CN113179281A - Method, device, equipment and storage medium for determining database collision attack - Google Patents

Method, device, equipment and storage medium for determining database collision attack Download PDF

Info

Publication number
CN113179281A
CN113179281A CN202110579945.3A CN202110579945A CN113179281A CN 113179281 A CN113179281 A CN 113179281A CN 202110579945 A CN202110579945 A CN 202110579945A CN 113179281 A CN113179281 A CN 113179281A
Authority
CN
China
Prior art keywords
login
interval time
current
current login
determining
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110579945.3A
Other languages
Chinese (zh)
Inventor
俞鲲
农时
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Ltd
Original Assignee
Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Ltd filed Critical Bank of China Ltd
Priority to CN202110579945.3A priority Critical patent/CN113179281A/en
Publication of CN113179281A publication Critical patent/CN113179281A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Abstract

The application discloses a method, a device, equipment and a storage medium for determining a database collision attack, which relate to the technical field of network security and can accurately identify the login type of a target website as the database collision attack, so that the security of the website is improved. The method comprises the following steps: acquiring current user login information of a target website, wherein the current user login information comprises the interval time of a current login password; under the condition that historical user login information exists, determining that the current login type of the target website is a database collision attack; determining the current login type of the target website as a database collision attack under the condition that the interval time of the current login passwords is multiple and the interval time of the current login passwords is the same; and under the condition that the interval time of the current login password does not meet the normal login interval time, determining the current login type of the target website as a database collision attack. The method and the device can accurately identify whether the login type of the target website is a database collision attack or not, so that the safety of the website is improved.

Description

Method, device, equipment and storage medium for determining database collision attack
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method, an apparatus, a device, and a storage medium for determining a library collision attack.
Background
At present, hackers usually log in a website by means of a library-bumping attack. The database collision attack is that after an account and a password of a user at a certain website are collected, the account and the password are used for logging in other websites. In order to ensure the security of the website, the server may prevent a hacker from logging in the website by means of a database collision attack by identifying an Internet Protocol (IP) address. For example, if the server recognizes that the number of password errors sent by the same IP address exceeds a threshold value within a period of time, it is determined that the IP address logs in the website in a database collision attack manner, so that the IP address is prevented from logging in. The server can also add the graphic verification code to check in the process of logging in the website, so that the website is prevented from being logged in a database collision attack mode.
However, when a hacker logs in a website using a large number of proxy IP addresses or when the hacker recognizes a graphic verification code by means of image recognition, the server may not accurately recognize that the hacker logs in the website by means of a knock attack, resulting in low security of the website.
Disclosure of Invention
The application provides a method, a device, equipment and a storage medium for determining a database collision attack, which can accurately identify the login type of a target website as the database collision attack, thereby improving the security of the website.
In order to achieve the purpose, the technical scheme is as follows:
in a first aspect, the present application provides a method for determining a library collision attack, where the method includes: acquiring current user login information of a target website, wherein the current user login information comprises a current login user name, a current login password and the interval time of the current login password; the current login password comprises a plurality of characters, and the interval time of the current login password is the interval time of any two adjacent characters input by the user; under the condition that historical user login information exists, determining that the current login type of the target website is a database collision attack; the historical user login information comprises a historical login user name, a historical login password and the interval time of the historical login password, and the interval time of the historical login user name, the historical login password and the historical login password is respectively the same as the interval time of the current login user name, the current login password and the current login password; determining the current login type of the target website as a database collision attack under the condition that the interval time of the current login passwords is multiple and the interval time of the current login passwords is the same; under the condition that the interval time of the current login password does not meet the normal login interval time, determining that the current login type of the target website is a database collision attack; the normal login interval time is determined according to the interval time of the login password input when the user normally logs in the target website.
The method for determining the database collision attack determines the current login type of the target website as the database collision attack according to the current user login information, wherein the current user login information comprises the interval time of any two adjacent characters in the current login password input by the user. When the target website is normally logged in, the target website is logged in through the login password which is manually input, the interval time of the login password which is manually input is related to the distribution position of characters in the login password, the randomness is achieved, the interval time of the login password which is manually input every time is different, when the login target website is input through a database collision attack, the target website is logged in through the login password which is automatically input through the computer, the interval time of the login password which is automatically input through the computer is unrelated to the distribution position of the characters in the login password, the interval time is generally uniform, and the interval time of the login password which is automatically input through the computer is completely consistent with the interval time of the login password which is input through a user before. Therefore, according to the scheme of the application, the login password input manually or automatically by the computer can be accurately determined through the interval time of the login password input by the user, so that whether the login type of the target website is a database collision attack or not can be accurately identified, and the safety of the website is improved.
With reference to the first aspect, in a possible implementation manner, in a case that the historical user login information does not exist and the interval time of the plurality of current login passwords is not completely the same, the method further includes: and under the condition that the interval time of the current login password does not meet the normal login interval time, determining that the current login type of the target website is a database collision attack.
Based on the scheme, under the condition that historical user login information does not exist and the interval time of a plurality of current login passwords is not completely the same, whether the login password is manually input or automatically input by a computer can be further determined by judging whether the interval time of the current login password meets the normal login interval time, so that whether the login type of the target website is a database collision attack or not can be accurately identified, and the safety of the website is improved.
With reference to the first aspect, in a possible implementation manner, in a case that there is no history user login information or interval time of a plurality of current login passwords is not completely the same, the method further includes: and under the condition that the interval time of the current login password does not meet the normal login interval time, determining that the current login type of the target website is a database collision attack.
Based on the scheme, under the condition that historical user login information does not exist or the interval time of a plurality of current login passwords is not identical, whether the interval time of the current login passwords meets the normal login interval time or not can be further judged, whether the login passwords are manually input or automatically input by a computer is determined, and therefore whether the login type of the target website is a database collision attack or not can be accurately identified, and the safety of the website is improved.
With reference to the first aspect, in a possible implementation manner, in a case that the historical user login information does not exist, the method further includes: and determining the current login type of the target website as a database collision attack under the condition that the interval time of the current login password is multiple and the interval time of the current login passwords is the same.
Based on the scheme, whether the login password is manually input or automatically input by a computer can be further determined by judging whether the interval time of the current login password is the same or not under the condition that no historical user login information exists, so that whether the login type of the target website is a database collision attack or not can be accurately identified, and the safety of the website is improved.
In a second aspect, the present application provides a device for determining a library collision attack, including: the system comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring current user login information of a target website, and the current user login information comprises a current login user name, a current login password and the interval time of the current login password; the current login password comprises a plurality of characters, and the interval time of the current login password is the interval time of any two adjacent characters input by the user; the determining unit is used for determining the current login type of the target website as a database collision attack under the condition that the historical user login information exists; the historical user login information comprises a historical login user name, a historical login password and the interval time of the historical login password, and the interval time of the historical login user name, the historical login password and the historical login password is respectively the same as the interval time of the current login user name, the current login password and the current login password; determining the current login type of the target website as a database collision attack under the condition that the interval time of the current login passwords is multiple and the interval time of the current login passwords is the same; under the condition that the interval time of the current login password does not meet the normal login interval time, determining that the current login type of the target website is a database collision attack; the normal login interval time is determined according to the interval time of the login password input when the user normally logs in the target website.
The device for determining the database collision attack determines the current login type of the target website as the database collision attack according to the current user login information, wherein the current user login information comprises the interval time of any two adjacent characters in the current login password input by the user. When the target website is normally logged in, the target website is logged in through the login password which is manually input, the interval time of the login password which is manually input is related to the distribution position of characters in the login password, the randomness is achieved, the interval time of the login password which is manually input every time is different, when the login target website is input through a database collision attack, the target website is logged in through the login password which is automatically input through the computer, the interval time of the login password which is automatically input through the computer is unrelated to the distribution position of the characters in the login password, the interval time is generally uniform, and the interval time of the login password which is automatically input through the computer is completely consistent with the interval time of the login password which is input through a user before. Therefore, according to the scheme of the application, the login password input manually or automatically by the computer can be accurately determined through the interval time of the login password input by the user, so that whether the login type of the target website is a database collision attack or not can be accurately identified, and the safety of the website is improved.
With reference to the second aspect, in a possible implementation manner, in a case that the historical user login information does not exist and the interval time of the plurality of current login passwords is not completely the same, the determining unit is further configured to: and under the condition that the interval time of the current login password does not meet the normal login interval time, determining that the current login type of the target website is a database collision attack.
Based on the scheme, under the condition that historical user login information does not exist and the interval time of a plurality of current login passwords is not completely the same, whether the login password is manually input or automatically input by a computer can be further determined by judging whether the interval time of the current login password meets the normal login interval time, so that whether the login type of the target website is a database collision attack or not can be accurately identified, and the safety of the website is improved.
With reference to the second aspect, in a possible implementation manner, in a case that there is no history user login information or interval time of a plurality of current login passwords is not completely the same, the determining unit is further configured to: and under the condition that the interval time of the current login password does not meet the normal login interval time, determining that the current login type of the target website is a database collision attack.
Based on the scheme, under the condition that historical user login information does not exist or the interval time of a plurality of current login passwords is not identical, whether the interval time of the current login passwords meets the normal login interval time or not can be further judged, whether the login passwords are manually input or automatically input by a computer is determined, and therefore whether the login type of the target website is a database collision attack or not can be accurately identified, and the safety of the website is improved.
With reference to the second aspect, in a possible implementation manner, in a case that the historical user login information does not exist, the determining unit is further configured to: and determining the current login type of the target website as a database collision attack under the condition that the interval time of the current login password is multiple and the interval time of the current login passwords is the same.
Based on the scheme, whether the login password is manually input or automatically input by a computer can be further determined by judging whether the interval time of the current login password is the same or not under the condition that no historical user login information exists, so that whether the login type of the target website is a database collision attack or not can be accurately identified, and the safety of the website is improved.
In a third aspect, the present application provides a device for determining a vault attack, which includes a memory and a processor. The memory is coupled to the processor. The memory is for storing computer program code comprising computer instructions. When the processor executes the computer instructions, the data processing device performs the method of determining a library attack as described in the first aspect and any one of its possible designs.
In a fourth aspect, the present application provides a computer-readable storage medium, in which instructions are stored, and when the computer-readable storage medium runs on a device for determining a vault attack, the device for determining a vault attack performs the method for determining a vault attack as described in the first aspect and any possible design manner thereof.
In a fifth aspect, the present application provides a computer program product, which includes computer instructions, when the computer instructions are run on a device for determining a library attack, the device for determining a library attack performs the method for determining a library attack as described in the first aspect and any possible design manner thereof.
For a detailed description of the third to fifth aspects and their various implementations in this application, reference may be made to the detailed description of the first aspect, the second aspect and their various implementations; for the beneficial effects of the third aspect to the fifth aspect and various implementation manners thereof, reference may be made to beneficial effect analysis in the first aspect, the second aspect and various implementation manners thereof, and details are not described here.
These and other aspects of the present application will be more readily apparent from the following description.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a first flowchart illustrating a method for determining a library collision attack according to an embodiment of the present application;
fig. 2 is a schematic flow chart diagram ii of a method for determining a library collision attack according to an embodiment of the present application;
fig. 3 is a third schematic flowchart of a method for determining a library collision attack according to an embodiment of the present application;
fig. 4 is a fourth schematic flowchart of a method for determining a library collision attack according to an embodiment of the present application;
fig. 5 is a schematic flowchart of a fifth method for determining a library collision attack according to an embodiment of the present application;
fig. 6 is a sixth schematic flowchart of a method for determining a library collision attack according to an embodiment of the present application;
fig. 7 is a seventh flowchart illustrating a method for determining a library collision attack according to an embodiment of the present application;
fig. 8 is a schematic diagram of a hardware structure of a device for determining a library collision attack according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a device for determining a vault crash attack according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present application, "a plurality" means two or more unless otherwise specified.
For the convenience of understanding the embodiments of the present application, the related terms referred to in the embodiments of the present application will be described first.
At present, hackers usually log in a website by means of a library-bumping attack. The database collision attack is that after an account and a password of a user at a certain website are collected, the account and the password are used for logging in other websites. In order to ensure the security of the website, the server may prevent a hacker from logging in the website by means of a database collision attack by identifying an Internet Protocol (IP) address. For example, if the server recognizes that the number of password errors sent by the same IP address exceeds a threshold value within a period of time, it is determined that the IP address logs in the website in a database collision attack manner, so that the IP address is prevented from logging in. The server can also add the graphic verification code to check in the process of logging in the website, so that the website is prevented from being logged in a database collision attack mode.
However, when a hacker logs in a website using a large number of proxy IP addresses or when the hacker recognizes a graphic verification code by means of image recognition, the server may not accurately recognize that the hacker logs in the website by means of a knock attack, resulting in low security of the website.
In order to solve the problem, the application provides a method for determining a database collision attack, which determines whether the current login type of a target website is the database collision attack or not according to login information of a user, wherein the login information of the user comprises interval time of any two adjacent characters in a login password input by the user.
When the target website is normally logged in, the target website is logged in through the login password which is manually input, the interval time of the login password which is manually input is related to the distribution position of characters in the login password, the randomness is achieved, the interval time of the login password which is manually input every time is different, when the target website is attacked by a database hit, the target website is logged in through the login password which is automatically input through the computer, the interval time of the login password which is automatically input through the computer is unrelated to the distribution position of the characters in the login password, the interval time is usually uniform, and the interval time of the login password which is automatically input through the computer is completely consistent with the interval time of the login password which is input by a user before. Therefore, the interval time of the login password corresponding to the normal login target website and the interval time of the login password corresponding to the login target website attacked by the database collision have essential differences. According to the scheme, whether the current login type of the target website is a database collision attack or not is determined according to the login information of the user, the login information of the user comprises the interval time between any two adjacent characters in the login password input by the user, and the login password input manually or automatically by a computer can be accurately determined, so that whether the login type of the target website is the database collision attack or not can be accurately identified, and the safety of the website is improved.
The method for determining a library collision attack provided by the embodiment of the present application is described below.
The execution subject of the method for determining the database collision attack provided by the embodiment of the application is a device for determining the database collision attack. The device for determining the library collision attack may be a server, a Central Processing Unit (CPU) in the server, a control module in the server for identifying the library collision attack, or a client in the server for identifying the library collision attack. The embodiment of the application takes a determination method for executing the library collision attack by the server as an example, and explains the determination method for the library collision attack provided by the application.
As shown in fig. 1, an embodiment of the present application further provides a method for determining a library-collision attack, where the method for determining a library-collision attack includes:
s101, the server acquires current user login information of a target website.
Optionally, the current user login information may include a current login user name, a current login password, and an interval time of the current login password.
Alternatively, the current login password may include a plurality of characters. The interval time of the current login password may be the interval time of any two adjacent characters input by the user. Illustratively, when the current login password includes three characters (e.g., ABC), the interval time of the current login password includes the interval time t between the user entering the character A and the user entering the character B1And the interval time t between the input character B and the input character C2
Optionally, the interval time of the current login password may be one or more. Illustratively, if the current login password includes two characters (e.g., AB), the interval time of the current login password includes one, i.e., the interval time t between the input character a and the input character B1. If the current login password comprises three characters (e.g., ABC), the interval time of the current login password comprises two, i.e., the interval time t between the input character A and the input character B1And the interval time t between the input character B and the input character C2
Optionally, the user may input the current login password by means of keyboard typing, may input the current login password by means of mouse clicking or touching the soft keyboard, and may also input the current login password by means of other manners. This is not limited in the examples of the present application.
Furthermore, the current login password of the user can be a login password input manually or a login password input automatically by a computer.
Optionally, the obtaining, by the server, the current user login information of the target website may include the server receiving the current user login information of the password control from the target website.
The password control is a program written by each website according to the requirement, when a user logs in a target website, the password control corresponding to the target website acquires the current user login information of the target website and sends the information to the server, and the server verifies the current user login information so as to identify whether the target website is attacked by library collision.
S102, based on the current user login information, the server determines whether historical user login information exists.
Optionally, the historical user login information may include all user login information for logging in the target website before the server acquires the current user login information of the target website.
Optionally, the historical user login information may include a historical login user name, a historical login password, and an interval time of the historical login password.
Furthermore, the historical login user name is the same as the current login user name, the historical login password is the same as the current login password, and the interval time of the historical login password is the same as that of the current login password.
Optionally, the historical user login information may include user login information for normally logging in the target website, or may also include user login information for logging in the target website through library collision attack.
S103, under the condition that the historical user login information is determined to exist, the server determines that the current login type of the target website is a database collision attack.
Optionally, the current login type of the target website may include a database collision attack. And (4) the user logs in the target website through a login password automatically input by the computer in the process of library collision attack.
Optionally, the current login type of the target website may further include normal login. And normal login means that the user manually inputs a login password to login the target website.
Illustratively, when the current user login information includes a current login user name (e.g., 1), a current login password (e.g., ABC), the interval time of the current login password includes the interval time t between the user input character a and the user input character B1And the interval time t between the input character B and the input character C2If the login user name (e.g. 1) and the login password (e.g. ABC) exist in the server, the interval time of the login password comprises the interval time t from the user to input the character A to the user to input the character B1And the interval time t between the input character B and the input character C2Then the server determines that there is historical user login information.
When the target website is logged in by the attack of the database collision, the login password is automatically input through the computer, and the interval time of the login password automatically input by the computer is completely consistent with the interval time of the historical login password, so that when the historical user login information completely consistent with the current user login information exists, the current user login information can be determined to be automatically input through the computer, and the current login type of the target website can be determined to be the attack of the database collision.
Optionally, after the server determines that the current login type of the target website is a database collision attack, the server may further generate a database collision risk report, and may also prevent the current login behavior of the target website.
Optionally, in a case that the server determines that there is no historical user login information, the server may determine that the current login type of the target website is normal login.
When the target website is normally logged in, the target website is logged in through the login password which is manually input, and the interval time of the password which is manually input every time is different, so that when the interval time of the historical login password which is completely consistent with the interval time of the current login password does not exist, the current login password can be determined to be manually input, and the current login type of the target website can be determined to be normal login.
According to the scheme, whether the history completely consistent with the current user login information exists or not is judged, whether the login password is manually input or automatically input by a computer can be accurately determined, and therefore whether the login type of the target website is a database collision attack or not can be accurately identified, and the safety of the website is improved.
Optionally, as shown in fig. 2, in a case that an interval time of a current login password is multiple, an embodiment of the present application further provides a method for determining a vault attack, where the method for determining the vault attack includes:
s201, the server acquires the current user login information of the target website.
Optionally, the method for acquiring the current user login information of the target website by the server in S201 may be the same as the method for acquiring the current user login information of the target website by the server in S101, and specific steps may refer to S101 described above, which are not described herein again.
S202, based on the current user login information, the server determines whether the interval time of the current login passwords is the same.
S203, under the condition that the interval time of the current login passwords is the same, the server determines that the current login type of the target website is a database collision attack.
Illustratively, when the current login password includes four characters (e.g., ABCD), the interval time of the current login password includes the interval time t between the input character a and the input character B1Interval time t between input character B and input character C2And the interval time t between the input character C and the input character D3The interval time of a plurality of current login passwords is the same, namely the interval time t1At a time t2And an interval time t3Are all the same.
When the target website is logged in by the attack of the database collision, the target website is logged in through the login password automatically input by the computer, the interval time of the login password automatically input by the computer is generally uniform, and the interval time of the login password automatically input by the computer is shorter. Therefore, under the condition that the server determines that the interval time of the plurality of current login passwords is the same, the current login password can be determined to be automatically input by the computer, namely, the current login type of the target website can be determined to be a database collision attack.
Optionally, in a case that the interval time of the plurality of current login passwords is not identical, the server may determine that the current login type of the target website is normal login.
When the target website is normally logged in, the target website is logged in through the manually input login password, the interval time of the manually input password is random, and the interval time of the manually input login password is longer. Therefore, when the server determines that the interval time of the plurality of current login passwords is not identical, the server can determine that the current login password is manually input, that is, the server can determine that the current login type of the target website is normal login.
Optionally, the intervals of the plurality of current login passwords are not identical, and at least one of the intervals of the plurality of current login passwords is different from the other intervals.
Illustratively, when the current login password includes four characters (e.g., ABCD), the interval time of the current login password includes the interval time t between the input character a and the input character B1Interval time t between input character B and input character C2And the interval time t between the input character C and the input character D3At an interval time t1And the interval time t2Different, or spaced apart by a time t1And the interval time t3In different cases, the interval time of the current login passwords is not identical.
According to the scheme, whether the interval time of the current login passwords is the same or not is judged, whether the login password is manually input or automatically input by a computer can be accurately determined, and therefore whether the login type of the target website is a database collision attack or not is identified, and the safety of the website is improved.
Optionally, as shown in fig. 3, an embodiment of the present application further provides a method for determining a library collision attack, where the method for determining a library collision attack includes:
s301, the server acquires the current user login information of the target website.
Optionally, the method for acquiring the current user login information of the target website by the server in S301 may be the same as the method for acquiring the current user login information of the target website by the server in S101, and the specific steps may refer to S101, which is not described herein again.
S302, based on the current user login information, the server determines whether the interval time of the current login password meets the normal login interval time.
The normal login interval time may be determined according to an interval time of a login password input when the user normally logs in the target website. And normally logging in the target website, namely logging in the target website by manually inputting a current login password, wherein the interval time of the manually input current login password is related to the distribution position of the characters on the keyboard. For example, when the distribution positions of two adjacent characters on the keyboard in the current login password are far, the interval time for manually inputting the two adjacent characters is relatively large, and when the distribution positions of the two adjacent characters on the keyboard in the current login password are near, the interval time for manually inputting the two adjacent characters is relatively small.
Illustratively, when the current login password includes four characters (e.g., ABCD), character a is located relatively far from character B on the keyboard, and character C is located relatively close to character D on the keyboard. When the target website is normally logged in, the target website is logged in by manually inputting a login password, the interval time of manually inputting the characters A and B is usually longer than the interval time of manually inputting the characters C and D, when the target website is logged in by hitting a library and attacking, the target website is logged in by the login password automatically input by a computer, the interval time of inputting the characters A and B by the computer is usually the same as the interval time of inputting the characters C and D by the computer, and the interval time of inputting the characters A and B by the computer and the interval time of inputting the characters C and D by the computer are shorter than the interval time of manually inputting the characters A and B and the interval time of manually inputting the characters C and D. Therefore, whether the login password is manually input or automatically input by a computer can be accurately determined by determining whether the interval time of the current login password meets the normal login interval time, so that whether the login type of the target website is a database collision attack or not can be identified. Meanwhile, a hacker can be prevented from adding random intervals in the interval time of the login password to continue to attack the website by hitting the library, and the security of the website is improved.
Optionally, the server determining whether the interval time of the current login password satisfies the normal login interval time may include inputting the interval time of the current login password into the machine learning model, and determining whether the interval time of the current login password satisfies the normal login interval time by using the machine learning model.
Optionally, the machine learning model may be trained by using an interval time of a login password for normally logging in the target website, and the interval time of the login password for normally logging in the target website may be greater than a first preset threshold. The machine learning model can also be trained by utilizing the interval time of the login password of the login target website attacked by the database collision, and the interval time of the login password of the login target website attacked by the database collision can be smaller than a second preset threshold value. By setting the first preset threshold and the second preset threshold, the accuracy of the machine learning model can be improved, and the false alarm rate of the machine learning model is reduced.
The first preset threshold and the second preset threshold may be determined according to actual conditions, which is not limited in the present application.
And S303, under the condition that the interval time of the current login password does not meet the normal login interval time, the server determines that the current login type of the target website is a database collision attack.
Optionally, the server determines that the current login type of the target website is normal login under the condition that the interval time of the current login password meets the normal login interval time.
According to the scheme, whether the interval time of the current login password meets the normal login interval time or not can be accurately determined, and whether the login password is manually input or automatically input by a computer or not can be accurately determined, so that whether the login type of the target website is a database collision attack or not can be identified, and the security of the website can be improved.
Optionally, as shown in fig. 4, in a case that an interval time of a current login password is multiple, an embodiment of the present application further provides a method for determining a vault attack, where the method for determining the vault attack includes:
s401, the server obtains the current user login information of the target website.
Optionally, the method for acquiring the current user login information of the target website by the server in S401 may be the same as the method for acquiring the current user login information of the target website by the server in S101, and specific steps may refer to S101 described above, which are not described herein again.
S402, based on the current user login information, the server determines whether historical user login information exists.
Optionally, the server continues to execute S403 when determining that the historical user login information exists; in a case where the server determines that there is no history user login information and the interval time of the current login password is plural, S404 is continuously performed.
Optionally, the server in S402 determines whether there is historical user login information, which may be determined by the server in S102 as to whether there is historical user login information, and the specific step may refer to S102 described above, which is not described herein again.
S403, the server determines that the current login type of the target website is a database collision attack.
S404, based on the current user login information, the server determines whether the interval time of the current login passwords is the same.
Optionally, the server continues to execute S405 when determining that the interval times of the plurality of current login passwords are all the same; in a case where the server determines that the interval times of the plurality of current login passwords are not identical, execution proceeds to S406.
Optionally, the server determines whether the time intervals of the current login passwords are all the same, which may be the same as the time intervals of the current login passwords determined by the server in S202, and the specific steps may refer to S202, which is not described herein again.
S405, the server determines that the current login type of the target website is a database collision attack.
S406, based on the current user login information, the server determines whether the interval time of the current login password meets the normal login interval time.
Optionally, the server in S406 determines whether the interval time of the current login password meets the normal login interval time based on the current user login information, which may be the same as that in S302 where the server determines whether the interval time of the current login password meets the normal login interval time based on the current user login information, and specific steps may refer to S302 described above, which is not described herein again.
S407, under the condition that the interval time of the current login password does not meet the normal login interval time, the server determines that the current login type of the target website is a database collision attack.
Optionally, the server determines that the current login type of the target website is normal login under the condition that the interval time of the current login password meets the normal login interval time.
According to the scheme, under the condition that historical user login information does not exist and the interval time of a plurality of current login passwords is not identical, whether the interval time of the current login passwords meets the normal login interval time or not can be further judged, whether the login passwords are manually input or automatically input by a computer is determined, and therefore whether the login type of the target website is a database collision attack or not can be accurately identified, and the safety of the website is improved.
Optionally, as shown in fig. 5, in a case that an interval time of a current login password is multiple, an embodiment of the present application further provides a method for determining a vault attack, where the method for determining the vault attack includes:
s501, the server obtains the current user login information of the target website.
Optionally, the method for acquiring the current user login information of the target website by the server in S501 may be the same as the method for acquiring the current user login information of the target website by the server in S101, and specific steps may refer to S101 described above, which are not described herein again.
S502, based on the current user login information, the server determines whether historical user login information exists.
Optionally, the server continues to execute S503 when determining that the historical user login information exists; in the case where the server determines that there is no historical user login information and the interval time of the current login password is plural, S504 is continuously performed.
Optionally, the server in S502 determines whether there is historical user login information, which may be determined by the server in S102 as well as the server in S102, and specific steps may refer to S102 described above, which is not described herein again.
S503, the server determines that the current login type of the target website is a database collision attack.
S504, based on the current user login information, the server determines whether the interval time of the current login password meets the normal login interval time.
Optionally, the server in S504 determines whether the interval time of the current login password meets the normal login interval time based on the current user login information, which may be the same as that in S302, where the server determines whether the interval time of the current login password meets the normal login interval time based on the current user login information, and specific steps may refer to S302, which is not described herein again.
And S505, under the condition that the interval time of the current login password does not meet the normal login interval time, the server determines that the current login type of the target website is a database collision attack.
Optionally, the server determines that the current login type of the target website is normal login under the condition that the interval time of the current login password meets the normal login interval time.
According to the scheme, under the condition that no historical user login information exists, whether the interval time of the current login password meets the normal login interval time or not can be further judged, and whether the login password is manually input or automatically input by a computer is determined, so that whether the login type of the target website is a database collision attack or not can be accurately identified, and the safety of the website is improved.
Optionally, as shown in fig. 6, in a case that an interval time of a current login password is multiple, an embodiment of the present application further provides a method for determining a vault attack, where the method for determining the vault attack includes:
s601, the server acquires the current user login information of the target website.
Optionally, the method for acquiring the current user login information of the target website by the server in S601 may be the same as the method for acquiring the current user login information of the target website by the server in S101, and specific steps may refer to S101 described above, which are not described herein again.
S602, based on the current user login information, the server determines whether the interval time of a plurality of current login passwords is the same.
Optionally, the server continues to execute S603 when determining that the interval times of the plurality of current login passwords are all the same; in a case where the server determines that the interval times of the plurality of current login passwords are not identical, execution continues with S604.
Optionally, the server in S602 determines whether the time intervals of the multiple current login passwords are all the same, which may be the same as the time intervals of the multiple current login passwords determined by the server in S202, and the specific step may refer to S202, which is not described herein again.
S603, the server determines that the current login type of the target website is a database collision attack.
S604, based on the current user login information, the server determines whether the interval time of the current login password meets the normal login interval time.
Optionally, the server in S604 determines whether the interval time of the current login password meets the normal login interval time based on the current user login information, which may be the same as that in S302 where the server determines whether the interval time of the current login password meets the normal login interval time based on the current user login information, and specific steps may refer to S302 described above, which is not described herein again.
S605, under the condition that the interval time of the current login password does not meet the normal login interval time, the server determines that the current login type of the target website is a database collision attack.
Optionally, the server determines that the current login type of the target website is normal login under the condition that the interval time of the current login password meets the normal login interval time.
According to the scheme, under the condition that the interval time of the current login passwords is not identical, whether the login password input manually or the login password input automatically by a computer is determined by judging whether the interval time of the current login passwords meets the normal login interval time or not, so that whether the login type of the target website is a database collision attack or not can be accurately identified, and the safety of the website is improved.
Optionally, as shown in fig. 7, in a case that an interval time of a current login password is multiple, an embodiment of the present application further provides a method for determining a vault attack, where the method for determining the vault attack includes:
s701, the server acquires the current user login information of the target website.
Optionally, the method for acquiring the current user login information of the target website by the server in S701 may be the same as the method for acquiring the current user login information of the target website by the server in S101, and specific steps may refer to S101 described above, which are not described herein again.
S702, based on the current user login information, the server determines whether historical user login information exists.
Optionally, the server continues to execute S703 when determining that the historical user login information exists; in a case where the server determines that there is no history user login information and the interval time of the current login password is plural, execution continues to S704.
Optionally, the server in S702 determines whether there is historical user login information, which may be determined by the server in S102 as to whether there is historical user login information, and the specific step may refer to S102 described above, which is not described herein again.
S703, the server determines that the current login type of the target website is a database collision attack.
S704, based on the current user login information, the server determines whether the interval time of the current login passwords is the same.
Optionally, the server in S702 determines whether the time intervals of the multiple current login passwords are all the same, which may be the same as the time intervals of the multiple current login passwords determined by the server in S202, and the specific steps may refer to S202, which is not described herein again.
S705, under the condition that the interval time of the current login passwords is the same, the server determines that the current login type of the target website is a database collision attack.
Optionally, in a case that the interval time of the plurality of current login passwords is not identical, the server may determine that the current login type of the target website is normal login.
According to the scheme, whether the login password is manually input or automatically input by a computer can be further determined by judging whether the interval time of the current login password is the same or not under the condition that no historical user login information exists, so that whether the login type of the target website is a database collision attack or not can be accurately identified, and the security of the website is improved.
The method for determining the database collision attack determines the current login type of the target website as the database collision attack according to the current user login information, wherein the current user login information comprises the interval time of any two adjacent characters in the current login password input by the user. When the target website is normally logged in, the target website is logged in through the login password which is manually input, the interval time of the login password which is manually input is random, the interval time of the login password which is manually input every time is different, when the login target website is input through the database collision attack, the target website is logged in through the login password which is automatically input through the computer, the interval time of the login password which is automatically input through the computer is generally uniform, and the interval time of the login password which is automatically input through the computer is completely consistent with the interval time of the login password which is input through the user before. Therefore, according to the scheme of the application, the login password input manually or automatically by the computer can be accurately determined through the interval time of the login password input by the user, so that whether the login type of the target website is a database collision attack or not can be accurately identified, and the safety of the website is improved.
The scheme provided by the embodiment of the application is mainly introduced from the perspective of a method. To implement the above functions, it includes hardware structures and/or software modules for performing the respective functions. Those of skill in the art would readily appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
As shown in fig. 8, an embodiment of the present application provides a device 800 for determining a vault crash attack. The database crash determination device 800 may include at least one processor 801, a communication line 802, a memory 803, and a communication interface 804.
In particular, the processor 801 is configured to execute computer-executable instructions stored in the memory 803, thereby implementing steps or actions of the terminal.
The processor 801 may be a chip. For example, the Field Programmable Gate Array (FPGA) may be an Application Specific Integrated Circuit (ASIC), a system on chip (SoC), a Central Processing Unit (CPU), a Network Processor (NP), a digital signal processing circuit (DSP), a Micro Controller Unit (MCU), a Programmable Logic Device (PLD) or other integrated chips.
A communication line 802 for transmitting information between the processor 801 and the memory 803.
The memory 803 is used for storing and executing computer execution instructions and is controlled by the processor 801 to execute the instructions.
The memory 803 may be separate and coupled to the processor via the communication line 802. The memory 803 may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The non-volatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an electrically Erasable EPROM (EEPROM), or a flash memory. Volatile memory can be Random Access Memory (RAM), which acts as external cache memory. By way of example, and not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), double data rate SDRAM (DDR SDRAM), Enhanced SDRAM (ESDRAM). It should be noted that the memory of the systems and devices described herein is intended to comprise, without being limited to, these and any other suitable types of memory.
A communication interface 804 for communicating with other devices or a communication network. The communication network may be an ethernet, a Radio Access Network (RAN), or a Wireless Local Area Network (WLAN).
It is noted that the structure shown in fig. 8 does not constitute a limitation of the determination device of the vault attack, and the determination device of the vault attack may include more or less components than those shown in fig. 8, or a combination of some components, or a different arrangement of components, in addition to the components shown in fig. 8.
As shown in fig. 9, an embodiment of the present application provides a device 900 for determining a vault crash attack. The data processing apparatus 900 may include an acquisition unit 901 and a determination unit 902.
An obtaining unit 901, configured to obtain current user login information of a target website. For example, in conjunction with fig. 1, the obtaining unit 901 may be configured to execute S101.
A determining unit 902, configured to determine whether there is historical user login information based on the current user login information acquired by the acquiring unit 901, or determine whether intervals of a plurality of current login passwords are the same based on the current user login information acquired by the acquiring unit 901, or determine whether the intervals of the current login passwords satisfy normal login intervals based on the current user login information acquired by the acquiring unit 901. For example, in connection with fig. 1, the determining unit 902 may be configured to perform step S102, or, in connection with fig. 2, the determining unit 902 may be configured to perform step S202, or, in connection with fig. 3, the determining unit 902 may be configured to perform step S302.
The determining unit 902 is configured to determine that the current login type of the target website is a library collision attack when the historical user login information exists, or determine that the current login type of the target website is a library collision attack when the interval time of the current login password is multiple and the interval times of the multiple current login passwords are the same, or determine that the current login type of the target website is a library collision attack when the interval time of the current login password does not meet the normal login interval time. For example, in connection with fig. 1, the determining unit 902 may be configured to perform step S103, or, in connection with fig. 2, the determining unit 902 may be configured to perform step S203, or, in connection with fig. 3, the determining unit 902 may be configured to perform step S303.
It should be understood that, in the various embodiments of the present application, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.
In actual implementation, the obtaining unit 901 and the determining unit 902 may be implemented by the processor 801 shown in fig. 8 calling a program code in the memory 803. For a specific implementation process, reference may be made to the description of the method portion in the library collision attack determination method shown in fig. 1 to fig. 7, which is not described herein again.
Another embodiment of the present application further provides a computer-readable storage medium, where a computer instruction is stored in the computer-readable storage medium, and when the computer instruction runs on a device for determining a library-collision attack, the device for determining a library-collision attack performs each step performed by a server in a method flow shown in the foregoing method embodiment.
In another embodiment of the present application, a computer program product is further provided, where the computer program product includes instructions that, when executed on a device for determining a library attack, cause the device for determining a library attack to perform the steps performed by the server in the method flow shown in the above-mentioned method embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, devices and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus, and method may be implemented in other ways. For example, the above-described embodiments of the apparatus are merely illustrative, and for example, a division of a unit is merely a logical division, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present application should be covered within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (10)

1. A method for determining a library collision attack, the method comprising:
acquiring current user login information of a target website, wherein the current user login information comprises a current login user name, a current login password and the interval time of the current login password; the current login password comprises a plurality of characters, and the interval time of the current login password is the interval time of any two adjacent characters input by the user;
under the condition that historical user login information exists, determining that the current login type of the target website is a database collision attack; the historical user login information comprises a historical login user name, a historical login password and the interval time of the historical login password, and the interval time of the historical login user name, the historical login password and the historical login password is respectively the same as the interval time of the current login user name, the current login password and the current login password;
determining that the current login type of the target website is a database collision attack under the condition that the interval time of the current login passwords is multiple and the interval time of the current login passwords is the same;
under the condition that the interval time of the current login password does not meet the normal login interval time, determining that the current login type of the target website is a database collision attack; and the normal login interval time is determined according to the interval time of the login password input when the user normally logs in the target website.
2. The method of claim 1, wherein in the case that the historical user login information does not exist and the interval time of the plurality of current login passwords is not identical, the method further comprises:
and under the condition that the interval time of the current login password does not meet the normal login interval time, determining that the current login type of the target website is a database collision attack.
3. The method of claim 1, wherein in the absence of the historical user login information or when the interval time of the plurality of current login passwords is not identical, the method further comprises:
and under the condition that the interval time of the current login password does not meet the normal login interval time, determining that the current login type of the target website is a database collision attack.
4. The method of claim 1, wherein in the absence of the historical user login information, the method further comprises:
and determining the current login type of the target website as a database collision attack under the condition that the interval time of the current login passwords is multiple and the interval time of the current login passwords is the same.
5. An apparatus for determining a vault attack, the apparatus comprising:
the system comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring current user login information of a target website, and the current user login information comprises a current login user name, a current login password and the interval time of the current login password; the current login password comprises a plurality of characters, and the interval time of the current login password is the interval time of any two adjacent characters input by the user;
the determining unit is used for determining the current login type of the target website as a database collision attack under the condition that historical user login information exists; the historical user login information comprises a historical login user name, a historical login password and the interval time of the historical login password, and the interval time of the historical login user name, the historical login password and the historical login password is respectively the same as the interval time of the current login user name, the current login password and the current login password;
determining that the current login type of the target website is a database collision attack under the condition that the interval time of the current login passwords is multiple and the interval time of the current login passwords is the same;
under the condition that the interval time of the current login password does not meet the normal login interval time, determining that the current login type of the target website is a database collision attack; and the normal login interval time is determined according to the interval time of the login password input when the user normally logs in the target website.
6. The apparatus according to claim 5, wherein in a case where there is no historical user login information and the interval time of the plurality of current login passwords is not identical, the determining unit is further configured to:
and under the condition that the interval time of the current login password does not meet the normal login interval time, determining that the current login type of the target website is a database collision attack.
7. The apparatus according to claim 5, wherein in a case where there is no historical user login information or the interval time of the current login passwords is not identical, the determining unit is further configured to:
and under the condition that the interval time of the current login password does not meet the normal login interval time, determining that the current login type of the target website is a database collision attack.
8. The apparatus according to claim 5, wherein in a case where the historical user login information does not exist, the determining unit is further configured to:
and determining the current login type of the target website as a database collision attack under the condition that the interval time of the current login passwords is multiple and the interval time of the current login passwords is the same.
9. The equipment for determining the database-collision attack is characterized by comprising a memory and a processor; the memory and the processor are coupled; the memory for storing computer program code, the computer program code comprising computer instructions; when the processor executes the computer instructions, the database collision attack determination device executes the database collision attack determination method according to any one of claims 1 to 4.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored therein instructions that, when run on a device for determining a library attack, cause the device for determining a library attack to execute the method for determining a library attack according to any one of claims 1 to 4.
CN202110579945.3A 2021-05-26 2021-05-26 Method, device, equipment and storage medium for determining database collision attack Pending CN113179281A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110579945.3A CN113179281A (en) 2021-05-26 2021-05-26 Method, device, equipment and storage medium for determining database collision attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110579945.3A CN113179281A (en) 2021-05-26 2021-05-26 Method, device, equipment and storage medium for determining database collision attack

Publications (1)

Publication Number Publication Date
CN113179281A true CN113179281A (en) 2021-07-27

Family

ID=76927078

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110579945.3A Pending CN113179281A (en) 2021-05-26 2021-05-26 Method, device, equipment and storage medium for determining database collision attack

Country Status (1)

Country Link
CN (1) CN113179281A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104301286A (en) * 2013-07-15 2015-01-21 中国移动通信集团黑龙江有限公司 User login authentication method and device
CN105577692A (en) * 2016-02-03 2016-05-11 杭州朗和科技有限公司 Website login authentication method and device
CN108133373A (en) * 2018-01-04 2018-06-08 交通银行股份有限公司 Seek the method and device for the adventure account for relating to machine behavior
CN109688099A (en) * 2018-09-07 2019-04-26 平安科技(深圳)有限公司 Server end hits library recognition methods, device, equipment and readable storage medium storing program for executing
CN111083165A (en) * 2019-12-31 2020-04-28 支付宝(杭州)信息技术有限公司 Login interception method and system based on combined anti-collision library platform
CN111831991A (en) * 2020-07-24 2020-10-27 中国工商银行股份有限公司 Input operation detection method, device, computing equipment and medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104301286A (en) * 2013-07-15 2015-01-21 中国移动通信集团黑龙江有限公司 User login authentication method and device
CN105577692A (en) * 2016-02-03 2016-05-11 杭州朗和科技有限公司 Website login authentication method and device
CN108133373A (en) * 2018-01-04 2018-06-08 交通银行股份有限公司 Seek the method and device for the adventure account for relating to machine behavior
CN109688099A (en) * 2018-09-07 2019-04-26 平安科技(深圳)有限公司 Server end hits library recognition methods, device, equipment and readable storage medium storing program for executing
CN111083165A (en) * 2019-12-31 2020-04-28 支付宝(杭州)信息技术有限公司 Login interception method and system based on combined anti-collision library platform
CN111831991A (en) * 2020-07-24 2020-10-27 中国工商银行股份有限公司 Input operation detection method, device, computing equipment and medium

Similar Documents

Publication Publication Date Title
US10262132B2 (en) Model-based computer attack analytics orchestration
CN108932426B (en) Unauthorized vulnerability detection method and device
CN105072611A (en) Verification method and terminal
US9954881B1 (en) ATO threat visualization system
CN108073351B (en) Data storage method of nonvolatile storage space in chip and credible chip
CN111045921A (en) Automatic interface testing method and device, computer equipment and storage medium
CN114117532A (en) Cloud server access method and device, electronic equipment and storage medium
CN108965291B (en) Registration login method and system of hybrid application program and computer equipment
CN107426136B (en) Network attack identification method and device
EP3253088A1 (en) Control method and terminal for short message reading
CN107231383B (en) CC attack detection method and device
CN107623664B (en) Password input method and device
WO2021003916A1 (en) Dynamic verification method and apparatus, and computer device and storage medium
CN108470126B (en) Data processing method, device and storage medium
WO2021099808A1 (en) Systems and methods for detecting security incidents
CN113179281A (en) Method, device, equipment and storage medium for determining database collision attack
CN111586202B (en) Network mask checking method and device, electronic equipment and storage medium
CN114500368B (en) Data transmission method and device and router adopting device
US20200342109A1 (en) Baseboard management controller to convey data
US20230163954A1 (en) Method and device for securing a communication path
CN111294336B (en) Login behavior detection method and device, computer equipment and storage medium
CN108650249A (en) POC attack detection methods, device, computer equipment and storage medium
CN111914311B (en) Hard disk password management method and device, electronic equipment and storage medium
CN104052726A (en) Access control method and mobile terminal which employs access control method
CN113242257A (en) Unauthorized vulnerability detection method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210727