CN110933032A - SSH path tracking method, system and medium - Google Patents

SSH path tracking method, system and medium Download PDF

Info

Publication number
CN110933032A
CN110933032A CN201911023403.7A CN201911023403A CN110933032A CN 110933032 A CN110933032 A CN 110933032A CN 201911023403 A CN201911023403 A CN 201911023403A CN 110933032 A CN110933032 A CN 110933032A
Authority
CN
China
Prior art keywords
host
ssh
source
link
connection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911023403.7A
Other languages
Chinese (zh)
Other versions
CN110933032B (en
Inventor
王小庆
孙利杰
石勇
杨鹏举
周强
陈松政
刘文清
杨涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan Kylin Xin'an Technology Co Ltd
Original Assignee
Hunan Kylin Xin'an Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan Kylin Xin'an Technology Co Ltd filed Critical Hunan Kylin Xin'an Technology Co Ltd
Priority to CN201911023403.7A priority Critical patent/CN110933032B/en
Publication of CN110933032A publication Critical patent/CN110933032A/en
Application granted granted Critical
Publication of CN110933032B publication Critical patent/CN110933032B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Abstract

The invention discloses a method, a system and a medium for tracking an SSH path, which comprises the following implementation steps: when the target host logs in at ssh of any host, sequentially splicing the target host and the source host which originally sends out the ssh login according to all connections to form a link between the target host and the source host; when the target host is attacked, searching a link between the target host and the source host corresponding to the attack, thereby obtaining the IP address of the source host and realizing the positioning and tracking of the source host initiating the attack. The invention can quickly locate the IP address of the host initiating the attack when SSH multi-level attack occurs under the condition of keeping the remote login security and convenience of the computer.

