CN113132373A - Web attack defense method of active interference strategy - Google Patents

Web attack defense method of active interference strategy Download PDF

Info

Publication number
CN113132373A
CN113132373A CN202110400119.8A CN202110400119A CN113132373A CN 113132373 A CN113132373 A CN 113132373A CN 202110400119 A CN202110400119 A CN 202110400119A CN 113132373 A CN113132373 A CN 113132373A
Authority
CN
China
Prior art keywords
attacker
client
resources
functions
defense
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110400119.8A
Other languages
Chinese (zh)
Other versions
CN113132373B (en
Inventor
王崇维
温泉
王晓菲
姜国庆
李宁
杨华
张茜
王亚洲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Computer Technology and Applications
Original Assignee
Beijing Institute of Computer Technology and Applications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Computer Technology and Applications filed Critical Beijing Institute of Computer Technology and Applications
Priority to CN202110400119.8A priority Critical patent/CN113132373B/en
Publication of CN113132373A publication Critical patent/CN113132373A/en
Application granted granted Critical
Publication of CN113132373B publication Critical patent/CN113132373B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Abstract

The invention relates to a Web attack defense method of an active interference strategy, and relates to the technical field of network security. Because the Bypass of the attacker cannot be completely avoided by other defense measures such as WAF and the like, the method can further supplement the existing defense measures, and unless the attacker closes the webpage, a large amount of resources are always consumed on the equipment, so that the defense effect is achieved. Because the Web server only embeds corresponding codes in the interface returned to the client of the attacker, the consumption of the server can be ignored, and the performance consumption of the server is reduced.

