CN111125649A - Protection method and device for brute force cracking of remote desktop login - Google Patents
Protection method and device for brute force cracking of remote desktop login Download PDFInfo
- Publication number
- CN111125649A CN111125649A CN201911050688.3A CN201911050688A CN111125649A CN 111125649 A CN111125649 A CN 111125649A CN 201911050688 A CN201911050688 A CN 201911050688A CN 111125649 A CN111125649 A CN 111125649A
- Authority
- CN
- China
- Prior art keywords
- login
- log
- brute force
- remote desktop
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000005336 cracking Methods 0.000 title claims abstract description 53
- 238000000034 method Methods 0.000 title claims abstract description 53
- 238000012795 verification Methods 0.000 claims abstract description 42
- 230000004044 response Effects 0.000 claims abstract description 22
- 230000006870 function Effects 0.000 claims description 75
- 230000006399 behavior Effects 0.000 claims description 37
- 230000008569 process Effects 0.000 claims description 21
- 230000001186 cumulative effect Effects 0.000 claims 2
- 238000004590 computer program Methods 0.000 description 5
- 238000012550 audit Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000001012 protector Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/305—Authentication, i.e. establishing the identity or authorisation of security principals by remotely controlling device operation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
Abstract
The invention discloses a method and a device for protecting remote desktop login from brute force cracking, wherein the method comprises the following steps: auditing login behavior by using a login auditing strategy and recording a login log based on the login behavior; acquiring a log through a callback function and extracting effective information when the log update notification event is used for updating the log; injecting the information into a system operation library to replace a login verification function, and determining whether brute force cracking exists or not according to effective information; in response to determining that brute force cracking exists, a login verification function is used to prevent brute force cracking of the remote desktop login. The invention can protect brute force from remote desktop login and improve the safety of the system.
Description
Technical Field
The invention relates to the field of computer security, in particular to a method and a device for protecting remote desktop login brute force cracking.
Background
The remote desktop is a remote graphical control interface integrated by an operating system, and can remotely operate other machines. Brute force cracking refers to that all possible situations in a range are enumerated according to a known rough range for determining the possible situations, and verification is performed one by one until the verification is successful or all verification is completed. Brute force through the remote desktop is difficult to prevent among the prior art, and the professional level that only prevention means needs is higher, and general user is difficult to operate and use to the effect is not good.
Aiming at the problem that brute force cracking from remote desktop login in the prior art is difficult to protect, no effective solution is available at present.
Disclosure of Invention
In view of this, an object of the embodiments of the present invention is to provide a method and an apparatus for protecting against brute force of remote desktop login, which can protect against brute force from remote desktop login and improve system security.
Based on the above object, a first aspect of the embodiments of the present invention provides a method for protecting against brute force of remote desktop login, including the following steps:
auditing login behavior by using a login auditing strategy and recording a login log based on the login behavior;
acquiring a log through a callback function and extracting effective information when the log update notification event is used for updating the log;
injecting the information into a system operation library to replace a login verification function, and determining whether brute force cracking exists or not according to effective information;
in response to determining that brute force cracking exists, a login verification function is used to prevent brute force cracking of the remote desktop login.
In some embodiments, the obtaining the log and extracting the valid information through the callback function when the log update notification event is updated includes:
creating a callback process with a callback function, and registering a log update notification event;
triggering a log update notification event notification callback process in response to a log update;
and calling a callback function by the callback process to acquire the log so as to further extract effective information from the log.
In some embodiments, extracting valid information from the log of logins comprises:
extracting login types, login addresses, login users, login time, login ports, login types and accumulated login failure times of login success events and login failure events from a login log;
clearing the accumulated login failure times of the login user with the login type of the login success event of the remote desktop login;
and adding one to the accumulated login failure times of the login user with the login failure event of which the login type is the remote desktop login.
In some embodiments, determining whether brute force cracking exists based on the valid information comprises:
and in response to the accumulated login failure times of a specific login user exceeding a preset threshold value, recognizing the remote desktop login behavior of the login user as brute force.
In some embodiments, using the login verification function to prevent brute force cracking of the remote desktop login comprises:
disconnecting the network connection with the login user by using a login verification function;
rejecting all login behavior from the logged-in user within a first predetermined time using a login verification function;
all login behavior from all login addresses used by the login user is rejected within a first predetermined time using a login authentication function.
A second aspect of the embodiments of the present invention provides a device for protecting against brute force of remote desktop login, including:
a processor; and
a memory storing program code executable by the processor, the program code when executed performing the steps of:
auditing login behavior by using a login auditing strategy and recording a login log based on the login behavior;
acquiring a log through a callback function and extracting effective information when the log update notification event is used for updating the log;
injecting the information into a system operation library to replace a login verification function, and determining whether brute force cracking exists or not according to effective information;
in response to determining that brute force cracking exists, a login verification function is used to prevent brute force cracking of the remote desktop login.