Description

SSH path tracking method, system and medium
Technical Field
The invention relates to computer network, network security and remote computer security access technology, in particular to an SSH path tracking method, a system and a medium.
Background
SSH is a set of connection tools used to securely access remote computers that encrypts all transmitted data, effectively preventing eavesdropping, connection hijacking, and other network-level attacks. SSH not only can be used for remote login between two machines, but also can be used for remote login between a plurality of machines through multi-level jump, and great convenience is provided for remote computer login maintenance. However, each level of login only records the source IP address and the destination IP address information of the level of login, and does not have the IP address information of the level of login. Therefore, when the internal system is subjected to SSH multi-level attack due to password leakage, the IP address of the host initiating the attack cannot be located, and an attacker cannot be processed in time.
Disclosure of Invention
The technical problems to be solved by the invention are as follows: aiming at the problems in the prior art, the invention provides an SSH path tracking method, a system and a medium, which can quickly locate the IP address of a host initiating an attack when SSH multi-level attacks occur under the condition of keeping the remote login security and convenience of a computer.
In order to solve the technical problems, the invention adopts the technical scheme that:
an SSH path tracing method comprises the following implementation steps:
1) when the target host logs in the SSH of any host, sequentially splicing the target host and the source host which originally sends out the SSH login according to all the connections between the target host and the source host to form a link between the target host and the source host;
2) when the target host is attacked, searching a link between the target host and the source host corresponding to the attack, thereby obtaining the IP address of the source host and realizing the positioning and tracking of the source host initiating the attack.
Optionally, the detailed step of sequentially splicing in step 1) according to all connections between the target host and the source host that originally issued SSH login includes:
1.1) obtaining connection A generated by host logging in target hostnInformation of (A) to be connectednAs the current connection Ai
1.2) search the current connection A from the system process treeiIf the search is successful, connect to AiAnd find the connection A corresponding to the parent processi-1Splicing is carried out, and then the connection A corresponding to the parent process is foundi-1As a new current connection AiSkipping to re-execute the step 1.2); otherwise, skipping to execute the next step;
1.3) taking the link obtained by splicing as the link between the target host and the source host.
Optionally, linking A in step 1.2)iAnd find the connection A corresponding to the parent processi-1When splicing is performed, connection AiAnd connection Ai-1The information comprises a source IP, a source port and a destination IP, and the information of the link obtained by splicing comprises a connection Ai-1Source IP, source port and connection aiThe destination IP of (2).
In addition, the present invention also provides an SSH path tracing system, which is characterized by comprising:
the link updating program unit is used for splicing the target host in sequence according to all the connections between the target host and the original source host which sends out the SSH login when the target host logs in the SSH of any host to form a link between the target host and the source host;
and the attack tracking program unit is used for searching a link between the target host and the source host corresponding to the attack when the target host is attacked, thereby acquiring the IP address of the source host and realizing the positioning and tracking of the source host initiating the attack.
Furthermore, the present invention also provides an SSH path tracing system comprising a computer device programmed or configured to perform the steps of the SSH path tracing method.
Furthermore, the present invention also provides an SSH path tracing system, comprising a computer device, the computer device at least comprising a microprocessor and a memory, and the memory storing therein a computer program programmed or configured to execute the SSH path tracing method.
Furthermore, the present invention also provides a computer-readable storage medium having stored therein a computer program programmed or configured to execute the SSH path tracing method.
Compared with the prior art, the invention has the following advantages: the implementation steps of the invention comprise: when the target host logs in the SSH of any host, sequentially splicing the target host and the source host which originally sends out the SSH login according to all the connections between the target host and the source host to form a link between the target host and the source host; when the target host is attacked, searching a link between the target host and the source host corresponding to the attack, thereby obtaining the IP address of the source host and realizing the positioning and tracking of the source host initiating the attack. The invention can trace the path of the SSH path from the source host to the target host when the SSH carries out multi-level jump login under the condition of keeping the remote login safety and convenience of the computer. When SSH login attack occurs, the source host IP which initiates the attack can be quickly positioned, and the security defense coefficient of the whole system is improved.
Drawings
FIG. 1 is a schematic diagram of a basic flow of a method according to an embodiment of the present invention.
FIG. 2 is a schematic diagram of an example of a method according to an embodiment of the invention.
Detailed Description
As shown in fig. 1, the steps of implementing the SSH path tracing method of this embodiment include:
1) when the target host logs in the SSH of any host, sequentially splicing the target host and the source host which originally sends out the SSH login according to all the connections between the target host and the source host to form a link between the target host and the source host;
2) when the target host is attacked, searching a link between the target host and the source host corresponding to the attack, thereby obtaining the IP address of the source host and realizing the positioning and tracking of the source host initiating the attack.
In this embodiment, the detailed steps of sequentially splicing in step 1) according to all connections between the target host and the source host that originally issued the SSH login include:
1.1) obtaining connection A generated by host logging in target hostnInformation of (A) to be connectednAs the current connection Ai
1.2) searching the parent process of the current connection Ai from the system process tree, and if the search is successful, connecting AiAnd find the connection A corresponding to the parent processi-1Splicing is carried out, and then the connection A corresponding to the parent process is foundi-1As a new current connection AiSkipping to re-execute the step 1.2); otherwise, skipping to execute the next step;
1.3) taking the link obtained by splicing as the link between the target host and the source host.
In this example, connection A is to be made in step 1.2)iAnd find the connection A corresponding to the parent processi-1When splicing is performed, connection AiAnd connection Ai-1The information comprises a source IP, a source port and a destination IP, and the information of the link obtained by splicing comprises a connection Ai-1Source IP, source port and connection aiThe destination IP of (2).
Each jump access of the SSH takes a link as a basic unit, and each link unit contains link information. The specific content of the link information includes a source IP of the upper link, a source port of the upper link, a destination IP of the upper link, a source IP of the present link, a source port of the present link, and a destination port of the present link. In this embodiment, by splicing a plurality of individual links, a plurality of links can be spliced into one link, and an SSH path from the source host to the destination host is generated. Each link is uniquely identified by a source IP, a source port and a destination IP, and for two-hop links A and B, the two links can be spliced by comparing whether the information of the link A at the current stage is the same as the information of the link B at the previous stage. If the comparison is the same, link A and link B are merged into the presence of three-hop link C. For a two-hop link D, the two links can be spliced by comparing whether the current-stage link information of the link D is the same as the last-stage link information of the link C. If the comparison is the same, then link C and link D are merged into the presence of four-hop link F. When there are n one-hop links, it can be merged into a n-1-hop multi-hop link.
Three specific examples will be described below in conjunction with fig. 2:
first, example 1:
referring to FIG. 2, attack host M1 logs into host M2 via SSH, and in this connection logs into host M3 from host M2 via SSH, resulting in link A (M1- > M2- > M3). When host M3 is under SSH multi-level attack of host M1, it can quickly locate the host IP address of host M1, and the process includes:
I) and splicing a plurality of single connections.
When logging in from host M1 to M2 via SSH, host M2 generates connection a1(M1- > M2) with values of connection a1 [ S1, P1, D1], where S1 is the IP of host M1, P1 is the port opened by host M1, and D1 is the IP of host M2, when logging in to host M3 again via SSH in connection a1, host M2 generates connection a2(M2- > M3) with values of connection a2 [ S2, P2, D2], where S2 is the IP of host M2, P2 is the port opened by host M2, and D2 is the IP of host M3, since connection a2 is connected in connection a1, connection a2 is a sub-process of connection a 1. Since the parent process of each process is unique, the parent process a1 of the connection a2 can be found from the system process tree, so that the connection a1(M1- > M2) and the connection a2(M2- > M3) can form a link a (M1- > M2-M3), the value of the link a is { [ S1, P1, D1], [ S2, P2, D2] }, and the link a records the link information at SSH multi-level login, that is, the source host address is S1, and the destination host address is D2.
II) locating to the host initiating the attack.
When the host M2 logs in to the host M3, the host M3 also generates a connection A3(M2- > M3), where A3 has values of [ S3, P3, D3], where S3 is the IP of the host M2, P3 is the open port of the host M2, and D3 is the IP of the host M3. Since each port on each host is unique, then (S3, P3) is unique, and similarly (S2, P2) is unique, since the values of (S3, P3) and (S2, P2) are equal, a unique link A can be found. When M3 is attacked, the corresponding link a can be found according to the source IP and the source port of the connection, and the source host address recorded by the link a is the IP of M1, thereby determining that the host initiating the attack is M1.
Second, example 2:
in example 1, host M1 has been connected to M3, and in this connection, it logs in from host M3 to host M4 via SSH, creating link B (M2- > M3- > M4), and links a and B are spliced to form link C (M1- > M2- > M3- > M4). When host M4 is under SSH multi-level attack of host M1, it can quickly locate the host IP address of host M1, and the process includes:
I) and splicing a plurality of single links.
In example 1, link A (M1- > M2-M3) is generated, the value of link A being { [ S1, P1, D1], [ S2, P2, D2] }. When logging in from host M3 to M4, host M3 generates connection a4(M3- > M4) and a4 has values (S4, P4, D4), where S4 is the IP of host M3, P4 is the port opened by host M3, and D4 is the IP of host M4, and according to connection A3(M2- > M3) and connection a4(M3- > M4), the same example 1 process may generate link B (M2- > M3- > M4) and the value of link B is { [ S3, P3, D3], [ S4, P4, D4] }. Since (S3, P3) is unique, [ S3, P3, D3] is also unique, and [ S2, P2, D2] is also unique in the same way. And since the values of [ S3, P3, D3] and [ S2, P2, D2] are equal, link A and link B can be concatenated into link C (M1- > M2- > M3- > M4), and the value of link C is { [ S1, P1, D1], [ S2, P2, D2], [ S4, P4, D4] }.
II) locating to the host initiating the attack.
When the host M3 logs in to the host M4, the host M4 also generates a connection a5(M3- > M4), where a5 has values of [ S5, P5, D5], where S5 is the IP of the host M3, P5 is the open port of the host M3, and D5 is the IP of the host M3. Since (S5, P5) and (S4, P4) are equal, the corresponding link C can be found. When M4 is attacked, the corresponding link C can be found according to the source IP and the source port of the connection, and the IP of the source host address M1 recorded according to the link C determines that the host initiating the attack is M1.
Third, example 3:
in example 2, host M1 has been connected to M4, and in this connection, it logs in from host M4 to host M5 via SSH, creating link D (M3- > M4- > M5), and links C and D are spliced to form link F (M1- > M2- > M3- > M4- > M5). When host M5 is under SSH multi-level attack of host M1, it can quickly locate the host IP address of host M1, and the process includes:
I) and splicing a plurality of single links.
In example 2, link C (M1- > M2- > M3- > M4) was produced,
the value of link C is { [ S1, P1, D1], [ S2, P2, D2], [ S4, P4, D4] }.
When logging in from host M4 to M5, host M4 generates connection a6(M4- > M5) and a6 has values (S6, P6, D6), where S6 is the IP of host M4, P6 is the port opened by host M4, and D6 is the IP of host M5, and according to connection A5(M3- > M4) and connection a6(M4- > M5), the same example 1 process may generate link D (M3- > M4- > M5) and the value of link D is { [ S5, P5, D5], [ S6, P6, D6] }. Since the values of [ S5, P5, D5] and [ S4, P4, D4] are equal, link D and link C can be spliced into link F (M1- > M2- > M3- > M4- >5),
the values of the link F are { [ S1, P1, D1], [ S2, P2, D2], [ S4, P4, D4], [ S6, P6, D6] }.
II) locating to the host initiating the attack.
When the host M4 logs in to the host M5, the host M5 also generates a connection a7(M4- > M5), where a7 has values of [ S7, P7, D7], where S7 is the IP of the host M4, P7 is the open port of the host M4, and D7 is the IP of the host M5. Since (S7, P7) and (S6, P6) are equal, a corresponding link F is enabled.
When M4 is attacked, the corresponding link F can be found according to the source IP and the source port of the connection, and the source host address recorded by the link F is the IP of M1, so that the host initiating the attack is determined to be M1.
As can be seen from the above 3 examples, the SSH path tracking method of the present embodiment regards SSH telnet as having upper link information and lower link information, and concatenates these link information to finally form a path from the source host IP to the destination host IP, thereby tracking the entire SSH path.
In addition, the present embodiment further provides an SSH path tracking system, including:
the link updating program unit is used for splicing the target host in sequence according to all the connections between the target host and the original source host which sends out the SSH login when the target host logs in the SSH of any host to form a link between the target host and the source host;
and the attack tracking program unit is used for searching a link between the target host and the source host corresponding to the attack when the target host is attacked, thereby acquiring the IP address of the source host and realizing the positioning and tracking of the source host initiating the attack.
In addition, the present embodiment further provides an SSH path tracing system, which includes a computer device programmed or configured to execute the steps of the SSH path tracing method according to the present embodiment.
In addition, the present embodiment further provides an SSH path tracing system, which includes a computer device, the computer device at least includes a microprocessor and a memory, and the memory stores a computer program programmed or configured to execute the SSH path tracing method of the present embodiment.
In addition, the present embodiment also provides a computer-readable storage medium, in which a computer program programmed or configured to execute the SSH path tracing method of the present embodiment is stored.
The above description is only a preferred embodiment of the present invention, and the protection scope of the present invention is not limited to the above embodiments, and all technical solutions belonging to the idea of the present invention belong to the protection scope of the present invention. It should be noted that modifications and embellishments within the scope of the invention may occur to those skilled in the art without departing from the principle of the invention, and are considered to be within the scope of the invention.

Claims (7)

1. An SSH path tracing method, characterized by the implementation steps comprising:
1) when the target host logs in the SSH of any host, sequentially splicing the target host and the source host which originally sends out the SSH login according to all the connections between the target host and the source host to form a link between the target host and the source host;
2) when the target host is attacked, searching a link between the target host and the source host corresponding to the attack, thereby obtaining the IP address of the source host and realizing the positioning and tracking of the source host initiating the attack.
2. The SSH path tracing method according to claim 1, wherein the detailed step of sequentially splicing in step 1) according to all connections between the target host and the source host originally sending the SSH login comprises:
1.1) obtaining connection A generated by host logging in target hostnInformation of (A) to be connectednAs the current connection Ai
1.2) search the current connection A from the system process treeiIf the search is successful, connect to AiAnd find the connection A corresponding to the parent processi-1Splicing is carried out, and then the connection A corresponding to the parent process is foundi-1As a new current connection AiSkipping to re-execute the step 1.2); otherwise, skipping to execute the next step;
1.3) taking the link obtained by splicing as the link between the target host and the source host.
3. The SSH path tracing method according to claim 2, wherein in step 1.2) connection a is connectediAnd find the connection A corresponding to the parent processi-1When splicing is performed, connection AiAnd connection Ai-1The information comprises a source IP, a source port and a destination IP, and the information of the link obtained by splicing comprises a connection Ai-1Source IP, source port and connection aiThe destination IP of (2).
4. An SSH path tracing system, comprising:
the link updating program unit is used for splicing the target host in sequence according to all the connections between the target host and the original source host which sends out the SSH login when the target host logs in the SSH of any host to form a link between the target host and the source host;
and the attack tracking program unit is used for searching a link between the target host and the source host corresponding to the attack when the target host is attacked, thereby acquiring the IP address of the source host and realizing the positioning and tracking of the source host initiating the attack.
5. An SSH path tracing system comprising computer equipment, characterized in that the computer equipment is programmed or configured to perform the steps of the SSH path tracing method according to any of claims 1 to 3.
6. An SSH path tracing system comprising a computer device, wherein the computer device comprises at least a microprocessor and a memory, and the memory stores therein a computer program programmed or configured to perform the SSH path tracing method of any of claims 1 to 3.
7. A computer-readable storage medium having stored thereon a computer program programmed or configured to perform the SSH path tracing method of any of claims 1 to 3.
CN201911023403.7A 2019-10-25 2019-10-25 SSH path tracking method, system and medium Active CN110933032B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911023403.7A CN110933032B (en) 2019-10-25 2019-10-25 SSH path tracking method, system and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911023403.7A CN110933032B (en) 2019-10-25 2019-10-25 SSH path tracking method, system and medium

Publications (2)

Publication Number Publication Date
CN110933032A true CN110933032A (en) 2020-03-27
CN110933032B CN110933032B (en) 2022-04-05

Family

ID=69849527

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911023403.7A Active CN110933032B (en) 2019-10-25 2019-10-25 SSH path tracking method, system and medium

Country Status (1)

Country Link
CN (1) CN110933032B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112702191A (en) * 2020-12-11 2021-04-23 福建天晴在线互动科技有限公司 Link tracking method and terminal
CN112738044A (en) * 2020-12-22 2021-04-30 湖南麒麟信安科技股份有限公司 Multi-protocol link path tracking method and system
CN114866455A (en) * 2022-04-18 2022-08-05 北京凝思软件股份有限公司 Construction method, system, terminal and medium for SSH multi-level jump path

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110185419A1 (en) * 2010-01-26 2011-07-28 Bae Systems Information And Electronic Systems Integration Inc. Method and apparatus for detecting ssh login attacks
CN103916406A (en) * 2014-04-25 2014-07-09 上海交通大学 System and method for detecting APT attacks based on DNS log analysis
US20170070530A1 (en) * 2013-11-25 2017-03-09 Level 3 Communications, Llc System and method for a security asset manager
CN106534195A (en) * 2016-12-19 2017-03-22 杭州信雅达数码科技有限公司 Network attacker behavior analyzing method based on attack graph
CN106656640A (en) * 2017-03-14 2017-05-10 北京深思数盾科技股份有限公司 Early warning method and device of network attack
CN106686014A (en) * 2017-03-14 2017-05-17 北京深思数盾科技股份有限公司 Prevention method and prevention device of cyber attacks
CN107135235A (en) * 2017-07-05 2017-09-05 湖北鑫英泰系统技术股份有限公司 A kind of multistage redirect after SSH connections source method for tracing and device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110185419A1 (en) * 2010-01-26 2011-07-28 Bae Systems Information And Electronic Systems Integration Inc. Method and apparatus for detecting ssh login attacks
US20170070530A1 (en) * 2013-11-25 2017-03-09 Level 3 Communications, Llc System and method for a security asset manager
CN103916406A (en) * 2014-04-25 2014-07-09 上海交通大学 System and method for detecting APT attacks based on DNS log analysis
CN106534195A (en) * 2016-12-19 2017-03-22 杭州信雅达数码科技有限公司 Network attacker behavior analyzing method based on attack graph
CN106656640A (en) * 2017-03-14 2017-05-10 北京深思数盾科技股份有限公司 Early warning method and device of network attack
CN106686014A (en) * 2017-03-14 2017-05-17 北京深思数盾科技股份有限公司 Prevention method and prevention device of cyber attacks
CN107135235A (en) * 2017-07-05 2017-09-05 湖北鑫英泰系统技术股份有限公司 A kind of multistage redirect after SSH connections source method for tracing and device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
IOANNIS KONIARIS等: ""Analysis and visualization of SSH attacks using honeypots"", 《 EUROCON 2013》 *
汪颖: ""对于虚拟服务器 SSH 暴力登录攻击的防范", 《中国科技纵横》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112702191A (en) * 2020-12-11 2021-04-23 福建天晴在线互动科技有限公司 Link tracking method and terminal
CN112738044A (en) * 2020-12-22 2021-04-30 湖南麒麟信安科技股份有限公司 Multi-protocol link path tracking method and system
CN114866455A (en) * 2022-04-18 2022-08-05 北京凝思软件股份有限公司 Construction method, system, terminal and medium for SSH multi-level jump path

Also Published As

Publication number Publication date
CN110933032B (en) 2022-04-05

Similar Documents

Publication Publication Date Title
CN110933032B (en) SSH path tracking method, system and medium
US8239951B2 (en) System, method and computer readable medium for evaluating a security characteristic
CN107122221A (en) Compiler for regular expression
CN103634786A (en) Method and system for security detection and repair of wireless network
US20080172739A1 (en) Attack defending system and attack defending method
US8543528B2 (en) Exploitation of transition rule sharing based on short state tags to improve the storage efficiency
CN110768951B (en) Method and device for verifying system vulnerability, storage medium and electronic device
US20070091902A1 (en) Securely managing network element state information in transport-layer associations
CN101009660A (en) Universal method and device for processing the match of the segmented message mode
CN110880983A (en) Penetration testing method and device based on scene, storage medium and electronic device
CN111182060A (en) Message detection method and device
JP4042776B2 (en) Attack detection device and attack detection method
CN114338510B (en) Data forwarding method and system for controlling and forwarding separation
CN103971059A (en) Cookie local storage and usage method
JP2007325293A (en) System and method for attack detection
CN105491094A (en) HTTP request handling method and device
CN112511523A (en) Network security control method based on access control
CN105763468A (en) Method and device for transmitting BGP update message
CN113162885A (en) Safety protection method and device for industrial control system
CN112511559B (en) Method and system for detecting intranet lateral movement attack
CN114070632B (en) Automatic penetration test method and device and electronic equipment
US20210367956A1 (en) Cyber attack coverage
CN111431732B (en) Method and system for carrying out increment verification on computer network data plane
CN113922972A (en) Data forwarding method and device based on MD5 identification code
CN107547497A (en) A kind of unaware PORTAL authentication methods and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 4 / F, Qilin science and Technology Park, No.20, Qiyun Road, high tech Zone, Changsha City, Hunan Province, 410000

Applicant after: Hunan Qilin Xin'an Technology Co., Ltd

Address before: 4 / F, Qilin science and Technology Park, No.20, Qiyun Road, high tech Zone, Changsha City, Hunan Province, 410000

Applicant before: HUNAN KYLIN XINAN TECHNOLOGY Co.,Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant