CN112532605B - Network attack tracing method and system, storage medium and electronic device - Google Patents
Network attack tracing method and system, storage medium and electronic device Download PDFInfo
- Publication number
- CN112532605B CN112532605B CN202011319020.7A CN202011319020A CN112532605B CN 112532605 B CN112532605 B CN 112532605B CN 202011319020 A CN202011319020 A CN 202011319020A CN 112532605 B CN112532605 B CN 112532605B
- Authority
- CN
- China
- Prior art keywords
- information
- access
- user
- attacker
- network attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/146—Tracing the source of attacks
Abstract
The invention discloses a method and a system for tracing network attacks, a storage medium and electronic equipment. The method comprises the steps of receiving an access data stream message of a network attack sent by a server; extracting characteristic identification information according to the access data stream message; the characteristic identification information is compared with the information stored in the user information database according to the preset priority order to be inquired so as to determine the identity information of the network attack, thereby solving the technical problem of how to accurately and efficiently find the information of the network attacker in the related technology and achieving the technical effect of improving the identification accuracy and efficiency.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a network attack tracing method and system, a storage medium and electronic equipment.
Background
In recent years, with the increasing popularity of networks, attack techniques and attack means adopted by network attackers have a new trend. Network security issues also require network users to pay constant attention and take effective security precautions.
In the prior art, the source of the internal attack is searched through the existing warning information and historical warning information, after the internal source is found, the external equipment connected with the internal source is judged, then the identification IP address of the external equipment, namely the IP address of an attacker, is obtained, and then the local threat information base is inquired according to the obtained IP of the attacker to obtain the relevant information of the attacker. However, the method depends on the acquired IP address of the attacker and a local threat information base, and has three problems, namely that the current attackers initiate attacks through agents, and the acquired IP addresses of the attackers are basically agent IP addresses; secondly, the local threat information library depends on the outside, the validity and the authenticity of data are not verified, the data are not always complete, and even if the real IP address of the attacker is obtained, the attacker cannot be accurately positioned; thirdly, the local threat intelligence base depends on data provided by each external place, a large amount of financial resources and material resources are needed to be spent for maintenance, and the time-consuming and labor-consuming process is complex.
A better solution does not exist for how to accurately and efficiently find the identity information of the network attacker in the related technology.
Disclosure of Invention
The embodiment of the invention provides a network attack tracing method and system, a storage medium and electronic equipment, which at least solve the technical problem of how to accurately and efficiently find information of a network attacker in the related technology.
According to an aspect of the embodiments of the present invention, a method for tracing a network attack is provided, including:
receiving an access data stream message of network attack sent by a server, and extracting characteristic identification information according to the access data stream message, wherein the characteristic identification information comprises access Cookie information, authentication Cookie information, access equipment fingerprint information and access data stream IP address information;
comparing and querying the characteristic identification information with information stored in a user information database according to a preset priority order to determine identity information of the network attack;
the priority sequence is respectively authentication Cookie information, access equipment fingerprint information and access data stream IP address information from high to low.
According to another aspect of the embodiments of the present invention, there is also provided a system for tracing a network attack, including:
the characteristic extraction module is used for receiving an access data stream message of network attack sent by a server and extracting characteristic identification information according to the access data stream message, wherein the characteristic identification information comprises access Cookie information, authentication Cookie information, access equipment fingerprint information and access data stream IP address information;
the query comparison module is used for comparing and querying the characteristic identification information with information stored in a user information database according to a preset priority order so as to determine identity information of the network attack;
the priority sequence is respectively authentication Cookie information, access equipment fingerprint information and access data stream IP address information from high to low.
According to still another aspect of the embodiments of the present invention, there is also provided a computer-readable storage medium having a computer program stored therein, wherein the computer program is configured to execute the above-mentioned determining method when running.
According to still another aspect of the embodiments of the present invention, there is also provided an electronic device, including a memory and a processor, where the memory stores a computer program, and the processor is configured to execute the method for determining the behavior by the computer program.
In the embodiment of the invention, the access data flow message of the network attack sent by the server is received; extracting characteristic identification information according to the access data stream message; the characteristic identification information is compared with the information stored in the user information database according to the preset priority order to be inquired so as to determine the identity information of the network attack, thereby solving the technical problem of how to accurately and efficiently find the information of the network attacker in the related technology and achieving the technical effect of improving the identification accuracy and efficiency.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a flowchart of a method for tracing a network attack according to an embodiment of the present invention;
fig. 2 is a block diagram of a system architecture of a cyber attack tracing according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
According to an aspect of the embodiment of the present invention, a method for tracing a network attack source is provided, and optionally, as an optional implementation manner, the method for tracing a network attack source in the embodiment may be executed in a manner of a computer program, and may be applied to a terminal, a server, or a similar operation device or an electronic device. For example, the computing device or electronic device may include one or more processors (the processors may include, but are not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA) and a memory for storing data, and may further include a transmission device for communication functions and an input/output device. It may also include more or fewer components than previously described, or have a different configuration than that shown. The memory may be used to store computer programs, for example, software programs and modules of application software, such as computer programs corresponding to the behavior determination method in the embodiment of the present invention, and the processor executes various functional applications and data processing by running the computer programs stored in the memory, that is, implementing the method described above. The memory may include high speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some instances, the memory may further include memory remotely located from the processor, which may be connected to the mobile terminal over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof. The transmission device is used for receiving or transmitting data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of the mobile terminal. In one example, the transmission device includes a Network adapter (NIC), which can be connected to other Network devices through a base station so as to communicate with the internet. In one example, the transmission device may be a Radio Frequency (RF) module, which is used to communicate with the internet in a wireless manner.
As an exemplary, optional implementation manner, fig. 1 is a flowchart of a method for tracing a source of a cyber attack according to an embodiment of the present invention, and as shown in fig. 1, the method includes:
step S101, receiving an access data stream message of a network attack sent by a server, and extracting characteristic identification information according to the access data stream message, wherein the characteristic identification information comprises access Cookie information, authentication Cookie information, access equipment fingerprint information and access data stream IP address information;
specifically, the server may be a Web server; the access Cookie information refers to Cookie information generated when the server is accessed; the authentication of the Cookie means that after an accessor logs in a server, account registration is carried out, and the server returns authenticated Cookie information to the accessor; the fingerprint information of the access equipment is a number or an identity used for representing the access equipment, and the information of each equipment is unique;
after receiving an access data stream message sent by a server, extracting characteristic information of the message, wherein the extracted information comprises access Cookie information of the access user equipment, authentication Cookie information generated after logging in the server and access equipment fingerprint information of the access user equipment, the access equipment fingerprint information is used for determining the identity of the access equipment, and each access equipment has a unique identifier; the method for acquiring the fingerprint information of the equipment comprises the following steps: the server generates access Cookie information and sends the access Cookie information and a code for acquiring equipment fingerprint information to the client, if the access user browses the server by using a webpage, the method for acquiring the equipment fingerprint information can be that the equipment fingerprint information is acquired by using a Canvas fingerprint code and a hardware fingerprint code in HTML 5; if the access user uses the APP access server at the mobile terminal, the method for obtaining the device fingerprint information may be obtained by using an SDK in the APP packet in advance.
Step S103, comparing the characteristic identification information with information stored in a user information database according to a preset priority order, and inquiring to determine identity information of the network attack; the priority sequence is respectively authentication Cookie information, access equipment fingerprint information and access data stream IP address information from high to low.
Specifically, the information of the authentication Cookie, the information of the access Cookie, the fingerprint information of the access device and the IP address information of the access data stream are inquired in a user information database; after the authentication Cookie information is inquired, namely an attacker logs in the system, attacking the system, and determining the identity information of the attacker through the authentication Cookie information; and if the attacker does not log in the system, inquiring the access Cookie information, and if the access Cookie information is inquired, quickly determining the identity information of the attacker.
If the attacker does not authenticate the Cookie information and access the Cookie information, namely the attacker deletes the authentication Cookie information and the access Cookie information, the registration information of the attacker is obtained through the fingerprint information of the access device, and the real IP address of the attacker is quickly determined according to the registration information.
Through the steps, the access data flow message of the network attack sent by the server is received; extracting characteristic identification information according to the access data stream message; the characteristic identification information is compared with the information stored in the user information database according to the preset priority order to be inquired so as to determine the identity information of the network attack, thereby solving the technical problem of how to accurately and efficiently find the information of the network attacker in the related technology and achieving the technical effect of improving the identification accuracy and efficiency.
In an exemplary embodiment, the comparing and querying the characteristic identification information with the information stored in the user information database according to the preset priority order to determine the identity information of the network attack includes:
firstly, inquiring whether user information is stored in a user information database according to authentication Cookie information;
when the authentication Cookie information is not inquired in the user information database, inquiring the access Cookie information;
when the access Cookie information is not inquired in the user information database, inquiring the fingerprint information of the access equipment;
when the fingerprint information of the access equipment is not inquired in the user information database, inquiring IP address information of the access data stream finally, wherein the identity information of the network attack comprises real IP address information of an attacker and information of a registered account of the attacker;
specifically, the information of the attacker registration account includes, but is not limited to, a user name, a mobile phone number, and an address; but also can include identification number, bank card information and the like.
In an exemplary embodiment, the method further comprises:
when the characteristic identification information is inquired in the user information database and stored, acquiring a pair according to the characteristic identification information
Registering account information by an attacker;
and determining the real IP address of the attacker under the network attack according to the information of the attacker registration account.
In one exemplary embodiment, the method is used for receiving the access data flow message of the network attack sent by the server
Before, still include:
when the server receives the user access, storing the access IP address information;
generating access Cookie information;
when the user access passes the authentication, generating authentication Cookie information;
acquiring fingerprint information and registered account information of access equipment;
access IP address information, access Cookie information, access device fingerprint information, and
uploading the registered account information to a user information database for storage;
specifically, the information needs to be recorded and stored each time the user accesses or logs in the server.
In an exemplary embodiment, after determining the real IP address of the attacker who attacks the network according to the account information registered by the attacker, the method further includes:
determining identity information of the network attack according to the registered account information, and sending the identity information to a safety operation center for safety warning;
specifically, the safety operation platform is a platform for collecting log information of safety equipment and information system equipment, and can perform safety alarm; the alert mode may be configurable by the user and will not be described in detail herein.
The embodiment of the invention also provides a system for tracing the network attack source, which is used for realizing the embodiment and the preferred embodiment. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. While the system described in the embodiments below is preferably implemented in software, implementations in hardware, or a combination of software and hardware are also possible and contemplated.
Fig. 2 is a block diagram of a network attack tracing system according to an embodiment of the present invention, and as shown in fig. 2, the system includes:
the feature extraction module 22 is configured to receive an access data stream message of a network attack sent by a server, and extract feature identification information according to the access data stream message, where the feature identification information includes access Cookie information, authentication Cookie information, access device fingerprint information, and access data stream IP address information;
a query comparison module 24, configured to perform a comparison query on the feature identification information and information stored in the user information database according to a preset priority order, so as to determine identity information of the network attack;
the priority sequence is respectively authentication Cookie information, access equipment fingerprint information and access data stream IP address information from high to low.
In an exemplary embodiment, the query alignment module specifically includes:
firstly, inquiring whether user information is stored in a user information database according to authentication Cookie information;
when the authentication Cookie information is not inquired in the user information database, inquiring the access Cookie information;
when the access Cookie information is not inquired in the user information database, inquiring the fingerprint information of the access equipment;
and finally inquiring IP address information of the access data stream when the fingerprint information of the access equipment is not inquired in the user information database, wherein the identity information of the network attack comprises real IP address information of an attacker and registered account information of the attacker.
In an exemplary embodiment, the query alignment module further comprises:
when the characteristic identification information is inquired in the user information database and stored, acquiring corresponding attacker registration account information according to the characteristic identification information;
and determining the real IP address of the attacker under the network attack according to the information of the account registered by the attacker.
Through the steps, the access data flow message of the network attack sent by the server is received; extracting characteristic identification information according to the access data stream message; and comparing and querying the characteristic identification information with information stored in a user information database according to a preset priority order to determine the identity information of the network attack, thereby solving the technical problem of how to accurately and efficiently find the information of the network attacker in the related technology and achieving the technical effect of improving the identification accuracy and efficiency.
It should be further noted that other embodiments with the same effect may also be applied to the present solution, and are not described herein again.
Through the description of the foregoing embodiments, it is clear to those skilled in the art that the method according to the foregoing embodiments may be implemented by software plus a necessary general hardware platform, and certainly may also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
According to a further aspect of the embodiments of the present invention, there is also provided an electronic device for implementing the method for tracing a source of a cyber attack, where the electronic device includes a memory and a processor, the memory stores a computer program, and the processor is configured to execute the steps in any one of the method embodiments by the computer program.
Optionally, in this embodiment, the electronic device may be located in at least one network device of a plurality of network devices of a computer network.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
s1, receiving an access data stream message of a network attack sent by a server, and extracting characteristic identification information according to the access data stream message, wherein the characteristic identification information comprises access Cookie information, authentication Cookie information, access equipment fingerprint information and access data stream IP address information;
s2, comparing and querying the characteristic identification information with information stored in a user information database according to a preset priority order to determine identity information of the network attack;
the priority sequence is respectively authentication Cookie information, access equipment fingerprint information and access data stream IP address information from high to low.
Through the steps, receiving an access data stream message of the network attack sent by the server; extracting characteristic identification information according to the access data stream message; the characteristic identification information is compared with the information stored in the user information database according to the preset priority order to be inquired so as to determine the identity information of the network attack, thereby solving the technical problem of how to accurately and efficiently find the information of the network attacker in the related technology and achieving the technical effect of improving the identification accuracy and efficiency.
The memory may be used to store software programs and modules, such as program instructions/modules corresponding to the method and system for tracing a network attack source in the embodiment of the present invention, and the processor executes various functional applications and data processing by operating the software programs and modules stored in the memory, that is, implements the method. The memory may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory may further include memory remotely located from the processor, which may be connected to the terminal over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof. The storage may be specifically, but not limited to, used for storing information such as sample characteristics of the item and the target virtual resource account number.
Optionally, the transmission device is used for receiving or sending data via a network. Examples of the network may include a wired network and a wireless network. In one example, the transmission device includes a Network adapter (NIC) that can be connected to the router via a Network cable and other Network devices to communicate with the internet or a local area Network. In one example, the transmission device is a Radio Frequency (RF) module, which is used to communicate with the internet in a wireless manner.
According to a further aspect of an embodiment of the present invention, there is also provided a computer-readable storage medium having a computer program stored thereon, wherein the computer program is arranged to perform the steps of any of the above method embodiments when executed.
Alternatively, in the present embodiment, the above-mentioned computer-readable storage medium may be configured to store a computer program for executing the steps of:
s1, receiving an access data stream message of a network attack sent by a server, and extracting characteristic identification information according to the access data stream message, wherein the characteristic identification information comprises access Cookie information, authentication Cookie information, access equipment fingerprint information and access data stream IP address information;
s2, comparing and inquiring the characteristic identification information with information stored in a user information database according to a preset priority order so as to determine identity information of the network attack;
the priority sequence is respectively authentication Cookie information, access equipment fingerprint information and access data stream IP address information from high to low.
Through the steps, receiving an access data stream message of the network attack sent by the server; extracting characteristic identification information according to the access data stream message; the characteristic identification information is compared with the information stored in the user information database according to the preset priority order to be inquired so as to determine the identity information of the network attack, thereby solving the technical problem of how to accurately and efficiently find the information of the network attacker in the related technology and achieving the technical effect of improving the identification accuracy and efficiency.
Alternatively, in this embodiment, a person skilled in the art may understand that all or part of the steps in the methods of the foregoing embodiments may be implemented by a program instructing hardware associated with the terminal device, where the program may be stored in a computer-readable storage medium, and the storage medium may include: flash disks, read-Only memories (ROMs), random Access Memories (RAMs), magnetic or optical disks, and the like.
The above-mentioned serial numbers of the embodiments of the present invention are only for description, and do not represent the advantages and disadvantages of the embodiments.
The integrated unit in the above embodiments, if implemented in the form of a software functional unit and sold or used as a separate product, may be stored in the above computer-readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing one or more computer devices (which may be personal computers, servers, network devices, etc.) to execute all or part of the steps of the method according to the embodiments of the present invention.