Description

Web attack defense method of active interference strategy
Technical Field
The invention relates to the technical field of network security, in particular to a Web attack defense method for an active interference strategy.
Background
With the increase of the computing power of the server and the popularization of cloud computing, individuals, enterprises and the like have more opportunities to open own services in the internet, wherein most of the services are Web services. The development of the Web technology promotes the birth of various Web applications, but meanwhile, network attack events aiming at the Web applications are also endless. Various attacks seriously compromise the security and reliability of the service, and various protective measures are brought forward.
For Web attacks, the current solution is to use waf (webapplicationfirewall), i.e. Web application firewall. The WAF can detect the flow from the visitor to the Web service in real time and can block the attack behavior according to the relevant rules, but actually, the attacker still can achieve the effect of bypassing the WAF by transforming the attack load of the attacker, thereby achieving the purpose of attacking the Web service.
Disclosure of Invention
Technical problem to be solved
The technical problem to be solved by the invention is as follows: how to further thwart the malicious behavior of an attacker in the existing Web defense technology.
(II) technical scheme
In order to solve the technical problem, the invention provides a Web attack defense method of an active interference strategy, which comprises the following steps:
step 1, determining the influence range of a client script
When the client accesses various Web services and executes various functions, monitoring the performance indexes of the equipment, and determining some performance indexes as target influence ranges as the influence ranges of the client scripts;
step 2, collecting client API function
Collecting API functions which can affect equipment, screening and verifying the API functions, and obtaining the API functions which finally meet the requirements;
step 3, code deployment
Deploying the acquired API functions to a server, wherein the functions can be utilized in a single form or a combined form, debugging corresponding parameters, and embedding the debugged script codes into a normal Web page when determining that an attacker attacks the Web service, so that the equipment of the attacker can be influenced finally;
and 4, after the attacker triggers, executing the following steps:
(1) attacking of attackers
The confirmation mechanism of the primary attack is matched characteristic load or sensitive file access detection;
after the attacker is confirmed, recording the characteristics of the attacker, wherein the characteristics comprise parameters in a client access request header; at the server, recording the remote IP of the client as a characteristic; in addition, the server side returns Token to the client side, and sets LocalStorage to determine the unique identity of the attacker;
(2) initiation of proactive jamming policy defense
After the defense is triggered, the characteristics of the attacker are recorded, and then corresponding script codes are embedded into any access request matched with the characteristics, so that the performance of the client equipment of the attacker is reduced correspondingly.
Preferably, the target influence range determined in step 1 includes the following indexes: CPU occupancy rate, memory occupancy rate, disk occupancy rate and network throughput occupancy rate.
Preferably, step 2 is specifically:
collecting client API functions: collecting functions related to numerical calculation and resource access in all API functions opened by a client, specifically functions related to calculation resources, storage resources, memory resources and network resources;
screening client API functions: further screening each collected function, checking whether the function needs manual authorization of the client, discarding the function needing interaction with an attacker and authorized by the attacker, wherein the rest functions can be executed at the client;
and (3) verification: each API function that produces the preset amount of resource usage can be finally utilized by attempting to individually utilize the remaining functions to see whether the preset amount of resource consumption can be performed.
Preferably, the recorded characteristics of the attacker comprise Cookie, Accept, User-Agent, Accept-Encoding and Accept-Language.
Preferably, after the active interference policy defense is started, if the same feature does not make other malicious requests for the Web service within a preset time, the active interference defense for the feature is cancelled at the server.
Preferably, all the utilized API functions are executed asynchronously in an infinite loop during the defense process.
Preferably, in step 2, the finally determined utilized API function includes: 1) performing operations on the overlarge numerical value, including encryption and encoding; 2) establishing a large amount of hidden canvas and multimedia resources; 3) and loading remote resources including video resources, picture resources and audio resources in local.
Preferably, the performance of the client device of the attacker is finally reduced correspondingly, including the increase of the CPU occupancy rate, the increase of the memory occupancy rate, the increase of the disk occupancy rate and the increase of the network throughput occupancy rate, which affects the normal use of the client device.
Preferably, the script code includes javascript and webassociation code.
The invention also provides an application of the method in the technical field of network security.
(III) advantageous effects
The invention provides a defense method for a Web attacker by adopting an active interference strategy, which can further prevent the access of a malicious attacker to Web service. Corresponding script codes are inserted into a front-end interface returned by the Web service, an API function provided by an attacker client is called, a large amount of useless operation, storage and the like are carried out, and equipment resources of the attacker are consumed. Meanwhile, the system can also collect relevant fingerprints and environment information, access and operate local resources of attackers, and can facilitate future evidence-taking investigation. The existing experiment proves that the performance of the equipment where the client of the attacker is located can be obviously reduced by the method, the malicious request initiated by the attacker to the Web can be effectively prevented, and the existing defense method is improved.
It can be seen that the invention has the following technical effects:
(1) because the Bypass of the attacker cannot be completely avoided by other defense measures such as WAF and the like, the method can further supplement the existing defense measures, and unless the attacker closes the webpage, a large amount of resources are always consumed on the equipment, so that the defense effect is achieved.
(2) Because the Web server only embeds corresponding codes in the interface returned to the client of the attacker, the consumption of the server can be ignored, and the performance consumption of the server is reduced.
Drawings
FIG. 1 is a partial flow chart of the method for defending against Web attacks according to the active jamming policy of the present invention, which shows the flow design of the establishment and deployment of the present invention, involving the preparation process before defending against the active jamming policy;
fig. 2 is a flowchart after the attack is triggered after the defense is effectively deployed, and details of a mechanism and a flow after the attack triggers the defense method are given.
Detailed Description
In order to make the objects, contents, and advantages of the present invention clearer, the following detailed description of the embodiments of the present invention will be made in conjunction with the accompanying drawings and examples.
The invention aims to provide a method for actively interfering a Web attacker. The method can further block the malicious behavior of an attacker on the basis of the existing Web defense technology. Through the API provided by the Web client, the identity of an attacker is simulated by utilizing a front-end script code, additional operations such as various infinite loop function operations are performed locally at the client of the attacker, other URL access requests are initiated, a large number of meaningless data files are cached, the performance of equipment of the attacker is seriously consumed by the actions, and the purpose of hindering the attacker is finally achieved. The method is a defense means for the Web attacker in the conventional Internet environment.
The invention firstly collects the API functions which are provided by the client and occupy larger resources, including computing resources, storage resources, memory resources, network resources and the like, then screens the functions which do not need the active authorization of the client, reserves the API functions which can be directly executed, then verifies the effect of each API on the performance of the client equipment, finally deploys the API codes meeting the requirements on the server and waits for the trigger of an attacker.
Fig. 1 is a partial flow chart of the implementation of the present solution, which relates to a preparation process before active interference policy defense. The method specifically comprises the following steps:
step 1, determining the influence range of a client script
When the client accesses various Web services and executes various functions, the performance index of the equipment is monitored, and the target influence range with larger fluctuation is determined. The target influence range determined in this embodiment includes the following indexes:
(1) CPU occupancy rate
Any code execution is accompanied with occupation of CPU operation, so that various calculation functions and drawing functions can be infinitely circularly executed, and parameters are set to be larger data, so that the occupation rate of a large amount of CPUs can be improved.
(2) Memory occupancy rate
When a function is called in a recursive manner, or complex elements are rendered on the same page, the memory occupancy will rise significantly.
(3) Disk occupancy rate (local storage occupancy rate)
Some functions can load remote resources to the local, and due to the cache policy of the client, under the condition that records are not cleared manually, data always occupies disk resources, so that the disk of an attacker is consumed persistently.
(4) Occupancy rate of network throughput (network IO)
The function interacting with the URL occupies the network throughput of the equipment, the selectable modes are methods such as GET, POST and the like, and the performance of the attacker network can be greatly reduced by utilizing the method to interact data with various URLs for a long time.
(5) Others
In addition, the equipment of the attacker can be used as a springboard to detect other resources of the local intranet and the intranet, such as other Web resources of the intranet, and the result is returned to the server. Even if an attacker does not use a renderable client, a large amount of garbage data can be returned to the attacker, thereby causing certain influence.
Step 2, collecting client API function
And acquiring the API functions which can obviously influence the equipment, screening and obtaining the API functions which finally meet the requirements.
(1) Collecting
In all API functions opened by the client, functions related to numerical calculation and resource access (specifically, functions related to calculation resources, storage resources, memory resources, and network resources) are collected.
(2) Screening
Each collected function is further screened to see if it requires manual authorization by the client, and for functions that require interaction with an attacker and are authorized by him, the functions are discarded, and the remaining functions should ensure that they are easy to execute at the client, after which they can be further verified.
(3) Authentication
The remaining functions are tried to be utilized separately to see whether the consumption of a large amount of resources can be performed, and each function which can generate a large amount of resource occupation can be finally utilized.
Step 3, code deployment
Collected API functions are deployed to a server and can be utilized in a single form or a combination form. And debugging the corresponding parameters, and embedding the debugged script codes (javascript and WebAssemblem codes) into the normal Web page when determining that the attacker attacks the Web service, so that the equipment of the attacker can be influenced finally.
In this step, the acquired API function is debugged, and after the corresponding parameters are set, the API function is deployed at the server to wait for the trigger of the attacker, where the whole trigger flow is shown in fig. 2. Fig. 2 is a detailed mechanism after an attacker triggers the defense method, and relates to execution of various functions, achieved effects, influences on the attacker, and the like.
And 4, executing the following steps after the attacker triggers:
(1) attacking of attackers
The confirmation of the initial attack is similar to the attack confirmation mechanism of other defense methods, such as matching feature loads, sensitive file access detection and the like.
After confirming that the client is the attacker, recording the characteristics of the attacker so as to ensure that other normal clients are not accidentally injured. The universal characteristic is that the client accesses parameters in a request header, such as Cookie, Accept, User-Agent, Accept-Encoding and Accept-Language; at the server, recording the remote IP of the client as a characteristic; in addition, the server can also return Token to the client, set LocalStorage and the like, and the unique identity of the attacker can be determined according to the Token and the LocalStorage and the like.
(2) Initiation of proactive jamming policy defense
After the defense is triggered, the characteristics of the attacker are recorded, and then corresponding script codes are embedded into any access requests matched with the characteristics.
Cancellation of active interference policy defense: if the same characteristic does not make other malicious requests for the Web service for a long time, active interference defense for the characteristic is cancelled at the server side.
The final effect is:
all the utilized API functions can be executed infinitely and circularly, and the method utilized in this embodiment is: 1) operations on the overlarge numerical values, such as encryption, encoding and the like; 2) a large amount of hidden canvas, multimedia resources and the like are established; 3) and loading remote resources including video resources, picture resources, audio resources and the like to the local.
Finally, the performance of the client equipment of the attacker is greatly reduced, including the increase of the CPU occupancy rate, the increase of the memory occupancy rate, the increase of the disk occupancy rate, the increase of the network throughput occupancy rate and the like, so that the normal use of the client equipment is influenced, and the final defense purpose of the active interference strategy is realized.
The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several modifications and variations can be made without departing from the technical principle of the present invention, and these modifications and variations should also be regarded as the protection scope of the present invention.

Claims (10)

1. A Web attack defense method for an active interference strategy is characterized by comprising the following steps:
step 1, determining the influence range of a client script
When the client accesses various Web services and executes various functions, monitoring the performance indexes of the equipment, and determining some performance indexes as target influence ranges as the influence ranges of the client scripts;
step 2, collecting client API function
Collecting API functions which can affect equipment, screening and verifying the API functions, and obtaining the API functions which finally meet the requirements;
step 3, code deployment
Deploying the acquired API functions to a server, wherein the functions can be utilized in a single form or a combined form, debugging corresponding parameters, and embedding the debugged script codes into a normal Web page when determining that an attacker attacks the Web service, so that the equipment of the attacker can be influenced finally;
and 4, after the attacker triggers, executing the following steps:
(1) attacking of attackers
The confirmation mechanism of the primary attack is matched characteristic load or sensitive file access detection;
after the attacker is confirmed, recording the characteristics of the attacker, wherein the characteristics comprise parameters in a client access request header; at the server, recording the remote IP of the client as a characteristic; in addition, the server side returns Token to the client side, and sets LocalStorage to determine the unique identity of the attacker;
(2) initiation of proactive jamming policy defense
After the defense is triggered, the characteristics of the attacker are recorded, and then corresponding script codes are embedded into any access request matched with the characteristics, so that the performance of the client equipment of the attacker is reduced correspondingly.
2. The method of claim 1, wherein the target impact range determined in step 1 comprises the following criteria: CPU occupancy rate, memory occupancy rate, disk occupancy rate and network throughput occupancy rate.
3. The method according to claim 2, wherein step 2 is specifically:
collecting client API functions: collecting functions related to numerical calculation and resource access in all API functions opened by a client, specifically functions related to calculation resources, storage resources, memory resources and network resources;
screening client API functions: further screening each collected function, checking whether the function needs manual authorization of the client, discarding the function needing interaction with an attacker and authorized by the attacker, wherein the rest functions can be executed at the client;
and (3) verification: each API function that produces the preset amount of resource usage can be finally utilized by attempting to individually utilize the remaining functions to see whether the preset amount of resource consumption can be performed.
4. The method of claim 3, wherein the recorded characteristics of the attacker include Cookie, Accept, User-Agent, Accept-Encoding, Accept-Language.
5. The method of claim 4, wherein after the active interference policy defense is initiated, if the same feature has not been requested for another malicious request for the Web service within a preset time, the active interference defense for the feature is cancelled at the server.
6. The method of claim 5, wherein during the defense, all utilized API functions are executed asynchronously loop-free.
7. The method of claim 1, wherein in step 2, the finally determined utilized API function comprises: 1) performing operations on the overlarge numerical value, including encryption and encoding; 2) establishing a large amount of hidden canvas and multimedia resources; 3) and loading remote resources including video resources, picture resources and audio resources in local.
8. The method of claim 2, wherein the performance of the ultimate attacker client device decreases accordingly, including increased CPU utilization, increased memory utilization, increased disk utilization, and increased network throughput, affecting its normal use.
9. The method of claim 1, wherein the script code comprises javascript and Webassembly code.
10. Use of the method according to any one of claims 1 to 9 in the field of network security technology.
CN202110400119.8A 2021-04-14 2021-04-14 Web attack defense method of active interference strategy Active CN113132373B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110400119.8A CN113132373B (en) 2021-04-14 2021-04-14 Web attack defense method of active interference strategy

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110400119.8A CN113132373B (en) 2021-04-14 2021-04-14 Web attack defense method of active interference strategy

Publications (2)

Publication Number Publication Date
CN113132373A true CN113132373A (en) 2021-07-16
CN113132373B CN113132373B (en) 2022-12-02

Family

ID=76776287

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110400119.8A Active CN113132373B (en) 2021-04-14 2021-04-14 Web attack defense method of active interference strategy

Country Status (1)

Country Link
CN (1) CN113132373B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114244600A (en) * 2021-12-15 2022-03-25 杭州默安科技有限公司 Method for interfering malicious program
CN115051847A (en) * 2022-06-07 2022-09-13 中国电子信息产业集团有限公司第六研究所 Method and device for determining attack level of denial of service attack and electronic equipment
CN115086030A (en) * 2022-06-14 2022-09-20 中国电信股份有限公司 Fingerprint attack protection method and device for HTTPS encrypted traffic, electronic equipment and medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090282482A1 (en) * 2008-05-08 2009-11-12 Lawrence Brent Huston Active Computer System Defense Technology
CN104967628A (en) * 2015-07-16 2015-10-07 浙江大学 Deceiving method of protecting web application safety
US20160028764A1 (en) * 2014-07-23 2016-01-28 Cisco Technology, Inc. Stealth mitigation for simulating the success of an attack
CN109347794A (en) * 2018-09-06 2019-02-15 国家电网有限公司 A kind of Web server safety defense method
CN110611564A (en) * 2019-07-30 2019-12-24 云南昆钢电子信息科技有限公司 System and method for defending API replay attack based on timestamp
CN111917691A (en) * 2019-05-10 2020-11-10 张长河 WEB dynamic self-adaptive defense system and method based on false response
CN112491892A (en) * 2020-11-27 2021-03-12 杭州安恒信息安全技术有限公司 Network attack inducing method, device, equipment and medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090282482A1 (en) * 2008-05-08 2009-11-12 Lawrence Brent Huston Active Computer System Defense Technology
US20160028764A1 (en) * 2014-07-23 2016-01-28 Cisco Technology, Inc. Stealth mitigation for simulating the success of an attack
CN104967628A (en) * 2015-07-16 2015-10-07 浙江大学 Deceiving method of protecting web application safety
CN109347794A (en) * 2018-09-06 2019-02-15 国家电网有限公司 A kind of Web server safety defense method
CN111917691A (en) * 2019-05-10 2020-11-10 张长河 WEB dynamic self-adaptive defense system and method based on false response
CN110611564A (en) * 2019-07-30 2019-12-24 云南昆钢电子信息科技有限公司 System and method for defending API replay attack based on timestamp
CN112491892A (en) * 2020-11-27 2021-03-12 杭州安恒信息安全技术有限公司 Network attack inducing method, device, equipment and medium

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114244600A (en) * 2021-12-15 2022-03-25 杭州默安科技有限公司 Method for interfering malicious program
CN114244600B (en) * 2021-12-15 2023-11-24 杭州默安科技有限公司 Method for interfering malicious program
CN115051847A (en) * 2022-06-07 2022-09-13 中国电子信息产业集团有限公司第六研究所 Method and device for determining attack level of denial of service attack and electronic equipment
CN115051847B (en) * 2022-06-07 2024-01-19 中国电子信息产业集团有限公司第六研究所 Method, device and electronic equipment for determining attack level of denial of service attack
CN115086030A (en) * 2022-06-14 2022-09-20 中国电信股份有限公司 Fingerprint attack protection method and device for HTTPS encrypted traffic, electronic equipment and medium

Also Published As

Publication number Publication date
CN113132373B (en) 2022-12-02

Similar Documents

Publication Publication Date Title
CN113132373B (en) Web attack defense method of active interference strategy
US8677486B2 (en) System and method for near-real time network attack detection, and system and method for unified detection via detection routing
US8533821B2 (en) Detecting and defending against man-in-the-middle attacks
Borders et al. Quantifying information leaks in outbound web traffic
Lam et al. Puppetnets: Misusing web browsers as a distributed attack infrastructure
CN107888546A (en) network attack defence method, device and system
CN109495423A (en) A kind of method and system preventing network attack
CN107634967A (en) A kind of the CSRFToken systems of defense and method of CSRF attacks
Qassrawi et al. Client honeypots: Approaches and challenges
CN111464526A (en) Network intrusion detection method, device, equipment and readable storage medium
CN107465702A (en) Method for early warning and device based on wireless network invasion
CN110933082B (en) Method, device and equipment for identifying lost host and storage medium
Pham et al. Understanding website behavior based on user agent
Maes et al. Browser protection against cross-site request forgery
CN107682346A (en) A kind of fast positioning and identifying system and method for CSRF attacks
CN107294994A (en) A kind of CSRF means of defences and system based on cloud platform
Alasri et al. Protection of XML-based denial-of-service and HTTP flooding attacks in web services using the middleware tool
CN112637171A (en) Data traffic processing method, device, equipment, system and storage medium
Simmons et al. Preventing unauthorized islanding: cyber-threat analysis
Sairam et al. Using CAPTCHA selectively to mitigate HTTP-based attacks
Sama et al. DIADL: An Energy Efficient Framework for Detecting Intrusion Attack Using Deep LearnIing
Kour A Study On Cross-Site Request Forgery Attack And Its Prevention Measures
Gupta et al. Server side protection against cross site request forgery usingcsrf gateway
Om et al. Designing Intrusion Detection System for Web Documents Using Neural Network
Kshetri et al. algoXSSF: Detection and analysis of cross-site request forgery (XSRF) and cross-site scripting (XSS) attacks via Machine learning algorithms

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant