CN111125649A - Protection method and device for brute force cracking of remote desktop login - Google Patents

Protection method and device for brute force cracking of remote desktop login Download PDF

Info

Publication number
CN111125649A
CN111125649A CN201911050688.3A CN201911050688A CN111125649A CN 111125649 A CN111125649 A CN 111125649A CN 201911050688 A CN201911050688 A CN 201911050688A CN 111125649 A CN111125649 A CN 111125649A
Authority
CN
China
Prior art keywords
login
log
brute force
remote desktop
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201911050688.3A
Other languages
Chinese (zh)
Inventor
沈忠立
吴振刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Inspur Intelligent Technology Co Ltd
Original Assignee
Suzhou Inspur Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Inspur Intelligent Technology Co Ltd filed Critical Suzhou Inspur Intelligent Technology Co Ltd
Priority to CN201911050688.3A priority Critical patent/CN111125649A/en
Publication of CN111125649A publication Critical patent/CN111125649A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/305Authentication, i.e. establishing the identity or authorisation of security principals by remotely controlling device operation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication

Abstract

The invention discloses a method and a device for protecting remote desktop login from brute force cracking, wherein the method comprises the following steps: auditing login behavior by using a login auditing strategy and recording a login log based on the login behavior; acquiring a log through a callback function and extracting effective information when the log update notification event is used for updating the log; injecting the information into a system operation library to replace a login verification function, and determining whether brute force cracking exists or not according to effective information; in response to determining that brute force cracking exists, a login verification function is used to prevent brute force cracking of the remote desktop login. The invention can protect brute force from remote desktop login and improve the safety of the system.

Description

Protection method and device for brute force cracking of remote desktop login
Technical Field
The invention relates to the field of computer security, in particular to a method and a device for protecting remote desktop login brute force cracking.
Background
The remote desktop is a remote graphical control interface integrated by an operating system, and can remotely operate other machines. Brute force cracking refers to that all possible situations in a range are enumerated according to a known rough range for determining the possible situations, and verification is performed one by one until the verification is successful or all verification is completed. Brute force through the remote desktop is difficult to prevent among the prior art, and the professional level that only prevention means needs is higher, and general user is difficult to operate and use to the effect is not good.
Aiming at the problem that brute force cracking from remote desktop login in the prior art is difficult to protect, no effective solution is available at present.
Disclosure of Invention
In view of this, an object of the embodiments of the present invention is to provide a method and an apparatus for protecting against brute force of remote desktop login, which can protect against brute force from remote desktop login and improve system security.
Based on the above object, a first aspect of the embodiments of the present invention provides a method for protecting against brute force of remote desktop login, including the following steps:
auditing login behavior by using a login auditing strategy and recording a login log based on the login behavior;
acquiring a log through a callback function and extracting effective information when the log update notification event is used for updating the log;
injecting the information into a system operation library to replace a login verification function, and determining whether brute force cracking exists or not according to effective information;
in response to determining that brute force cracking exists, a login verification function is used to prevent brute force cracking of the remote desktop login.
In some embodiments, the obtaining the log and extracting the valid information through the callback function when the log update notification event is updated includes:
creating a callback process with a callback function, and registering a log update notification event;
triggering a log update notification event notification callback process in response to a log update;
and calling a callback function by the callback process to acquire the log so as to further extract effective information from the log.
In some embodiments, extracting valid information from the log of logins comprises:
extracting login types, login addresses, login users, login time, login ports, login types and accumulated login failure times of login success events and login failure events from a login log;
clearing the accumulated login failure times of the login user with the login type of the login success event of the remote desktop login;
and adding one to the accumulated login failure times of the login user with the login failure event of which the login type is the remote desktop login.
In some embodiments, determining whether brute force cracking exists based on the valid information comprises:
and in response to the accumulated login failure times of a specific login user exceeding a preset threshold value, recognizing the remote desktop login behavior of the login user as brute force.
In some embodiments, using the login verification function to prevent brute force cracking of the remote desktop login comprises:
disconnecting the network connection with the login user by using a login verification function;
rejecting all login behavior from the logged-in user within a first predetermined time using a login verification function;
all login behavior from all login addresses used by the login user is rejected within a first predetermined time using a login authentication function.
A second aspect of the embodiments of the present invention provides a device for protecting against brute force of remote desktop login, including:
a processor; and
a memory storing program code executable by the processor, the program code when executed performing the steps of:
auditing login behavior by using a login auditing strategy and recording a login log based on the login behavior;
acquiring a log through a callback function and extracting effective information when the log update notification event is used for updating the log;
injecting the information into a system operation library to replace a login verification function, and determining whether brute force cracking exists or not according to effective information;
in response to determining that brute force cracking exists, a login verification function is used to prevent brute force cracking of the remote desktop login.
In some embodiments, the obtaining the log and extracting the valid information through the callback function when the log update notification event is updated includes:
creating a callback process with a callback function, and registering a log update notification event;
triggering a log update notification event notification callback process in response to a log update;
and calling a callback function by the callback process to acquire the log so as to further extract effective information from the log.
In some embodiments, extracting valid information from the log of logins comprises:
extracting login types, login addresses, login users, login time, login ports, login types and accumulated login failure times of login success events and login failure events from a login log;
clearing the accumulated login failure times of the login user with the login type of the login success event of the remote desktop login;
and adding one to the accumulated login failure times of the login user with the login failure event of which the login type is the remote desktop login.
In some embodiments, determining whether brute force cracking exists based on the valid information comprises:
and in response to the accumulated login failure times of a specific login user exceeding a preset threshold value, recognizing the remote desktop login behavior of the login user as brute force.
In some embodiments, using the login verification function to prevent brute force cracking of the remote desktop login comprises:
disconnecting the network connection with the login user by using a login verification function;
rejecting all login behavior from the logged-in user within a first predetermined time using a login verification function;
all login behavior from all login addresses used by the login user is rejected within a first predetermined time using a login authentication function.
The invention has the following beneficial technical effects: according to the protection method and device for brute force cracking of remote desktop login, provided by the embodiment of the invention, the login behavior is audited by using the login auditing strategy, and the login log is recorded based on the login behavior; acquiring a log through a callback function and extracting effective information when the log update notification event is used for updating the log; injecting the information into a system operation library to replace a login verification function, and determining whether brute force cracking exists or not according to effective information; the technical scheme that the login verification function is used for preventing the remote desktop login from being violently cracked in response to the fact that the violent cracking exists is responded, the violent cracking from the remote desktop login can be prevented, and the safety of the system is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flow chart of a protection method for brute force cracking of remote desktop login provided by the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the following embodiments of the present invention are described in further detail with reference to the accompanying drawings.
It should be noted that all expressions using "first" and "second" in the embodiments of the present invention are used for distinguishing two entities with the same name but different names or different parameters, and it should be noted that "first" and "second" are merely for convenience of description and should not be construed as limitations of the embodiments of the present invention, and they are not described in any more detail in the following embodiments.
In view of the above, a first aspect of the embodiments of the present invention provides an embodiment of a protection method against brute force from remote desktop login, which can improve system security. Fig. 1 is a schematic flow chart of a method for protecting against brute force of remote desktop login provided by the present invention.
The method for preventing brute force cracking of remote desktop login, as shown in fig. 1, includes the following steps:
step S101: auditing login behavior by using a login auditing strategy and recording a login log based on the login behavior;
step S103: acquiring a log through a callback function and extracting effective information when the log update notification event is used for updating the log;
step S105: injecting the information into a system operation library to replace a login verification function, and determining whether brute force cracking exists or not according to effective information;
step S107: in response to determining that brute force cracking exists, a login verification function is used to prevent brute force cracking of the remote desktop login.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), a Random Access Memory (RAM), or the like. Embodiments of the computer program may achieve the same or similar effects as any of the preceding method embodiments to which it corresponds.
In some embodiments, the obtaining the log and extracting the valid information through the callback function when the log update notification event is updated includes:
creating a callback process with a callback function, and registering a log update notification event;
triggering a log update notification event notification callback process in response to a log update;
and calling a callback function by the callback process to acquire the log so as to further extract effective information from the log.
In some embodiments, extracting valid information from the log of logins comprises:
extracting login types, login addresses, login users, login time, login ports, login types and accumulated login failure times of login success events and login failure events from a login log;
clearing the accumulated login failure times of the login user with the login type of the login success event of the remote desktop login;
and adding one to the accumulated login failure times of the login user with the login failure event of which the login type is the remote desktop login.
In some embodiments, determining whether brute force cracking exists based on the valid information comprises:
and in response to the accumulated login failure times of a specific login user exceeding a preset threshold value, recognizing the remote desktop login behavior of the login user as brute force.
In some embodiments, using the login verification function to prevent brute force cracking of the remote desktop login comprises:
disconnecting the network connection with the login user by using a login verification function;
rejecting all login behavior from the logged-in user within a first predetermined time using a login verification function;
all login behavior from all login addresses used by the login user is rejected within a first predetermined time using a login authentication function.
The method disclosed according to an embodiment of the present invention may also be implemented as a computer program executed by a CPU, which may be stored in a computer-readable storage medium. The computer program, when executed by the CPU, performs the above-described functions defined in the method disclosed in the embodiments of the present invention. The above-described method steps and system elements may also be implemented using a controller and a computer-readable storage medium for storing a computer program for causing the controller to implement the functions of the above-described steps or elements.
The following further illustrates embodiments of the invention in terms of specific examples.
1. Configuring login audit strategy items to be opened by utilizing group strategy of system components to audit login lines
Figure BDA0002255267100000071
Log in for and recorded.
2. Creating thread registration and starting a hidden window, registering a system log update notification event to an operating system, and when the system log is updated, notifying the started hidden window by the system and calling a callback function appointed during registration.
3. And analyzing the system log based on the callback function, and filtering irrelevant system logs according to the event ID in the system log. Sensitive system logs include login success event logs and login failure event logs.
The log-on success event log includes:
the log of login failure events includes:
Figure BDA0002255267100000072
4. when the trigger log fails (event ID4625), the system log is analyzed, and useful information is obtained from the log: the method comprises the steps of logging in type, remote logging in IP, logging in user and logging in time, and if the logging in type is a remote desktop, accumulating logging in failure times for the remote logging in IP and the logging in user; when the trigger login is successful (event ID4776- >4648- >4624- >4672), the system log is analyzed, and useful information is obtained from the log: the method comprises the steps of login type, remote login IP, login user and login time, and if the login type is the remote desktop, the remote login IP and the login user accumulated login failure times are cleared.
5. And injecting the system into a system operation library to replace the system login verification function. When the number of remote login failures reaches a threshold value within a set time, determining a login user and a login IP, refusing login behaviors of all accounts within a certain time according to a protection strategy, and configuring the login IP and an inbound protection wall strategy of a remote login port (3389).
As can be seen from the above embodiments, the protection method for brute force cracking of remote desktop login provided by the embodiments of the present invention audits login behavior by using a login auditing policy and records login logs based on the login behavior; acquiring a log through a callback function and extracting effective information when the log update notification event is used for updating the log; injecting the information into a system operation library to replace a login verification function, and determining whether brute force cracking exists or not according to effective information; the technical scheme that the login verification function is used for preventing the remote desktop login from being violently cracked in response to the fact that the violent cracking exists is responded, the violent cracking from the remote desktop login can be prevented, and the safety of the system is improved.
It should be particularly noted that, the steps in the embodiments of the method for protecting against brute force of remote desktop login described above can be mutually intersected, replaced, added, and deleted, so that these methods for protecting against brute force of remote desktop login, which are transformed by reasonable permutation and combination, also belong to the scope of the present invention, and the scope of the present invention should not be limited to the described embodiments.
In view of the above, a second aspect of the embodiments of the present invention provides an embodiment of a protection device against brute force from remote desktop login, which can improve system security. The protector that remote desktop login brute force was cracked includes:
a processor; and
a memory storing program code executable by the processor, the program code when executed performing the steps of:
auditing login behavior by using a login auditing strategy and recording a login log based on the login behavior;
acquiring a log through a callback function and extracting effective information when the log update notification event is used for updating the log;
injecting the information into a system operation library to replace a login verification function, and determining whether brute force cracking exists or not according to effective information;
in response to determining that brute force cracking exists, a login verification function is used to prevent brute force cracking of the remote desktop login.
In some embodiments, the obtaining the log and extracting the valid information through the callback function when the log update notification event is updated includes:
creating a callback process with a callback function, and registering a log update notification event;
triggering a log update notification event notification callback process in response to a log update;
and calling a callback function by the callback process to acquire the log so as to further extract effective information from the log.
In some embodiments, extracting valid information from the log of logins comprises:
extracting login types, login addresses, login users, login time, login ports, login types and accumulated login failure times of login success events and login failure events from a login log;
clearing the accumulated login failure times of the login user with the login type of the login success event of the remote desktop login;
and adding one to the accumulated login failure times of the login user with the login failure event of which the login type is the remote desktop login.
In some embodiments, determining whether brute force cracking exists based on the valid information comprises:
and in response to the accumulated login failure times of a specific login user exceeding a preset threshold value, recognizing the remote desktop login behavior of the login user as brute force.
In some embodiments, using the login verification function to prevent brute force cracking of the remote desktop login comprises:
disconnecting the network connection with the login user by using a login verification function;
rejecting all login behavior from the logged-in user within a first predetermined time using a login verification function;
all login behavior from all login addresses used by the login user is rejected within a first predetermined time using a login authentication function.
As can be seen from the above embodiments, the protection device for brute force cracking of remote desktop login provided by the embodiments of the present invention audits login behavior by using a login auditing policy and records login logs based on the login behavior; acquiring a log through a callback function and extracting effective information when the log update notification event is used for updating the log; injecting the information into a system operation library to replace a login verification function, and determining whether brute force cracking exists or not according to effective information; the technical scheme that the login verification function is used for preventing the remote desktop login from being violently cracked in response to the fact that the violent cracking exists is responded, the violent cracking from the remote desktop login can be prevented, and the safety of the system is improved.
It should be particularly noted that, the above embodiment of the protection apparatus for remote desktop login brute force cracking specifically describes the working process of each module by using the embodiment of the protection method for remote desktop login brute force cracking, and those skilled in the art can easily think that these modules are applied to other embodiments of the protection method for remote desktop login brute force cracking. Of course, since the steps in the embodiment of the method for protecting against brute force of remote desktop login can be mutually intersected, replaced, added, and deleted, these protection devices for protecting against brute force of remote desktop login, which are transformed by reasonable permutation and combination, should also belong to the scope of the present invention, and should not limit the scope of the present invention to the above embodiment.
The foregoing is an exemplary embodiment of the present disclosure, but it should be noted that various changes and modifications could be made herein without departing from the scope of the present disclosure as defined by the appended claims. The functions, steps and/or actions of the method claims in accordance with the disclosed embodiments described herein need not be performed in any particular order. Furthermore, although elements of the disclosed embodiments of the invention may be described or claimed in the singular, the plural is contemplated unless limitation to the singular is explicitly stated.
It should be understood that, as used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly supports the exception. It should also be understood that "and/or" as used herein is meant to include any and all possible combinations of one or more of the associated listed items. The numbers of the embodiments disclosed in the embodiments of the present invention are merely for description, and do not represent the merits of the embodiments.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, of embodiments of the invention is limited to these examples; within the idea of an embodiment of the invention, also technical features in the above embodiment or in different embodiments may be combined and there are many other variations of the different aspects of an embodiment of the invention as described above, which are not provided in detail for the sake of brevity. Therefore, any omissions, modifications, substitutions, improvements, and the like that may be made without departing from the spirit and principles of the embodiments of the present invention are intended to be included within the scope of the embodiments of the present invention.

Claims (10)

1. A method for preventing brute force cracking of remote desktop login is characterized by comprising the following steps:
auditing login behavior by using a login auditing strategy and recording a login log based on the login behavior;
acquiring the log through a callback function and extracting effective information when the log is updated by using a log update notification event;
injecting the information into a system operation library to replace a login verification function, and determining whether brute force cracking exists or not according to the effective information;
in response to determining that the brute force attack exists, using the login verification function to prevent brute force attack of the remote desktop login.
2. The method of claim 1, wherein using the log update notification event to obtain the log through the callback function and extract the valid information when the log is updated comprises:
creating a callback process with the callback function, and registering the log update notification event;
triggering the log update notification event to notify the callback process in response to the log update;
and calling the callback function by the callback process to acquire the login log so as to further extract the effective information from the login log.
3. The method of claim 2, wherein extracting the valid information from the log comprises:
extracting login types, login addresses, login users, login time, login ports, login types and accumulated login failure times of login success events and login failure events from the login log;
clearing the accumulated login failure times of the login user with the login type of the login success event of the remote desktop login;
and adding one to the accumulated login failure times of the login user who has the login failure event with the login type of the remote desktop login.
4. The method of claim 3, wherein determining whether brute force cracking exists based on the valid information comprises:
in response to the cumulative number of login failures for a particular login user exceeding a predetermined threshold, identifying a remote desktop login behavior for the login user as brute force.
5. The method of claim 4, wherein using the login verification function to prevent brute force cracking of the remote desktop login comprises:
disconnecting the network connection with the login user by using the login authentication function;
rejecting all login behavior from the logged-in user within a first predetermined time using the login verification function;
all login behavior from all login addresses used by the login user is rejected within a first predetermined time using the login verification function.
6. A protection device for brute force cracking of remote desktop login is characterized by comprising:
a processor; and
a memory storing program code executable by the processor, the program code when executed performing the steps of:
auditing login behavior by using a login auditing strategy and recording a login log based on the login behavior;
acquiring the log through a callback function and extracting effective information when the log is updated by using a log update notification event;
injecting the information into a system operation library to replace a login verification function, and determining whether brute force cracking exists or not according to the effective information;
in response to determining that the brute force attack exists, using the login verification function to prevent brute force attack of the remote desktop login.
7. The apparatus of claim 6, wherein the obtaining the log and extracting the valid information through the callback function when the log update notification event is updated by using the log update notification event comprises:
creating a callback process with the callback function, and registering the log update notification event;
triggering the log update notification event to notify the callback process in response to the log update;
and calling the callback function by the callback process to acquire the login log so as to further extract the effective information from the login log.
8. The apparatus of claim 7, wherein extracting the valid information from the log comprises:
extracting login types, login addresses, login users, login time, login ports, login types and accumulated login failure times of login success events and login failure events from the login log;
clearing the accumulated login failure times of the login user with the login type of the login success event of the remote desktop login;
and adding one to the accumulated login failure times of the login user who has the login failure event with the login type of the remote desktop login.
9. The apparatus of claim 8, wherein determining whether brute force attack exists based on the valid information comprises:
in response to the cumulative number of login failures for a particular login user exceeding a predetermined threshold, identifying a remote desktop login behavior for the login user as brute force.
10. The apparatus of claim 9, wherein using the login verification function to prevent brute force cracking of remote desktop login comprises:
disconnecting the network connection with the login user by using the login authentication function;
rejecting all login behavior from the logged-in user within a first predetermined time using the login verification function;
all login behavior from all login addresses used by the login user is rejected within a first predetermined time using the login verification function.
CN201911050688.3A 2019-10-31 2019-10-31 Protection method and device for brute force cracking of remote desktop login Withdrawn CN111125649A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911050688.3A CN111125649A (en) 2019-10-31 2019-10-31 Protection method and device for brute force cracking of remote desktop login

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911050688.3A CN111125649A (en) 2019-10-31 2019-10-31 Protection method and device for brute force cracking of remote desktop login

Publications (1)

Publication Number Publication Date
CN111125649A true CN111125649A (en) 2020-05-08

Family

ID=70495485

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911050688.3A Withdrawn CN111125649A (en) 2019-10-31 2019-10-31 Protection method and device for brute force cracking of remote desktop login

Country Status (1)

Country Link
CN (1) CN111125649A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111813752A (en) * 2020-07-01 2020-10-23 四川长虹电器股份有限公司 Method and system for acquiring rdp blasting attack source
CN112491897A (en) * 2020-11-30 2021-03-12 北京中软华泰信息技术有限责任公司 Remote anti-brute force cracking method based on database security

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111813752A (en) * 2020-07-01 2020-10-23 四川长虹电器股份有限公司 Method and system for acquiring rdp blasting attack source
CN112491897A (en) * 2020-11-30 2021-03-12 北京中软华泰信息技术有限责任公司 Remote anti-brute force cracking method based on database security

Similar Documents

Publication Publication Date Title
CN109766699B (en) Operation behavior intercepting method and device, storage medium and electronic device
CN107659583B (en) Method and system for detecting attack in fact
US6405318B1 (en) Intrusion detection system
US7752671B2 (en) Method and device for questioning a plurality of computerized devices
US10417420B2 (en) Malware detection and classification based on memory semantic analysis
US7039950B2 (en) System and method for network quality of service protection on security breach detection
US20050203921A1 (en) System for protecting database applications from unauthorized activity
US20050071642A1 (en) Real-time mitigation of data access insider intrusions
JP2013503377A (en) Apparatus, method, and computer program for threat detection in data processing system (threat detection in data processing system)
EP1900172A1 (en) Anti-hacker system with honey pot
CN103246849A (en) Safe running method based on ROST under Windows
CN111125649A (en) Protection method and device for brute force cracking of remote desktop login
KR102130582B1 (en) Web-based brute force attack blocking device and method using machine learning
US8978150B1 (en) Data recovery service with automated identification and response to compromised user credentials
CN112861119A (en) Method and system for defending hacker from slowly colliding or blasting attack on database
JP2019075131A (en) Method for monitoring file access, program, and system
CN111835782A (en) Login protection method and device for network equipment, storage medium and processor
CN109583206B (en) Method, device, equipment and storage medium for monitoring access process of application program
KR101900494B1 (en) Method and apparatus for detecting the steeling of identifier
CN111756707A (en) Back door safety protection device and method applied to global wide area network
KR101576993B1 (en) Method and System for preventing Login ID theft using captcha
CN111859362A (en) Multi-stage identity authentication method in mobile environment and electronic device
CN111786980A (en) Behavior-based privileged account threat alarm method
CN112738006A (en) Identification method, device and storage medium
CN111241543B (en) Method and system for intelligently resisting DDoS attack by application layer

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20200508