In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the several embodiments provided in this application, it should be understood that the above-described apparatus embodiments are merely illustrative, for example, the division of the units is only one logical function division, and in actual implementation, there may be other division manners, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (7)
1. A method for tracing a network attack source is characterized by comprising the following steps:
when the server receives the user access, storing the access IP address information;
generating access Cookie information;
when the user access passes the authentication, generating authentication Cookie information;
acquiring fingerprint information and registration account information of access equipment;
uploading access IP address information, access Cookie information, authentication Cookie information, access equipment fingerprint information and registration account information to the user information database for storage;
receiving an access data stream message of network attack sent by a server, and extracting characteristic identification information according to the access data stream message, wherein the characteristic identification information comprises access Cookie information, authentication Cookie information, access equipment fingerprint information and access data stream IP address information;
comparing and querying the characteristic identification information with information stored in a user information database according to a preset priority order to determine the identity information of the network attack, wherein the method comprises the following steps of:
firstly, inquiring whether user information is stored in the user information database according to the authentication Cookie information;
when the authentication Cookie information is not inquired in the user information database, inquiring the access Cookie information;
when the access Cookie information is not inquired in the user information database, inquiring fingerprint information of access equipment;
when the fingerprint information of the access equipment is not inquired in the user information database, inquiring IP address information of access data stream, wherein the identity information of the network attack comprises real IP address information of an attacker and registered account information of the attacker;
the priority sequence is respectively authentication Cookie information, access equipment fingerprint information and access data stream IP address information from high to low.
2. The method of claim 1, further comprising:
when the characteristic identification information is inquired in the user information database and stored, acquiring corresponding attacker registration account information according to the characteristic identification information;
and determining the real IP address of the attacker under the network attack according to the information of the attacker registration account.
3. The method according to claim 2, wherein after determining the real IP address of the attacker under the network attack according to the information of the attacker registration account, the method further comprises:
and determining the identity information of the network attack according to the registered account information, and sending the identity information to a safety operation center to perform safety alarm.
4. A system for tracing a network attack, comprising:
the characteristic extraction module is used for storing access IP address information when the server receives user access; generating access Cookie information;
when the user access passes the authentication, generating authentication Cookie information;
acquiring fingerprint information and registered account information of access equipment; uploading access IP address information, access Cookie information, authentication Cookie information, access equipment fingerprint information and registration account information to the user information database for storage;
receiving an access data stream message of network attack sent by a server, and extracting characteristic identification information according to the access data stream message, wherein the characteristic identification information comprises access Cookie information, authentication Cookie information, access equipment fingerprint information and access data stream IP address information;
the query comparison module is used for comparing and querying the characteristic identification information with information stored in a user information database according to a preset priority order so as to determine the identity information of the network attack;
the query comparison module specifically comprises: firstly, inquiring whether user information is stored in the user information database according to the authentication Cookie information;
when the authentication Cookie information is not inquired in the user information database, inquiring the access Cookie information;
when the access Cookie information is not inquired in the user information database, inquiring fingerprint information of the access equipment;
when the fingerprint information of the access equipment is not inquired in the user information database, inquiring IP address information of an access data stream finally, wherein the identity information of the network attack comprises real IP address information of an attacker and registered account information of the attacker;
the priority sequence is respectively authentication Cookie information, access equipment fingerprint information and access data stream IP address information from high to low.
5. The system of claim 4, wherein the query alignment module further comprises:
when the characteristic identification information is inquired in the user information database and stored, acquiring corresponding attacker registration account information according to the characteristic identification information;
and determining the real IP address of the attacker under the network attack according to the information of the attacker registration account.
6. A computer-readable storage medium comprising a stored program, wherein the program when executed by a processor performs the method of any one of claims 1 to 3.
7. An electronic device comprising a memory and a processor, characterized in that the memory has stored therein a computer program, the processor being arranged to execute the method of any of claims 1 to 3 by means of the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011319020.7A CN112532605B (en) | 2020-11-23 | 2020-11-23 | Network attack tracing method and system, storage medium and electronic device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011319020.7A CN112532605B (en) | 2020-11-23 | 2020-11-23 | Network attack tracing method and system, storage medium and electronic device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112532605A CN112532605A (en) | 2021-03-19 |
| CN112532605B true CN112532605B (en) | 2022-11-22 |
Family
ID=74992597
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011319020.7A Active CN112532605B (en) | 2020-11-23 | 2020-11-23 | Network attack tracing method and system, storage medium and electronic device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112532605B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113411295A (en) * | 2021-05-07 | 2021-09-17 | 上海纽盾科技股份有限公司 | Role-based access control situation awareness defense method and system |
| CN113839944B (en) * | 2021-09-18 | 2023-09-19 | 百度在线网络技术(北京)有限公司 | Method, device, electronic equipment and medium for coping with network attack |
| CN114095245B (en) * | 2021-11-18 | 2024-02-02 | 北京天融信网络安全技术有限公司 | Network attack tracing method, device, equipment and medium |
| CN115086069B (en) * | 2022-07-19 | 2024-01-26 | 光大科技有限公司 | DDoS attack recognition method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110401632A (en) * | 2019-06-20 | 2019-11-01 | 国网辽宁省电力有限公司信息通信分公司 | A kind of malice domain name infection host source tracing method |
| CN111212053A (en) * | 2019-12-27 | 2020-05-29 | 太原理工大学 | Industrial control honeypot-oriented homologous attack analysis method |
| CN111490996A (en) * | 2020-06-24 | 2020-08-04 | 腾讯科技(深圳)有限公司 | Network attack processing method and device, computer equipment and storage medium |
| CN111786966A (en) * | 2020-06-15 | 2020-10-16 | 中国建设银行股份有限公司 | Method and device for browsing webpage |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9888035B2 (en) * | 2015-06-30 | 2018-02-06 | Symantec Corporation | Systems and methods for detecting man-in-the-middle attacks |
-
2020
- 2020-11-23 CN CN202011319020.7A patent/CN112532605B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110401632A (en) * | 2019-06-20 | 2019-11-01 | 国网辽宁省电力有限公司信息通信分公司 | A kind of malice domain name infection host source tracing method |
| CN111212053A (en) * | 2019-12-27 | 2020-05-29 | 太原理工大学 | Industrial control honeypot-oriented homologous attack analysis method |
| CN111786966A (en) * | 2020-06-15 | 2020-10-16 | 中国建设银行股份有限公司 | Method and device for browsing webpage |
| CN111490996A (en) * | 2020-06-24 | 2020-08-04 | 腾讯科技(深圳)有限公司 | Network attack processing method and device, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112532605A (en) | 2021-03-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112532605B (en) | Network attack tracing method and system, storage medium and electronic device | |
| US11176573B2 (en) | Authenticating users for accurate online audience measurement | |
| CN111079104B (en) | Authority control method, device, equipment and storage medium | |
| CN103607385B (en) | Method and apparatus for security detection based on browser | |
| CN111565199A (en) | Network attack information processing method and device, electronic equipment and storage medium | |
| CN109688105B (en) | Threat alarm information generation method and system | |
| US8756657B2 (en) | Mobile or user device authentication and tracking | |
| CN110677384B (en) | Phishing website detection method and device, storage medium and electronic device | |
| CN110213212A (en) | A kind of classification method and device of equipment | |
| CN107347049B (en) | Account authentication method and server | |
| US20170085567A1 (en) | System and method for processing task resources | |
| CN111786966A (en) | Method and device for browsing webpage | |
| CN111565203B (en) | Method, device and system for protecting service request and computer equipment | |
| CN107332804B (en) | Method and device for detecting webpage bugs | |
| CN106534268B (en) | Data sharing method and device | |
| CN113098835A (en) | Honeypot implementation method based on block chain, honeypot client and honeypot system | |
| CN107046516B (en) | Wind control method and device for identifying mobile terminal identity | |
| CN111353136A (en) | Method and device for processing operation request | |
| CN109446807A (en) | The method, apparatus and electronic equipment of malicious robot are intercepted for identification | |
| CN105184559B (en) | A kind of payment system and method | |
| CN108600259A (en) | The certification of equipment and binding method and computer storage media, server | |
| CN107332856B (en) | Address information detection method and device, storage medium and electronic device | |
| CN107317790B (en) | Network behavior monitoring method and device | |
| CN111385293B (en) | Network risk detection method and device | |
| CN106803830B (en) | Method, device and system for identifying internet access terminal and User Identity Module (UIM) card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |