CN112073426A - Website scanning detection method, system and equipment in cloud protection environment - Google Patents
Website scanning detection method, system and equipment in cloud protection environment Download PDFInfo
- Publication number
- CN112073426A CN112073426A CN202010973272.5A CN202010973272A CN112073426A CN 112073426 A CN112073426 A CN 112073426A CN 202010973272 A CN202010973272 A CN 202010973272A CN 112073426 A CN112073426 A CN 112073426A
- Authority
- CN
- China
- Prior art keywords
- website
- alarm
- cloud protection
- blocking
- current
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 90
- 230000000903 blocking effect Effects 0.000 claims abstract description 55
- 238000000034 method Methods 0.000 claims abstract description 33
- 230000006399 behavior Effects 0.000 claims description 64
- 238000004590 computer program Methods 0.000 claims description 13
- 230000004044 response Effects 0.000 claims description 13
- 238000004458 analytical method Methods 0.000 claims description 11
- 238000010801 machine learning Methods 0.000 claims description 10
- 238000012360 testing method Methods 0.000 claims description 3
- 230000000694 effects Effects 0.000 abstract description 3
- 238000012549 training Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 2
- 238000004140 cleaning Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Evolutionary Computation (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Artificial Intelligence (AREA)
- Data Mining & Analysis (AREA)
- Medical Informatics (AREA)
- Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a website scanning detection method under a cloud protection environment, a network access log based on the cloud protection environment is analyzed, a behavior recognition model is used for determining a behavior type corresponding to the access log, and in order to reduce the false detection rate, when the behavior type is a scanning behavior, the method can further judge whether a blocking condition is met, so that the condition that an error detection result is obtained due to low access amount is avoided, and the detection efficiency of the scanning behavior is improved. In addition, the application also provides a website scanning detection system, equipment and a readable storage medium under the cloud protection environment, and the technical effect of the method corresponds to that of the method.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method, a system, a device, and a readable storage medium for scanning and detecting a website in a cloud protection environment.
Background
In the background of cloud computing, many websites begin to abandon traditional hardware WAF devices, and gradually go to cloud protection of zero deployment and zero operation and maintenance. However, with the complexity and diversity of network threats, the means of hackers are continuously upgraded, and the adopted attack means are more accurate and more secret. However, the general attack process cannot be separated from the initial malicious scanning detection, so that the target to be attacked can be more understood.
Scanning detection in a cloud protection environment becomes extremely important, at the present stage, the rule of a data packet is mainly extracted, the judgment rule is single, although the misjudgment rate is low, the upgrading scanning behavior of many hackers cannot be detected, and therefore information leakage is caused, and the probability of illegal invasion is increased.
Therefore, how to provide a detection scheme of scanning behavior in a cloud protection environment to avoid information leakage is a problem to be solved by technical personnel in the field urgently.
Disclosure of Invention
The application aims to provide a website scanning detection method, a website scanning detection system, a website scanning detection device and a readable storage medium in a cloud protection environment, and aims to solve the problems that a scanning behavior detection scheme in the current cloud protection environment cannot detect hacker upgrading scanning behaviors, and information leakage risks exist. The specific scheme is as follows:
in a first aspect, the present application provides a website scanning detection method in a cloud protection environment, including:
acquiring an access log of a target website from a cloud protection engine;
determining a behavior type corresponding to the access log by using a behavior recognition model based on machine learning;
when the behavior type is a scanning behavior, judging whether a current IP reaches a blocking condition, wherein the current IP is the IP which is recorded in the access log and initiates access to the target website, and the blocking condition is as follows: the number of times that the target website is accessed in a preset time range exceeds a first threshold, and the proportion of 403 to 404 in the response code of the target website in the preset time range exceeds a second threshold;
and if so, blocking the current IP in a network layer.
Preferably, before the collecting the access log of the target website from the cloud protection engine, the method further includes:
determining a target website according to configuration information, and guiding access flow of the target website to a cloud protection engine, wherein the configuration information comprises: domain name, IP, port number.
Preferably, the configuration information further includes an alarm parameter, and after the current IP is blocked at the network layer, the configuration information further includes:
acquiring alarm parameters of the target website, and giving an alarm according to the alarm parameters, wherein the alarm parameters comprise any one or more of the following items: alarm mode, alarm contact person and alarm time.
Preferably, after the blocking the current IP at the network layer, the method further includes:
generating a lockout record, wherein the lockout record includes the following information: current IP, blocking time, target web site.
Preferably, the blocking the current IP at the network layer includes:
determining the number of times of the current IP is blocked according to a historical blocking record; and determining the blocking time according to the times, and blocking the current IP in a network layer.
In a second aspect, the present application provides a website scanning detection system in a cloud protection environment, including:
big data log platform: the system comprises a cloud protection engine, a database and a database, wherein the cloud protection engine is used for acquiring an access log of a target website;
an analysis detection module: the behavior recognition module is used for determining a behavior type corresponding to the access log by utilizing a behavior recognition model based on machine learning; when the behavior type is a scanning behavior, judging whether a current IP reaches a blocking condition, wherein the current IP is the IP which is recorded in the access log and initiates access to the target website, and the blocking condition is as follows: the number of times that the target website is accessed in a preset time range exceeds a first threshold, and the proportion of 403 to 404 in the response code of the target website in the preset time range exceeds a second threshold;
scanning detection management platform: and the method is used for blocking the current IP in the network layer when the current IP reaches the blocking condition.
Preferably, the scan test management platform is further configured to:
determining a target website according to configuration information, and guiding access flow of the target website to a cloud protection engine, wherein the configuration information comprises: domain name, IP, port number.
Preferably, the method further comprises the following steps:
and (4) an alarm server: the method is used for acquiring alarm parameters of the target website and giving an alarm according to the alarm parameters, wherein the alarm parameters comprise any one or more of the following items: alarm mode, alarm contact person and alarm time.
In a third aspect, the present application provides a website scanning detection device in a cloud protection environment, including:
a memory: for storing a computer program;
a processor: the computer program is used for executing the computer program to realize the website scanning detection method in the cloud protection environment.
In a fourth aspect, the present application provides a readable storage medium, which stores a computer program, and the computer program is used for implementing the website scan detection method in the cloud protection environment as described above when being executed by a processor.
The application provides a website scanning detection method under a cloud protection environment, which comprises the following steps: acquiring an access log of a target website from a cloud protection engine; determining a behavior type corresponding to the access log by using a behavior recognition model based on machine learning; and when the behavior type is a scanning behavior, judging whether the current IP reaches a blocking condition, and if so, blocking the current IP in a network layer. Wherein the current IP is the IP which is recorded in the access log and initiates access to the target website, and the blocking condition is as follows: the number of times that the target website is accessed within the preset time range exceeds a first threshold, and the proportion of 403 to 404 in the response code of the target website within the preset time range exceeds a second threshold.
Therefore, the method is based on analysis of the network access log of the cloud protection environment, the behavior type corresponding to the access log is determined by the behavior recognition model, in order to reduce the false alarm rate of detection, whether the blocking condition is met or not can be further judged when the behavior type is a scanning behavior, the wrong detection result obtained due to low access amount is avoided, and the detection efficiency of the scanning behavior is improved.
In addition, the application also provides a website scanning detection system, equipment and a readable storage medium under the cloud protection environment, and the technical effect of the website scanning detection system corresponds to that of the method, and is not repeated herein.
Drawings
For a clearer explanation of the embodiments or technical solutions of the prior art of the present application, the drawings needed for the description of the embodiments or prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart of a first embodiment of a website scanning detection method in a cloud protection environment according to the present application;
fig. 2 is a schematic process diagram of a second embodiment of a website scanning detection method in a cloud protection environment according to the present application;
fig. 3 is a functional block diagram of an embodiment of a website scanning detection system in a cloud protection environment according to the present application;
fig. 4 is a schematic structural diagram of an embodiment of a website scanning detection device in a cloud protection environment according to the present application.
Detailed Description
In order that those skilled in the art will better understand the disclosure, the following detailed description will be given with reference to the accompanying drawings. It is to be understood that the embodiments described are only a few embodiments of the present application and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In the prior art, the scanning detection method under the cloud protection environment is not focused, at present, scanning behaviors are mainly detected through single rule matching under the cloud protection environment, for example, UA carried by a specific scanner is used as a detection feature, but the scanning detection mode under the cloud protection environment is single, the report missing rate is high, and the detection rate is low. The advanced scanning behavior of the website cannot be detected in the cloud protection environment, the problem that key basic information such as the running state of a server is leaked cannot be solved, and a hacker utilizes a security hole to carry out illegal intrusion. There is not better technical scheme to satisfy people's detection demand to the scanning action under the current cloud protection environment yet.
In order to solve the problem, the application provides a website scanning detection method, a website scanning detection system, a website scanning detection device and a readable storage medium in a cloud protection environment.
Referring to fig. 1, a first embodiment of a website scanning detection method in a cloud protection environment provided by the present application is described below, where the first embodiment includes:
s101, acquiring an access log of a target website from a cloud protection engine;
the target website is a preset website which needs to be scanned and detected, specifically, information such as a domain name of the website, an IP of the website, a used port and the like can be set, and after the setting is completed, access flow of the target website is guided to a cloud protection engine, namely, flow protection and cleaning equipment in a cloud protection environment.
Therefore, before S101, the following steps may be further included: determining a target website according to configuration information, and guiding access flow of the target website to a cloud protection engine, wherein the configuration information comprises: domain name, IP, port number.
S102, determining a behavior type corresponding to the access log by using a behavior recognition model based on machine learning;
the machine learning training characteristics are converted from scanning behaviors, relevant access logs of the scanning behaviors (including different machine scanning behaviors) of daily and normal running websites (including different website types) in the cloud protection environment are extracted, the logs are analyzed, the characteristics are extracted, an algorithm model is established, and a behavior recognition model is obtained through training.
S103, when the behavior type is a scanning behavior, judging whether the current IP reaches a blocking condition, if so, entering S104, otherwise, not processing;
wherein the current IP is an IP which is recorded in an access log and initiates access to a target website, and the blocking condition is as follows: the number of times that the target website is accessed within the preset time range exceeds a first threshold, and the proportion of 403 to 404 in the response code of the target website within the preset time range exceeds a second threshold.
And S104, blocking the current IP in a network layer.
Specifically, after each lockout, a lockout record may be generated, wherein the lockout record includes the following information: current IP, blocking time, target web site.
As a preferred embodiment, the blocking time duration of this time may be determined according to the number of times that the current IP is blocked, and the greater the number of times that the IP is blocked in the past period of time, the longer the blocking time duration of this time. Thus, S104 may specifically be: determining the number of times of the current IP block according to the historical block record; and determining the blocking time according to the blocked times, and blocking the current IP in a network layer.
After the current IP is blocked, corresponding alarm can be carried out. Specifically, when a target website which needs to be scanned and detected is set, an alarm strategy of the target website is set at the same time, when it is determined that the current IP needs to be blocked, an alarm parameter of the target website can be obtained, and an alarm is given according to the alarm parameter, wherein the alarm parameter comprises any one or more of the following items: alarm mode, alarm contact person and alarm time.
The website scanning detection method under the cloud protection environment provided by the embodiment is applied to the cloud protection environment, breaks through the original single rule detection mode, and provides a scanning detection technical scheme with low false alarm rate, high detection rate and low missing report rate under the cloud protection environment. Specifically, the network access log based on the cloud protection environment is analyzed, the behavior type corresponding to the access log is determined by using the behavior recognition model, and in order to reduce the false alarm rate of detection, whether the blocking condition is met or not can be further judged when the behavior type is a scanning behavior, so that the phenomenon that an error detection result is obtained due to low access amount is avoided, and the detection efficiency of the scanning behavior is improved.
The second embodiment of the website scanning detection method in the cloud protection environment provided by the present application is described in detail below, and is implemented based on the first embodiment, and is expanded to a certain extent on the basis of the first embodiment.
Referring to fig. 2, the second embodiment specifically includes:
s201, establishing a scanning detection management platform, setting a target website to be detected on the scanning detection management platform according to the requirements of a client, wherein the mainly added information comprises information such as a domain name of the website, an IP (Internet protocol) of the website, a used port and the like. After basic configuration information of the website is input, the access flow of the target website is guided to a cloud protection engine. And starting scanning detection on the target website on a scanning detection management platform, and setting alarm parameters, such as an alarm contact person, a contact way, an alarm way and the like.
The scanning detection management platform is a set of platform built based on a cloud protection environment, can set a scanning detection website in a user-defined mode, display a detection result, display an IP blocking state after detection, set a scanning detection result alarm mode (short messages, mails and the like), and can also display statistics, icons and the like of the scanning detection result globally.
S202, sending the access log of the target website in the cloud protection environment to an analysis and detection module in real time, and determining the corresponding behavior type by the analysis and detection module through a behavior recognition model. The identification result of the behavior type is an estimation result, and mainly comprises the following two results: a scanning behavior and a non-scanning behavior.
The analysis detection module is used for analyzing and processing the access logs of the website in a cloud protection environment, and the analysis detection module is used for identifying the scanning behavior based on training characteristics provided by the scanning behavior in combination with machine learning, wherein the training characteristics can include HTTP response codes, the times of appointed IP access in a past fixed time period, the number proportion of the same IP in the past fixed time and the current access log, 404 response code proportion, the variance of an access port, the number proportion of the same IP in the past fixed time log and the current log, 404 response code proportion, access port variance and the like.
S203, when the identified behavior type is a scanning behavior, in order to reduce the false detection rate, in this embodiment, a condition for blocking detection is set, for example, a threshold of the access amount of the target website within a period of time, and when the response code 403, 404 reaches a certain duty ratio, it is determined that the current scanning behavior needs to be blocked only when the set condition is satisfied.
And S204, blocking the detected scanning IP in the network layer, and no longer generating an access log after blocking. And generating a blocking record, transmitting the blocking record to a big data analysis platform, and presenting the result on a scanning detection management platform, wherein the presented content mainly comprises a scanning IP, a scanned website domain name, scanning time, blocking duration and the like.
The big data log platform can store the access log of the website under the cloud protection environment and also can store the scanning detection record which is judged to be the scanning behavior. And when the scanning behavior is judged to be the scanning behavior by the analysis and detection module, sending a detection result log to a big data log platform for the scanning detection management platform to call.
S205, the alarm server is used for making alarm notification according to the alarm parameters set by the management platform, and meanwhile, the scanning detection and alarm notification results and the statistical form can be seen on the scanning detection management platform.
The alarm server is a message sending channel and can give an alarm notification of the detection result to the alarm contact person according to the alarm parameters (contact person, alarm mode, alarm time and the like) set by the scanning detection management platform.
As can be seen, in the website scanning detection method under the cloud protection environment provided by this embodiment, the website access log on the cloud protection engine is sent to the analysis module in real time for detection, further judgment is made on the result according to the blocking condition after deep analysis and detection by machine learning, the IP is blocked when the website access amount and the response codes of 403 and 404 reach a certain proportion, the blocking record is sent to the big data log platform, the result is sent to the scanning detection management platform, and finally the alarm prompt of the detection result is made according to the preset alarm setting. The detection effect of the scanning behavior is improved, and false alarm and false negative are reduced, so that the occurrence probability of safety events is reduced. Moreover, scanning and response blocking results can be well displayed on a management platform, the perception of website security scanning situation by website management personnel is increased, and scanning detection result notification can be received very timely.
In the following, a website scanning and detecting system in a cloud protection environment provided by an embodiment of the present application is introduced, and a website scanning and detecting system in a cloud protection environment described below and a website scanning and detecting method in a cloud protection environment described above may be referred to correspondingly.
As shown in fig. 3, the website scanning and detecting system in the cloud protection environment of the embodiment includes:
big data log platform 301: the system comprises a cloud protection engine, a database and a database, wherein the cloud protection engine is used for acquiring an access log of a target website;
the analysis detection module 302: the behavior recognition model based on machine learning is used for determining the behavior type corresponding to the access log; when the behavior type is a scanning behavior, judging whether the current IP reaches a blocking condition, wherein the current IP is the IP which is recorded in an access log and initiates access to a target website, and the blocking condition is as follows: the number of times of accessing the target website within a preset time range exceeds a first threshold, and the proportion of 403 to 404 in the response code of the target website within the preset time range exceeds a second threshold;
scanning detection management platform 303: and the method is used for blocking the current IP in the network layer when the current IP reaches the blocking condition.
In some specific embodiments, the scan test management platform is further configured to:
determining a target website according to configuration information, and guiding access flow of the target website to a cloud protection engine, wherein the configuration information comprises: domain name, IP, port number.
In some specific embodiments, the method further comprises:
and (4) an alarm server: the method is used for acquiring alarm parameters of a target website and giving an alarm according to the alarm parameters, wherein the alarm parameters comprise any one or more of the following items: alarm mode, alarm contact person and alarm time.
The website scanning and detecting system in the cloud protection environment of this embodiment is used to implement the website scanning and detecting method in the cloud protection environment, so the specific implementation of the system can be seen in the foregoing embodiment of the website scanning and detecting method in the cloud protection environment, and a description thereof is not repeated here.
In addition, since the website scanning and detecting system in the cloud protection environment of this embodiment is used to implement the website scanning and detecting method in the cloud protection environment, the role of the website scanning and detecting system corresponds to that of the method described above, and details are not repeated here.
In addition, the present application further provides a website scanning detection device in a cloud protection environment, as shown in fig. 4, including:
the memory 100: for storing a computer program;
the processor 200: for executing a computer program to implement the method for detecting website scanning in a cloud protection environment as described above.
Finally, the present application provides a readable storage medium storing a computer program, which when executed by a processor is configured to implement the method for detecting website scanning in a cloud protection environment as described above.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The above detailed descriptions of the solutions provided in the present application, and the specific examples applied herein are set forth to explain the principles and implementations of the present application, and the above descriptions of the examples are only used to help understand the method and its core ideas of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (10)
1. A website scanning detection method under a cloud protection environment is characterized by comprising the following steps:
acquiring an access log of a target website from a cloud protection engine;
determining a behavior type corresponding to the access log by using a behavior recognition model based on machine learning;
when the behavior type is a scanning behavior, judging whether a current IP reaches a blocking condition, wherein the current IP is the IP which is recorded in the access log and initiates access to the target website, and the blocking condition is as follows: the number of times that the target website is accessed in a preset time range exceeds a first threshold, and the proportion of 403 to 404 in the response code of the target website in the preset time range exceeds a second threshold;
and if so, blocking the current IP in a network layer.
2. The method of claim 1, prior to the collecting the access log of the target website from the cloud protection engine, further comprising:
determining a target website according to configuration information, and guiding access flow of the target website to a cloud protection engine, wherein the configuration information comprises: domain name, IP, port number.
3. The method of claim 2, wherein the configuration information further includes an alarm parameter, further comprising, after the blocking of the current IP at the network layer:
acquiring alarm parameters of the target website, and giving an alarm according to the alarm parameters, wherein the alarm parameters comprise any one or more of the following items: alarm mode, alarm contact person and alarm time.
4. The method of claim 1, wherein after said blocking of said current IP at the network layer, further comprising:
generating a lockout record, wherein the lockout record includes the following information: current IP, blocking time, target web site.
5. The method of claim 4, wherein said blocking the current IP at a network layer comprises:
determining the number of times of the current IP is blocked according to a historical blocking record; and determining the blocking time according to the times, and blocking the current IP in a network layer.
6. A website scanning detection system under a cloud protection environment, comprising:
big data log platform: the system comprises a cloud protection engine, a database and a database, wherein the cloud protection engine is used for acquiring an access log of a target website;
an analysis detection module: the behavior recognition module is used for determining a behavior type corresponding to the access log by utilizing a behavior recognition model based on machine learning; when the behavior type is a scanning behavior, judging whether a current IP reaches a blocking condition, wherein the current IP is the IP which is recorded in the access log and initiates access to the target website, and the blocking condition is as follows: the number of times that the target website is accessed in a preset time range exceeds a first threshold, and the proportion of 403 to 404 in the response code of the target website in the preset time range exceeds a second threshold;
scanning detection management platform: and the method is used for blocking the current IP in the network layer when the current IP reaches the blocking condition.
7. The system of claim 6, wherein the scan test management platform is further configured to:
determining a target website according to configuration information, and guiding access flow of the target website to a cloud protection engine, wherein the configuration information comprises: domain name, IP, port number.
8. The system of claim 6, further comprising:
and (4) an alarm server: the method is used for acquiring alarm parameters of the target website and giving an alarm according to the alarm parameters, wherein the alarm parameters comprise any one or more of the following items: alarm mode, alarm contact person and alarm time.
9. A website scanning detection device under a cloud protection environment, comprising:
a memory: for storing a computer program;
a processor: the computer program is used for executing the computer program to realize the website scanning detection method in the cloud protection environment according to any one of claims 1 to 5.
10. A readable storage medium, wherein the readable storage medium stores a computer program, and the computer program is used for implementing the website scanning detection method in the cloud protection environment according to any one of claims 1 to 5 when being executed by a processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010973272.5A CN112073426A (en) | 2020-09-16 | 2020-09-16 | Website scanning detection method, system and equipment in cloud protection environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010973272.5A CN112073426A (en) | 2020-09-16 | 2020-09-16 | Website scanning detection method, system and equipment in cloud protection environment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112073426A true CN112073426A (en) | 2020-12-11 |
Family
ID=73696005
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010973272.5A Pending CN112073426A (en) | 2020-09-16 | 2020-09-16 | Website scanning detection method, system and equipment in cloud protection environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112073426A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116582371A (en) * | 2023-07-13 | 2023-08-11 | 上海观安信息技术股份有限公司 | Detection method and device of scanner, storage medium and electronic equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140366118A1 (en) * | 2013-06-05 | 2014-12-11 | Fortinet, Inc. | Cloud based logging service |
| CN105763561A (en) * | 2016-04-15 | 2016-07-13 | 杭州华三通信技术有限公司 | Attack defense method and device |
| CN109218294A (en) * | 2018-08-21 | 2019-01-15 | 杭州安恒信息技术股份有限公司 | Anti-scanning method, device and server based on machine learning bayesian algorithm |
-
2020
- 2020-09-16 CN CN202010973272.5A patent/CN112073426A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140366118A1 (en) * | 2013-06-05 | 2014-12-11 | Fortinet, Inc. | Cloud based logging service |
| CN105763561A (en) * | 2016-04-15 | 2016-07-13 | 杭州华三通信技术有限公司 | Attack defense method and device |
| CN109218294A (en) * | 2018-08-21 | 2019-01-15 | 杭州安恒信息技术股份有限公司 | Anti-scanning method, device and server based on machine learning bayesian algorithm |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116582371A (en) * | 2023-07-13 | 2023-08-11 | 上海观安信息技术股份有限公司 | Detection method and device of scanner, storage medium and electronic equipment |
| CN116582371B (en) * | 2023-07-13 | 2023-09-22 | 上海观安信息技术股份有限公司 | Detection method and device of scanner, storage medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108471429B (en) | Network attack warning method and system | |
| CN108881265B (en) | Network attack detection method and system based on artificial intelligence | |
| CN108683687B (en) | Network attack identification method and system | |
| US9369479B2 (en) | Detection of malware beaconing activities | |
| CN108833186B (en) | Network attack prediction method and device | |
| CN108881263B (en) | Network attack result detection method and system | |
| US9870470B2 (en) | Method and apparatus for detecting a multi-stage event | |
| CN111756759B (en) | Network attack tracing method, device and equipment | |
| CN108833185B (en) | Network attack route restoration method and system | |
| CN110581827B (en) | Detection method and device for brute force cracking | |
| US20050097339A1 (en) | Method and system for addressing intrusion attacks on a computer system | |
| CN110881043A (en) | Method and device for detecting web server vulnerability | |
| CN107733699B (en) | Internet asset security management method, system, device and readable storage medium | |
| CN110460611B (en) | Machine learning-based full-flow attack detection technology | |
| CN110351237B (en) | Honeypot method and device for numerical control machine tool | |
| CN113132316A (en) | Web attack detection method and device, electronic equipment and storage medium | |
| CN109005181B (en) | Detection method, system and related components for DNS amplification attack | |
| CN114024709A (en) | Defense method, XSS vulnerability searching method, flow detection equipment and storage medium | |
| CN113987508A (en) | Vulnerability processing method, device, equipment and medium | |
| CN112217777A (en) | Attack backtracking method and equipment | |
| CN112073426A (en) | Website scanning detection method, system and equipment in cloud protection environment | |
| KR101022167B1 (en) | Apparatus for optimizing log of intrusion detection system with consideration of the vulnerability of the network devices | |
| CN115396218A (en) | Enterprise API (application program interface) safety control method and system based on flow analysis | |
| CN110493240B (en) | Website tampering detection method and device, storage medium and electronic device | |
| CN106993005A (en) | The method for early warning and system of a kind of webserver |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201211 |