transmitted message to the server 2.
after the matching is successful, the terminal 1 establishes connection with the server 2, and the terminal 1 continues to speak the initially sent message and outputs the message to the server 2.
As a preferable mode of the present embodiment, before the blacklist determination is performed on the terminal 1, the method further includes:
And monitoring the flow of the server 2, and if the flow of the server 2 is greater than a preset flow threshold value.
Then, the security of the terminal 1 is determined according to a preset black list and a white list.
A common DDoS attack is to use some features of a TCP/IP protocol family to control a large number of puppet machines to send reasonable requests to consume CPU and memory resources of an attack target host, and due to the fast consumption of resources of the attack target host, a legitimate user cannot obtain a requested service. Thus, monitoring of server 2 traffic may confirm whether it is currently under attack.
If the flow of the server 2 is larger than the preset flow threshold, the server is in an attacked state at present, and the security judgment of the access terminal 1 is started.
EXAMPLE III
Reference is made to fig. 3 as an example.
The present embodiment is substantially the same as the system embodiments of the first and second embodiments.
A protection system of an application layer attack protection method based on message replacement comprises the following steps: terminal 1, server 2, protection module 3.
the protection module 3 comprises a message receiving module, an information extraction module, a judgment module, a transmission module, a marking module, an encryption module, a message output module, an encryption extraction module and a matching module.
the message receiving module is used for receiving the message sent by the terminal 1.
The information extraction module is used for extracting the information of the terminal 1 sending the message.
the judging module is used for judging whether the terminal 1 is in a blacklist or not and judging whether the terminal 1 is in a white list or not.
the transmission module is used for transmitting the legal message to the server 2.
The marking module is used for marking the message sent by the terminal 1 in the grey list.
The encryption module is used for embedding an encryption section in the first-level message.
the message output module is used for forwarding messages.
And the encryption extraction module is used for extracting the processed encryption section in the three-level message.
The matching module is used for matching the encrypted segments.
as a preferable mode of the present embodiment, the terminal 1 includes: the device comprises a viewing module, a terminal 1 extracting module, an encryption segment replacing module and a message generating module.
the inspection module is used for inspecting the secondary message.
And the terminal 1 extraction module is used for extracting the encryption section embedded in the second-level message.
the encrypted segment replacing module is used for replacing the encrypted segment.
and the message generation module is used for embedding the replaced encryption segment into the second-level message to generate a third-level message.
as a preferable mode of the present embodiment, a gray marking module is included.
the grey marking module is used for carrying out grey marking on the terminal 1.
as a preferable mode of this embodiment, the protection module 3 includes a flow rate monitoring module.
The flow monitoring module is used for monitoring the flow of the server 2.
The above embodiments are merely illustrative of the technical ideas and features of the present invention, and are intended to enable those skilled in the art to understand the contents of the present invention and implement the present invention, and not to limit the scope of the present invention. All equivalent changes or modifications made according to the spirit of the present invention should be covered within the protection scope of the present invention.

Claims (9)

1. An application layer attack protection method based on message replacement is characterized by comprising the following steps:
Presetting a terminal blacklist and a terminal whitelist;
Receiving a message sent by a terminal, and extracting information of the terminal;
judging the security of the terminal according to a preset blacklist and a white list;
if the terminal is in the white list, receiving the message of the terminal and forwarding the message of the terminal to a server;
If the terminal is in the blacklist, rejecting the message of the terminal;
If the terminal is out of the blacklist and the white list, recording the terminal into a grey list and carrying out message replacement verification;
Message replacement verification comprises;
Receiving a message finally sent in a grey list, and marking the message as a primary message;
Embedding an encryption segment in the primary message to enable the primary message to become a secondary message, and feeding the secondary message back to the terminal;
The terminal receives the second-level message, extracts the encrypted segment for processing and embeds the encrypted segment into the second-level message to generate a third-level message, and the terminal uploads the third-level message;
Extracting the processed encrypted segment from the processed three-level message, and matching the processed encrypted segment;
And if the processed encrypted segment fails to be matched, discarding the message of the terminal.
2. the method for protecting against attack on application layer based on message substitution as claimed in claim 1, wherein the processing of the encrypted segment comprises:
The terminal inspects the second-level message;
extracting the encryption section embedded in the second-level message by comparing the first-level message;
the terminal analyzes the encrypted segment;
the terminal extracts the content in the encrypted segment and replaces the encrypted segment according to the content of the encrypted segment;
And the terminal embeds the replaced encryption segment into the second-level message to generate a third-level message.
3. the method for protecting against application layer attacks based on message substitution according to claim 1, comprising:
if the encryption section matching of the terminal three-level message in the grey list fails, carrying out grey marking on the terminal;
And if the grey mark of the terminal exceeds the preset times, extracting the terminal from the grey list and adding the terminal into the black list.
4. The method for protecting against application layer attacks based on message substitution according to claim 1, comprising:
If the processed encrypted segment is successfully matched, establishing connection between the terminal and the server;
and the terminal sends the initially sent message to the server.
5. The method for protecting against attack on application layer based on message replacement as claimed in claim 1, further comprising, before performing blacklist determination on the terminal:
monitoring the flow of the server, and if the flow of the server is greater than a preset flow threshold value;
and then, judging the security of the terminal according to a preset blacklist and a white list.
6. The system according to any one of claims 1 to 5, wherein the system comprises: the system comprises a terminal, a server and a protection module;
the protection module comprises a message receiving module, an information extraction module, a judgment module, a transmission module, a marking module, an encryption module, a message output module, an encryption extraction module and a matching module;
The message receiving module is used for receiving a message sent by the terminal;
The information extraction module is used for extracting the information of the terminal sending the message;
the judging module is used for judging whether the terminal is in a blacklist or not and judging whether the terminal is in a white list or not;
the transmission module is used for transmitting the legal message to the server;
The marking module is used for marking the message sent by the terminal in the grey list;
the encryption module is used for embedding an encryption section in the primary message;
the message output module is used for forwarding a message;
The encryption extraction module is used for extracting the processed encryption section in the three-level message;
the matching module is used for matching the encrypted segments.
7. The system according to claim 6, wherein the terminal comprises: the device comprises a viewing module, a terminal extraction module, an encryption segment replacement module and a message generation module;
the inspection module is used for inspecting the secondary message;
the terminal extraction module is used for extracting the encryption section embedded in the secondary message;
The encrypted segment replacing module is used for replacing the encrypted segment;
And the message generation module is used for embedding the replaced encryption segment into the second-level message to generate a third-level message.
8. the system for protecting an application layer attack protection method based on message substitution according to claim 6, comprising a gray marking module;
The grey marking module is used for carrying out grey marking on the terminal.
9. The system according to claim 6, wherein the protection module comprises a traffic monitoring module;
The flow monitoring module is used for monitoring the flow of the server.
CN201910685588.1A 2019-07-27 2019-07-27 application layer attack protection method based on message replacement and protection system thereof Pending CN110545259A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910685588.1A CN110545259A (en) 2019-07-27 2019-07-27 application layer attack protection method based on message replacement and protection system thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910685588.1A CN110545259A (en) 2019-07-27 2019-07-27 application layer attack protection method based on message replacement and protection system thereof

Publications (1)

Publication Number Publication Date
CN110545259A true CN110545259A (en) 2019-12-06

Family

ID=68709838

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910685588.1A Pending CN110545259A (en) 2019-07-27 2019-07-27 application layer attack protection method based on message replacement and protection system thereof

Country Status (1)

Country Link
CN (1) CN110545259A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140130138A1 (en) * 2011-05-27 2014-05-08 Xiaohang Ma Method and system for implementing third-party authentication based on gray list
CN105743863A (en) * 2014-12-12 2016-07-06 华为技术有限公司 Method and device used for processing message
CN105827788A (en) * 2015-01-06 2016-08-03 喻彦钦 Intelligent terminal control method, intelligent terminal and main control terminal
CN106790313A (en) * 2017-03-31 2017-05-31 杭州迪普科技股份有限公司 Intrusion prevention method and device
CN109167754A (en) * 2018-07-26 2019-01-08 北京计算机技术及应用研究所 A kind of network application layer security protection system
CN109547471A (en) * 2018-12-24 2019-03-29 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) Network communication method and device
CN109831461A (en) * 2019-03-29 2019-05-31 新华三信息安全技术有限公司 A kind of distributed denial of service ddos attack defence method and device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140130138A1 (en) * 2011-05-27 2014-05-08 Xiaohang Ma Method and system for implementing third-party authentication based on gray list
CN105743863A (en) * 2014-12-12 2016-07-06 华为技术有限公司 Method and device used for processing message
CN105827788A (en) * 2015-01-06 2016-08-03 喻彦钦 Intelligent terminal control method, intelligent terminal and main control terminal
CN106790313A (en) * 2017-03-31 2017-05-31 杭州迪普科技股份有限公司 Intrusion prevention method and device
CN109167754A (en) * 2018-07-26 2019-01-08 北京计算机技术及应用研究所 A kind of network application layer security protection system
CN109547471A (en) * 2018-12-24 2019-03-29 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) Network communication method and device
CN109831461A (en) * 2019-03-29 2019-05-31 新华三信息安全技术有限公司 A kind of distributed denial of service ddos attack defence method and device

Similar Documents

Publication Publication Date Title
US10581898B1 (en) Malicious message analysis system
US8881281B1 (en) Application and network abuse detection with adaptive mitigation utilizing multi-modal intelligence data
US10341326B2 (en) Network security for encrypted channel based on reputation
CN108173812B (en) Method, device, storage medium and equipment for preventing network attack
US20100095351A1 (en) Method, device for identifying service flows and method, system for protecting against deny of service attack
CN112019574A (en) Abnormal network data detection method and device, computer equipment and storage medium
CA3159619C (en) Packet processing method and apparatus, device, and computer-readable storage medium
EP3442195B1 (en) Reliable and secure parsing of packets
Kavisankar et al. A mitigation model for TCP SYN flooding with IP spoofing
JP2016036095A (en) Controller and attacker detection method thereof
CN112003873A (en) HTTP (hyper text transport protocol) traffic defense method and system for resisting DDoS (distributed denial of service) attack
CN101888296B (en) Method, device, equipment and system for detecting shadow user
CN102957704A (en) Method, device and system for determining MITM (Man-In-The-Middle) attack
US10771391B2 (en) Policy enforcement based on host value classification
CN105516200B (en) Cloud system method and device of safe processing
CN112235329A (en) Method, device and network equipment for identifying authenticity of SYN message
KR101211147B1 (en) System for network inspection and providing method thereof
KR102494546B1 (en) A mail security processing device and an operation method of Email access security system providing mail communication protocol-based access management and blocking function
CN110545259A (en) application layer attack protection method based on message replacement and protection system thereof
KR20130009130A (en) Apparatus and method for dealing with zombie pc and ddos
Ramanujan et al. A survey on DDoS prevention, detection, and traceback in cloud
Nagaratna et al. Detecting and preventing IP-spoofed DDoS attacks by encrypted marking based detection and filtering (EMDAF)
US10079857B2 (en) Method of slowing down a communication in a network
CN104796311B (en) A kind of method, client, server and the system for sending information of transmission information
KR102571147B1 (en) Security apparatus and method for smartwork environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20191206