CN111371784A - Method for automatically fusing attacked distributed point-to-point service - Google Patents

Method for automatically fusing attacked distributed point-to-point service Download PDF

Info

Publication number
CN111371784A
CN111371784A CN202010141667.9A CN202010141667A CN111371784A CN 111371784 A CN111371784 A CN 111371784A CN 202010141667 A CN202010141667 A CN 202010141667A CN 111371784 A CN111371784 A CN 111371784A
Authority
CN
China
Prior art keywords
access
information
address
thread terminal
namely
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010141667.9A
Other languages
Chinese (zh)
Inventor
柴永生
王明建
张春江
谢红伦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guizhou Yiqu Yunchuang Technology Co ltd
Original Assignee
Guizhou Yiqu Yunchuang Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guizhou Yiqu Yunchuang Technology Co ltd filed Critical Guizhou Yiqu Yunchuang Technology Co ltd
Priority to CN202010141667.9A priority Critical patent/CN111371784A/en
Publication of CN111371784A publication Critical patent/CN111371784A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks

Abstract

The invention discloses a distributed point-to-point service attacked automatic fusing method in the technical field of service attacked automatic fusing, which comprises the steps of receiving an access code provided by an external device, obtaining an IP address for accessing the external device through a thread terminal after the comparison of the access code is completed, determining that the access IP address is safe, obtaining an access identifier and a keyword in an access request by a first sub-thread terminal, grouping and classifying the access identifier and the keyword, constructing access behavior description information, determining that the number of the access behavior description information containing a user identifier and a grouping identifier in a preset time is greater than a preset threshold value or determining that the access amount per unit time reaches the preset threshold value, determining that the access behavior is attacked by hackers, performing attack detection based on the access behavior description information, and determining that the access behavior corresponding to the access behavior description information is an attack behavior if the number of the same access behavior description information exceeds the preset threshold value, the accuracy of the detection result can be improved, and the detection sensitivity can also be improved.

Description

Method for automatically fusing attacked distributed point-to-point service
Technical Field
The invention relates to the technical field of automatic fusing of attacked services, in particular to a distributed point-to-point automatic fusing method of attacked services.
Background
At present, as the network can provide more and more contents for users and the number of users is increasing, how to improve the network security becomes a problem to be solved in the industry, and in the era of developed network, the network server will be attacked by hackers at times when working, if the network server is infected with viruses because it cannot identify whether the server is attacked by malicious or not after receiving access information, the network will be paralyzed, specifically, in order to maintain the network security, the attack behavior of malicious users needs to be detected, in the related art, the number of access requests sent by the same user in a certain time period is usually counted, and the cause of the attack behavior is detected only by an IP address, in the prior art, the detection dimension of the network attack detection is single, the detection result is not accurate enough, so that the sensitivity of the attack detection is low, the condition of misjudgment is easy to occur, and therefore, a method for automatically fusing the distributed point-to-point service under attack is provided.
Disclosure of Invention
The present invention aims to provide a method for automatically fusing a distributed point-to-point service under attack, so as to solve the problems proposed in the background art.
In order to achieve the purpose, the invention provides the following technical scheme: a distributed point-to-point service automatic fusing method under attack comprises the following specific steps:
a: the thread terminal detects whether the global switch, the interception check switch and the automatic fusing switch are in an on state, namely the thread terminal detects a safety switch in a local area network, so that the use safety in the network data operation process is ensured, malicious access information can be intercepted, and meanwhile, when a website is attacked maliciously, the node can be fused automatically to break the connection, so that the point-to-point automatic fusing of the malicious attack is completed, and a safe data transmission environment is provided for the website;
b: receiving an access code provided by the external equipment, namely connecting the external equipment and the server through an interface so as to conveniently finish mutual transmission of data by receiving the access code;
c: the external access code is matched and compared with the internal access code of the register, namely the access code received by the thread terminal is compared with the access code stored in the register, if the external access code is matched with the access code of the same type or similar type, the access code is compared, and if the external access code is not matched with the access code of the same type or similar type, the access code is compared, otherwise, the access information of the external equipment is still reversely output although the malicious attack information cannot be determined;
d: after the access codes are compared, the IP address for accessing the external equipment is obtained through the thread terminal, namely, the access source is registered and recorded by the thread terminal, so that the source reliability and the source reliability of each piece of access information are ensured, and the information transmission safety is improved;
e: the thread terminal determines whether the accessed IP address is in an accessible white list, namely the thread terminal determines whether the accessed IP address is a previously registered and reliable access IP address, the access behavior description information stored in the white list is the access behavior description information which shows no attack behavior, otherwise, the access information of the external equipment is still reversely output although the access behavior description information cannot be determined to be malicious attack information;
f: when the access IP address is determined to be safe, the first sub-thread terminal acquires the access identifier and the key word in the access request, namely the first sub-thread terminal carries out key word detection and characteristic value pickup according to the access request so as to split the access request and facilitate better classification;
g: the first sub-thread terminal determines the grouping and classification of the access identifier and the keywords, namely the first sub-thread terminal can accurately realize the classification and grouping processing according to the picked characteristic values and the keywords to determine the type of data information accessed by the access request, so that the data calling in the register can be conveniently realized;
h: the first sub-thread terminal builds access behavior description information according to the category, the access identification and the key word;
i: the second sub-thread terminal determines the corresponding access factor value in the register according to the behavior description information, and determines whether the register contains description information corresponding to the access type according to the behavior description information, namely, the second sub-thread terminal searches data information which is the same as or similar to the access information in the register through the behavior description information, and calls the factor value corresponding to point-to-point type of the access information, namely, the access times of the data information corresponding to the access information and the access IP address to perform statistics;
j: the second sub-thread terminal accumulates the access factor value and determines whether the accumulated value reaches an access total amount, namely a threshold value for attack detection when the data information in the server is accessed so as to detect the total amount of accessed data in the register and an accessed IP address;
k: if the total accumulated value does not reach the threshold value, the server detects whether the access quantity of the single-piece type data in unit time reaches the threshold value, and if the access quantity in unit time does not reach the preset threshold value, the server repeats the step I and the step J;
l: in the step J, if the total accumulated value reaches a threshold value, the server can determine that the detection server is attacked by a hacker, automatically fusing the switch to be started, cutting off the data connection relation between the IP address and the register, storing the IP address into a blacklist, namely only fusing the fuse between the external equipment and the register, not fusing the main fuse, not influencing the data transmission operation of other equipment, and recording abnormal information of body data access through the memory;
m: and in the step K, when the total accumulated value does not reach the threshold value and the access amount per unit time reaches the preset threshold value, the server can determine that the detection server is attacked by a hacker, the automatic fusing switch is started, the data connection relation between the IP address and the register is cut off, the IP address is stored in a blacklist, namely, only the fuse between the external equipment and the register is fused, the main fuse is not fused, the data transmission operation of other equipment is not influenced, and the abnormal information of the data access of the body is recorded through the memory.
Preferably, the automatic blow switch may blow one or more fuses to select a set of access codes required to access internal registers, multiple sets of access codes may be stored in non-volatile memory, and different sets may be selected for use by blowing different fuses, which may allow different versions of the server to select different access codes, which may help to improve security, for example, if it is known that a hacker has obtained a set of access codes 123, a different set of access codes 123 may be selected for subsequent versions of the server by blowing different fuses 124, and further, in some cases, the set of access codes used by the server may be changed.
Compared with the prior art, the invention has the beneficial effects that:
1. the invention has reasonable design, when the access code provided by the external device is received and the access code is compared and the IP address for accessing the external device is obtained through the thread terminal, and the access IP address is determined to be safe, the first sub-thread terminal obtains the access identifier and the key words in the access request, groups and classifies the access identifier and the key words, constructs a piece of access behavior description information and the number of the access behavior description information containing the user identifier and the group identifier in the preset time is more than the preset threshold value or detects that the access amount per unit time reaches the preset threshold value, the access behavior of the user is regarded as being attacked by hackers, so the access behavior of the user is abstracted into the user behavior description information, the attack detection is carried out based on the access behavior description information, namely, the same number of the access behavior description information exceeds the preset threshold value in the preset time, the access behavior corresponding to the access behavior description information is an attack behavior, the accuracy of the detection result can be improved, the false judgment rate can be reduced, and the preset threshold value during detection is smaller than that which can be set in the prior art, so that the detection sensitivity can be improved, and the false judgment rate is reduced;
2. the server can cause the automatic fusing switch to be started, cut off the data connection relation between the IP address and the register, store the IP address into a blacklist, namely only fusing the fuse between the external equipment and the register, recording the abnormal information of the data access of the body through the memory, not fusing the main fuse, not influencing the data transmission operation of other equipment, fusing one or more fuses by the automatic fusing switch to select a group of access codes required by accessing the internal register, multiple sets of access codes may be stored in non-volatile memory, and different sets may be selected for use by blowing different fuses, this may allow different versions of the server to select different access codes, which may help to improve security, therefore, the independence of cut-off can be ensured, and the service is only prevented from being invaded by a hacker after being interrupted with other services and the normal use of the user is not influenced.
Drawings
FIG. 1 is a schematic view of the overall working process of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, the present invention provides a technical solution: a distributed point-to-point service automatic fusing method under attack comprises the following specific steps:
a: the thread terminal detects whether the global switch, the interception check switch and the automatic fusing switch are in an on state, namely the thread terminal detects a safety switch in a local area network, so that the use safety in the network data operation process is ensured, malicious access information can be intercepted, and meanwhile, when a website is attacked maliciously, the node can be fused automatically to break the connection, so that the point-to-point automatic fusing of the malicious attack is completed, and a safe data transmission environment is provided for the website;
b: receiving an access code provided by the external equipment, namely connecting the external equipment and the server through an interface so as to conveniently finish mutual transmission of data by receiving the access code;
c: the external access code is matched and compared with the internal access code of the register, namely the access code received by the thread terminal is compared with the access code stored in the register, if the external access code is matched with the access code of the same type or similar type, the access code is compared, and if the external access code is not matched with the access code of the same type or similar type, the access code is compared, otherwise, the access information of the external equipment is still reversely output although the malicious attack information cannot be determined;
d: after the access codes are compared, the IP address for accessing the external equipment is obtained through the thread terminal, namely, the access source is registered and recorded by the thread terminal, so that the source reliability and the source reliability of each piece of access information are ensured, and the information transmission safety is improved;
e: the thread terminal determines whether the accessed IP address is in an accessible white list, namely the thread terminal determines whether the accessed IP address is a previously registered and reliable access IP address, the access behavior description information stored in the white list is the access behavior description information which shows no attack behavior, otherwise, the access information of the external equipment is still reversely output although the access behavior description information cannot be determined to be malicious attack information;
f: when the access IP address is determined to be safe, the first sub-thread terminal acquires the access identifier and the key word in the access request, namely the first sub-thread terminal carries out key word detection and characteristic value pickup according to the access request so as to split the access request and facilitate better classification;
g: the first sub-thread terminal determines the grouping and classification of the access identifier and the keywords, namely the first sub-thread terminal can accurately realize the classification and grouping processing according to the picked characteristic values and the keywords to determine the type of data information accessed by the access request, so that the data calling in the register can be conveniently realized;
h: the first sub-thread terminal builds access behavior description information according to the category, the access identification and the key word;
i: the second sub-thread terminal determines the corresponding access factor value in the register according to the behavior description information, and determines whether the register contains description information corresponding to the access type according to the behavior description information, namely, the second sub-thread terminal searches data information which is the same as or similar to the access information in the register through the behavior description information, and calls the factor value corresponding to point-to-point type of the access information, namely, the access times of the data information corresponding to the access information and the access IP address to perform statistics;
j: the second sub-thread terminal accumulates the access factor value and determines whether the accumulated value reaches an access total amount, namely a threshold value for attack detection when the data information in the server is accessed so as to detect the total amount of accessed data in the register and an accessed IP address;
k: if the total accumulated value does not reach the threshold value, the server detects whether the access quantity of the single-piece type data in unit time reaches the threshold value, and if the access quantity in unit time does not reach the preset threshold value, the server repeats the step I and the step J;
l: in the step J, if the total accumulated value reaches a threshold value, the server can determine that the detection server is attacked by a hacker, automatically fusing the switch to be started, cutting off the data connection relation between the IP address and the register, storing the IP address into a blacklist, namely only fusing the fuse between the external equipment and the register, not fusing the main fuse, not influencing the data transmission operation of other equipment, and recording abnormal information of body data access through the memory;
m: and in the step K, when the total accumulated value does not reach the threshold value and the access amount per unit time reaches the preset threshold value, the server can determine that the detection server is attacked by a hacker, the automatic fusing switch is started, the data connection relation between the IP address and the register is cut off, the IP address is stored in a blacklist, namely, only the fuse between the external equipment and the register is fused, the main fuse is not fused, the data transmission operation of other equipment is not influenced, and the abnormal information of the data access of the body is recorded through the memory.
The automatic blow switch may blow one or more fuses to select a set of access codes required to access internal registers, multiple sets of access codes may be stored in non-volatile memory, and different sets may be selected for use by blowing different fuses, this may allow different versions of the server to select different access codes, which may help to improve security, for example, if it is known that a hacker has obtained a set of access codes 123, a different set of access codes 123 may be selected for subsequent versions of the server by blowing a different fuse 124, and, further, in some cases, the set of access codes used by the server may be changed, one or more access codes provided by the external device compared to one or more access codes on the server, and access to the one or more internal registers is granted only if the one or more access codes provided by the external device match the one or more access codes on the server.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (2)

1. A distributed point-to-point service automatic fusing method under attack is characterized in that: the method comprises the following specific steps:
a: the thread terminal detects whether the global switch, the interception check switch and the automatic fusing switch are in an on state, namely the thread terminal detects a safety switch in a local area network, so that the use safety in the network data operation process is ensured, malicious access information can be intercepted, and meanwhile, when a website is attacked maliciously, the node can be fused automatically to break the connection, so that the point-to-point automatic fusing of the malicious attack is completed, and a safe data transmission environment is provided for the website;
b: receiving an access code provided by the external equipment, namely connecting the external equipment and the server through an interface so as to conveniently finish mutual transmission of data by receiving the access code;
c: the external access code is matched and compared with the internal access code of the register, namely the access code received by the thread terminal is compared with the access code stored in the register, if the external access code is matched with the access code of the same type or similar type, the access code is compared, and if the external access code is not matched with the access code of the same type or similar type, the access code is compared, otherwise, the access information of the external equipment is still reversely output although the malicious attack information cannot be determined;
d: after the access codes are compared, the IP address for accessing the external equipment is obtained through the thread terminal, namely, the access source is registered and recorded by the thread terminal, so that the source reliability and the source reliability of each piece of access information are ensured, and the information transmission safety is improved;
e: the thread terminal determines whether the accessed IP address is in an accessible white list, namely the thread terminal determines whether the accessed IP address is a previously registered and reliable access IP address, the access behavior description information stored in the white list is the access behavior description information which shows no attack behavior, otherwise, the access information of the external equipment is still reversely output although the access behavior description information cannot be determined to be malicious attack information;
f: when the access IP address is determined to be safe, the first sub-thread terminal acquires the access identifier and the key word in the access request, namely the first sub-thread terminal carries out key word detection and characteristic value pickup according to the access request so as to split the access request and facilitate better classification;
g: the first sub-thread terminal determines the grouping and classification of the access identifier and the keywords, namely the first sub-thread terminal can accurately realize the classification and grouping processing according to the picked characteristic values and the keywords to determine the type of data information accessed by the access request, so that the data calling in the register can be conveniently realized;
h: the first sub-thread terminal builds access behavior description information according to the category, the access identification and the key word;
i: the second sub-thread terminal determines the corresponding access factor value in the register according to the behavior description information, and determines whether the register contains description information corresponding to the access type according to the behavior description information, namely, the second sub-thread terminal searches data information which is the same as or similar to the access information in the register through the behavior description information, and calls the factor value corresponding to point-to-point type of the access information, namely, the access times of the data information corresponding to the access information and the access IP address to perform statistics;
j: the second sub-thread terminal accumulates the access factor value and determines whether the accumulated value reaches an access total amount, namely a threshold value for attack detection when the data information in the server is accessed so as to detect the total amount of accessed data in the register and an accessed IP address;
k: if the total accumulated value does not reach the threshold value, the server detects whether the access quantity of the single-piece type data in unit time reaches the threshold value, and if the access quantity in unit time does not reach the preset threshold value, the server repeats the step I and the step J;
l: in the step J, if the total accumulated value reaches a threshold value, the server can determine that the detection server is attacked by a hacker, automatically fusing the switch to be started, cutting off the data connection relation between the IP address and the register, storing the IP address into a blacklist, namely only fusing the fuse between the external equipment and the register, not fusing the main fuse, not influencing the data transmission operation of other equipment, and recording abnormal information of body data access through the memory;
m: and in the step K, when the total accumulated value does not reach the threshold value and the access amount per unit time reaches the preset threshold value, the server can determine that the detection server is attacked by a hacker, the automatic fusing switch is started, the data connection relation between the IP address and the register is cut off, the IP address is stored in a blacklist, namely, only the fuse between the external equipment and the register is fused, the main fuse is not fused, the data transmission operation of other equipment is not influenced, and the abnormal information of the data access of the body is recorded through the memory.
2. The method according to claim 1, wherein the distributed peer-to-peer service is automatically blown by an attack, and the method comprises the following steps: the automatic fusing switch can fuse one or more fuses to select one group of access codes required for accessing the internal register, store multiple groups of access codes in the nonvolatile memory, and select different groups by fusing different fuses to allow different versions of the server to select different access codes, which is helpful for improving safety.
CN202010141667.9A 2020-03-04 2020-03-04 Method for automatically fusing attacked distributed point-to-point service Pending CN111371784A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010141667.9A CN111371784A (en) 2020-03-04 2020-03-04 Method for automatically fusing attacked distributed point-to-point service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010141667.9A CN111371784A (en) 2020-03-04 2020-03-04 Method for automatically fusing attacked distributed point-to-point service

Publications (1)

Publication Number Publication Date
CN111371784A true CN111371784A (en) 2020-07-03

Family

ID=71211755

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010141667.9A Pending CN111371784A (en) 2020-03-04 2020-03-04 Method for automatically fusing attacked distributed point-to-point service

Country Status (1)

Country Link
CN (1) CN111371784A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115328727A (en) * 2022-07-25 2022-11-11 江苏财经职业技术学院 Big data computer network safety early warning device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100064366A1 (en) * 2008-09-11 2010-03-11 Alibaba Group Holding Limited Request processing in a distributed environment
CN105577608A (en) * 2014-10-08 2016-05-11 腾讯科技(深圳)有限公司 Network attack behavior detection method and network attack behavior detection device
CN106778260A (en) * 2016-12-31 2017-05-31 网易无尾熊(杭州)科技有限公司 Attack detection method and device
CN107465651A (en) * 2016-06-06 2017-12-12 腾讯科技(深圳)有限公司 Network attack detecting method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100064366A1 (en) * 2008-09-11 2010-03-11 Alibaba Group Holding Limited Request processing in a distributed environment
CN105577608A (en) * 2014-10-08 2016-05-11 腾讯科技(深圳)有限公司 Network attack behavior detection method and network attack behavior detection device
CN107465651A (en) * 2016-06-06 2017-12-12 腾讯科技(深圳)有限公司 Network attack detecting method and device
CN106778260A (en) * 2016-12-31 2017-05-31 网易无尾熊(杭州)科技有限公司 Attack detection method and device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115328727A (en) * 2022-07-25 2022-11-11 江苏财经职业技术学院 Big data computer network safety early warning device

Similar Documents

Publication Publication Date Title
CN108737333B (en) Data detection method and device
CN108989150B (en) Login abnormity detection method and device
CN100580644C (en) Communication control device and communication control system
CA2859131C (en) Systems and methods for spam detection using character histograms
CN109768992B (en) Webpage malicious scanning processing method and device, terminal device and readable storage medium
CN110012005B (en) Method and device for identifying abnormal data, electronic equipment and storage medium
CN106330944B (en) Malicious system vulnerability scanner identification method and device
US11178114B2 (en) Data processing method, device, and system
CN111314285B (en) Method and device for detecting route prefix attack
CN108449349B (en) Method and device for preventing malicious domain name attack
JP2020174257A (en) Registration system, registration method, and registration program
JP2016033690A (en) Illegal intrusion detection device, illegal intrusion detection method, illegal intrusion detection program, and recording medium
CN111897834A (en) Log searching method and device and server
CN111371784A (en) Method for automatically fusing attacked distributed point-to-point service
CN113535823B (en) Abnormal access behavior detection method and device and electronic equipment
CN111741127B (en) Communication connection blocking method and device, electronic equipment and storage medium
CN107172033A (en) A kind of WAF erroneous judgement recognition methods and device
CN111625700A (en) Anti-grabbing method, device, equipment and computer storage medium
CN111866995B (en) WeChat applet-based intelligent device network distribution method and system
CN115567316A (en) Method and device for detecting abnormality of access data
CN108228834B (en) Internet protocol address query and storage method and device and electronic equipment
CN110808972B (en) Data stream identification method and device
CN113992364A (en) Network data packet blocking optimization method and system
CN113672248A (en) Patch acquisition method, device, server and storage medium
CN106714122B (en) Short message transmission virus detection method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200703

RJ01 Rejection of invention patent application after publication