In some embodiments, the obtaining the log and extracting the valid information through the callback function when the log update notification event is updated includes:
creating a callback process with a callback function, and registering a log update notification event;
triggering a log update notification event notification callback process in response to a log update;
and calling a callback function by the callback process to acquire the log so as to further extract effective information from the log.
In some embodiments, extracting valid information from the log of logins comprises:
extracting login types, login addresses, login users, login time, login ports, login types and accumulated login failure times of login success events and login failure events from a login log;
clearing the accumulated login failure times of the login user with the login type of the login success event of the remote desktop login;
and adding one to the accumulated login failure times of the login user with the login failure event of which the login type is the remote desktop login.
In some embodiments, determining whether brute force cracking exists based on the valid information comprises:
and in response to the accumulated login failure times of a specific login user exceeding a preset threshold value, recognizing the remote desktop login behavior of the login user as brute force.
In some embodiments, using the login verification function to prevent brute force cracking of the remote desktop login comprises:
disconnecting the network connection with the login user by using a login verification function;
rejecting all login behavior from the logged-in user within a first predetermined time using a login verification function;
all login behavior from all login addresses used by the login user is rejected within a first predetermined time using a login authentication function.
The invention has the following beneficial technical effects: according to the protection method and device for brute force cracking of remote desktop login, provided by the embodiment of the invention, the login behavior is audited by using the login auditing strategy, and the login log is recorded based on the login behavior; acquiring a log through a callback function and extracting effective information when the log update notification event is used for updating the log; injecting the information into a system operation library to replace a login verification function, and determining whether brute force cracking exists or not according to effective information; the technical scheme that the login verification function is used for preventing the remote desktop login from being violently cracked in response to the fact that the violent cracking exists is responded, the violent cracking from the remote desktop login can be prevented, and the safety of the system is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flow chart of a protection method for brute force cracking of remote desktop login provided by the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the following embodiments of the present invention are described in further detail with reference to the accompanying drawings.
It should be noted that all expressions using "first" and "second" in the embodiments of the present invention are used for distinguishing two entities with the same name but different names or different parameters, and it should be noted that "first" and "second" are merely for convenience of description and should not be construed as limitations of the embodiments of the present invention, and they are not described in any more detail in the following embodiments.
In view of the above, a first aspect of the embodiments of the present invention provides an embodiment of a protection method against brute force from remote desktop login, which can improve system security. Fig. 1 is a schematic flow chart of a method for protecting against brute force of remote desktop login provided by the present invention.
The method for preventing brute force cracking of remote desktop login, as shown in fig. 1, includes the following steps:
step S101: auditing login behavior by using a login auditing strategy and recording a login log based on the login behavior;
step S103: acquiring a log through a callback function and extracting effective information when the log update notification event is used for updating the log;
step S105: injecting the information into a system operation library to replace a login verification function, and determining whether brute force cracking exists or not according to effective information;
step S107: in response to determining that brute force cracking exists, a login verification function is used to prevent brute force cracking of the remote desktop login.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), a Random Access Memory (RAM), or the like. Embodiments of the computer program may achieve the same or similar effects as any of the preceding method embodiments to which it corresponds.
In some embodiments, the obtaining the log and extracting the valid information through the callback function when the log update notification event is updated includes:
creating a callback process with a callback function, and registering a log update notification event;
triggering a log update notification event notification callback process in response to a log update;
and calling a callback function by the callback process to acquire the log so as to further extract effective information from the log.
In some embodiments, extracting valid information from the log of logins comprises:
extracting login types, login addresses, login users, login time, login ports, login types and accumulated login failure times of login success events and login failure events from a login log;
clearing the accumulated login failure times of the login user with the login type of the login success event of the remote desktop login;
and adding one to the accumulated login failure times of the login user with the login failure event of which the login type is the remote desktop login.
In some embodiments, determining whether brute force cracking exists based on the valid information comprises:
and in response to the accumulated login failure times of a specific login user exceeding a preset threshold value, recognizing the remote desktop login behavior of the login user as brute force.
In some embodiments, using the login verification function to prevent brute force cracking of the remote desktop login comprises:
disconnecting the network connection with the login user by using a login verification function;
rejecting all login behavior from the logged-in user within a first predetermined time using a login verification function;
all login behavior from all login addresses used by the login user is rejected within a first predetermined time using a login authentication function.
The method disclosed according to an embodiment of the present invention may also be implemented as a computer program executed by a CPU, which may be stored in a computer-readable storage medium. The computer program, when executed by the CPU, performs the above-described functions defined in the method disclosed in the embodiments of the present invention. The above-described method steps and system elements may also be implemented using a controller and a computer-readable storage medium for storing a computer program for causing the controller to implement the functions of the above-described steps or elements.
The following further illustrates embodiments of the invention in terms of specific examples.
1. Configuring login audit strategy items to be opened by utilizing group strategy of system components to audit login lines
Log in for and recorded.
2. Creating thread registration and starting a hidden window, registering a system log update notification event to an operating system, and when the system log is updated, notifying the started hidden window by the system and calling a callback function appointed during registration.
3. And analyzing the system log based on the callback function, and filtering irrelevant system logs according to the event ID in the system log. Sensitive system logs include login success event logs and login failure event logs.
The log-on success event log includes:
the log of login failure events includes:
4. when the trigger log fails (event ID4625), the system log is analyzed, and useful information is obtained from the log: the method comprises the steps of logging in type, remote logging in IP, logging in user and logging in time, and if the logging in type is a remote desktop, accumulating logging in failure times for the remote logging in IP and the logging in user; when the trigger login is successful (event ID4776- >4648- >4624- >4672), the system log is analyzed, and useful information is obtained from the log: the method comprises the steps of login type, remote login IP, login user and login time, and if the login type is the remote desktop, the remote login IP and the login user accumulated login failure times are cleared.
5. And injecting the system into a system operation library to replace the system login verification function. When the number of remote login failures reaches a threshold value within a set time, determining a login user and a login IP, refusing login behaviors of all accounts within a certain time according to a protection strategy, and configuring the login IP and an inbound protection wall strategy of a remote login port (3389).
As can be seen from the above embodiments, the protection method for brute force cracking of remote desktop login provided by the embodiments of the present invention audits login behavior by using a login auditing policy and records login logs based on the login behavior; acquiring a log through a callback function and extracting effective information when the log update notification event is used for updating the log; injecting the information into a system operation library to replace a login verification function, and determining whether brute force cracking exists or not according to effective information; the technical scheme that the login verification function is used for preventing the remote desktop login from being violently cracked in response to the fact that the violent cracking exists is responded, the violent cracking from the remote desktop login can be prevented, and the safety of the system is improved.
It should be particularly noted that, the steps in the embodiments of the method for protecting against brute force of remote desktop login described above can be mutually intersected, replaced, added, and deleted, so that these methods for protecting against brute force of remote desktop login, which are transformed by reasonable permutation and combination, also belong to the scope of the present invention, and the scope of the present invention should not be limited to the described embodiments.
In view of the above, a second aspect of the embodiments of the present invention provides an embodiment of a protection device against brute force from remote desktop login, which can improve system security. The protector that remote desktop login brute force was cracked includes:
a processor; and
a memory storing program code executable by the processor, the program code when executed performing the steps of:
auditing login behavior by using a login auditing strategy and recording a login log based on the login behavior;
acquiring a log through a callback function and extracting effective information when the log update notification event is used for updating the log;
injecting the information into a system operation library to replace a login verification function, and determining whether brute force cracking exists or not according to effective information;
in response to determining that brute force cracking exists, a login verification function is used to prevent brute force cracking of the remote desktop login.
In some embodiments, the obtaining the log and extracting the valid information through the callback function when the log update notification event is updated includes:
creating a callback process with a callback function, and registering a log update notification event;
triggering a log update notification event notification callback process in response to a log update;
and calling a callback function by the callback process to acquire the log so as to further extract effective information from the log.
In some embodiments, extracting valid information from the log of logins comprises:
extracting login types, login addresses, login users, login time, login ports, login types and accumulated login failure times of login success events and login failure events from a login log;
clearing the accumulated login failure times of the login user with the login type of the login success event of the remote desktop login;
and adding one to the accumulated login failure times of the login user with the login failure event of which the login type is the remote desktop login.
In some embodiments, determining whether brute force cracking exists based on the valid information comprises:
and in response to the accumulated login failure times of a specific login user exceeding a preset threshold value, recognizing the remote desktop login behavior of the login user as brute force.
In some embodiments, using the login verification function to prevent brute force cracking of the remote desktop login comprises:
disconnecting the network connection with the login user by using a login verification function;
rejecting all login behavior from the logged-in user within a first predetermined time using a login verification function;
all login behavior from all login addresses used by the login user is rejected within a first predetermined time using a login authentication function.
As can be seen from the above embodiments, the protection device for brute force cracking of remote desktop login provided by the embodiments of the present invention audits login behavior by using a login auditing policy and records login logs based on the login behavior; acquiring a log through a callback function and extracting effective information when the log update notification event is used for updating the log; injecting the information into a system operation library to replace a login verification function, and determining whether brute force cracking exists or not according to effective information; the technical scheme that the login verification function is used for preventing the remote desktop login from being violently cracked in response to the fact that the violent cracking exists is responded, the violent cracking from the remote desktop login can be prevented, and the safety of the system is improved.
It should be particularly noted that, the above embodiment of the protection apparatus for remote desktop login brute force cracking specifically describes the working process of each module by using the embodiment of the protection method for remote desktop login brute force cracking, and those skilled in the art can easily think that these modules are applied to other embodiments of the protection method for remote desktop login brute force cracking. Of course, since the steps in the embodiment of the method for protecting against brute force of remote desktop login can be mutually intersected, replaced, added, and deleted, these protection devices for protecting against brute force of remote desktop login, which are transformed by reasonable permutation and combination, should also belong to the scope of the present invention, and should not limit the scope of the present invention to the above embodiment.
The foregoing is an exemplary embodiment of the present disclosure, but it should be noted that various changes and modifications could be made herein without departing from the scope of the present disclosure as defined by the appended claims. The functions, steps and/or actions of the method claims in accordance with the disclosed embodiments described herein need not be performed in any particular order. Furthermore, although elements of the disclosed embodiments of the invention may be described or claimed in the singular, the plural is contemplated unless limitation to the singular is explicitly stated.
It should be understood that, as used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly supports the exception. It should also be understood that "and/or" as used herein is meant to include any and all possible combinations of one or more of the associated listed items. The numbers of the embodiments disclosed in the embodiments of the present invention are merely for description, and do not represent the merits of the embodiments.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, of embodiments of the invention is limited to these examples; within the idea of an embodiment of the invention, also technical features in the above embodiment or in different embodiments may be combined and there are many other variations of the different aspects of an embodiment of the invention as described above, which are not provided in detail for the sake of brevity. Therefore, any omissions, modifications, substitutions, improvements, and the like that may be made without departing from the spirit and principles of the embodiments of the present invention are intended to be included within the scope of the embodiments of the present invention.
Claims (10)
1. A method for preventing brute force cracking of remote desktop login is characterized by comprising the following steps:
auditing login behavior by using a login auditing strategy and recording a login log based on the login behavior;
acquiring the log through a callback function and extracting effective information when the log is updated by using a log update notification event;
injecting the information into a system operation library to replace a login verification function, and determining whether brute force cracking exists or not according to the effective information;
in response to determining that the brute force attack exists, using the login verification function to prevent brute force attack of the remote desktop login.
2. The method of claim 1, wherein using the log update notification event to obtain the log through the callback function and extract the valid information when the log is updated comprises:
creating a callback process with the callback function, and registering the log update notification event;
triggering the log update notification event to notify the callback process in response to the log update;
and calling the callback function by the callback process to acquire the login log so as to further extract the effective information from the login log.
3. The method of claim 2, wherein extracting the valid information from the log comprises:
extracting login types, login addresses, login users, login time, login ports, login types and accumulated login failure times of login success events and login failure events from the login log;
clearing the accumulated login failure times of the login user with the login type of the login success event of the remote desktop login;
and adding one to the accumulated login failure times of the login user who has the login failure event with the login type of the remote desktop login.
4. The method of claim 3, wherein determining whether brute force cracking exists based on the valid information comprises:
in response to the cumulative number of login failures for a particular login user exceeding a predetermined threshold, identifying a remote desktop login behavior for the login user as brute force.
5. The method of claim 4, wherein using the login verification function to prevent brute force cracking of the remote desktop login comprises:
disconnecting the network connection with the login user by using the login authentication function;
rejecting all login behavior from the logged-in user within a first predetermined time using the login verification function;
all login behavior from all login addresses used by the login user is rejected within a first predetermined time using the login verification function.
6. A protection device for brute force cracking of remote desktop login is characterized by comprising:
a processor; and
a memory storing program code executable by the processor, the program code when executed performing the steps of:
auditing login behavior by using a login auditing strategy and recording a login log based on the login behavior;
acquiring the log through a callback function and extracting effective information when the log is updated by using a log update notification event;
injecting the information into a system operation library to replace a login verification function, and determining whether brute force cracking exists or not according to the effective information;
in response to determining that the brute force attack exists, using the login verification function to prevent brute force attack of the remote desktop login.
7. The apparatus of claim 6, wherein the obtaining the log and extracting the valid information through the callback function when the log update notification event is updated by using the log update notification event comprises:
creating a callback process with the callback function, and registering the log update notification event;
triggering the log update notification event to notify the callback process in response to the log update;
and calling the callback function by the callback process to acquire the login log so as to further extract the effective information from the login log.
8. The apparatus of claim 7, wherein extracting the valid information from the log comprises:
extracting login types, login addresses, login users, login time, login ports, login types and accumulated login failure times of login success events and login failure events from the login log;
clearing the accumulated login failure times of the login user with the login type of the login success event of the remote desktop login;
and adding one to the accumulated login failure times of the login user who has the login failure event with the login type of the remote desktop login.
9. The apparatus of claim 8, wherein determining whether brute force attack exists based on the valid information comprises:
in response to the cumulative number of login failures for a particular login user exceeding a predetermined threshold, identifying a remote desktop login behavior for the login user as brute force.
10. The apparatus of claim 9, wherein using the login verification function to prevent brute force cracking of remote desktop login comprises:
disconnecting the network connection with the login user by using the login authentication function;
rejecting all login behavior from the logged-in user within a first predetermined time using the login verification function;
all login behavior from all login addresses used by the login user is rejected within a first predetermined time using the login verification function.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911050688.3A CN111125649A (en) | 2019-10-31 | 2019-10-31 | Protection method and device for brute force cracking of remote desktop login |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911050688.3A CN111125649A (en) | 2019-10-31 | 2019-10-31 | Protection method and device for brute force cracking of remote desktop login |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111125649A true CN111125649A (en) | 2020-05-08 |
Family
ID=70495485
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911050688.3A Withdrawn CN111125649A (en) | 2019-10-31 | 2019-10-31 | Protection method and device for brute force cracking of remote desktop login |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111125649A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111813752A (en) * | 2020-07-01 | 2020-10-23 | 四川长虹电器股份有限公司 | Method and system for acquiring rdp blasting attack source |
CN112491897A (en) * | 2020-11-30 | 2021-03-12 | 北京中软华泰信息技术有限责任公司 | Remote anti-brute force cracking method based on database security |
-
2019
- 2019-10-31 CN CN201911050688.3A patent/CN111125649A/en not_active Withdrawn
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111813752A (en) * | 2020-07-01 | 2020-10-23 | 四川长虹电器股份有限公司 | Method and system for acquiring rdp blasting attack source |
CN112491897A (en) * | 2020-11-30 | 2021-03-12 | 北京中软华泰信息技术有限责任公司 | Remote anti-brute force cracking method based on database security |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109766699B (en) | Operation behavior intercepting method and device, storage medium and electronic device | |
CN107659583B (en) | Method and system for detecting attack in fact | |
US6405318B1 (en) | Intrusion detection system | |
US7752671B2 (en) | Method and device for questioning a plurality of computerized devices | |
US10417420B2 (en) | Malware detection and classification based on memory semantic analysis | |
US7039950B2 (en) | System and method for network quality of service protection on security breach detection | |
US20050203921A1 (en) | System for protecting database applications from unauthorized activity | |
US20050071642A1 (en) | Real-time mitigation of data access insider intrusions | |
JP2013503377A (en) | Apparatus, method, and computer program for threat detection in data processing system (threat detection in data processing system) | |
EP1900172A1 (en) | Anti-hacker system with honey pot | |
CN103246849A (en) | Safe running method based on ROST under Windows | |
CN111125649A (en) | Protection method and device for brute force cracking of remote desktop login | |
KR102130582B1 (en) | Web-based brute force attack blocking device and method using machine learning | |
US8978150B1 (en) | Data recovery service with automated identification and response to compromised user credentials | |
CN112861119A (en) | Method and system for defending hacker from slowly colliding or blasting attack on database | |
JP2019075131A (en) | Method for monitoring file access, program, and system | |
CN111835782A (en) | Login protection method and device for network equipment, storage medium and processor | |
CN109583206B (en) | Method, device, equipment and storage medium for monitoring access process of application program | |
KR101900494B1 (en) | Method and apparatus for detecting the steeling of identifier | |
CN111756707A (en) | Back door safety protection device and method applied to global wide area network | |
KR101576993B1 (en) | Method and System for preventing Login ID theft using captcha | |
CN111859362A (en) | Multi-stage identity authentication method in mobile environment and electronic device | |
CN111786980A (en) | Behavior-based privileged account threat alarm method | |
CN112738006A (en) | Identification method, device and storage medium | |
CN111241543B (en) | Method and system for intelligently resisting DDoS attack by application layer |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20200508 |