CN113190837A - Web attack behavior detection method and system based on file service system - Google Patents
Web attack behavior detection method and system based on file service system Download PDFInfo
- Publication number
- CN113190837A CN113190837A CN202110336028.2A CN202110336028A CN113190837A CN 113190837 A CN113190837 A CN 113190837A CN 202110336028 A CN202110336028 A CN 202110336028A CN 113190837 A CN113190837 A CN 113190837A
- Authority
- CN
- China
- Prior art keywords
- file
- attack behavior
- service system
- request
- web server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/18—File system types
- G06F16/182—Distributed file systems
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a Web attack behavior detection method and a system based on a file service system.A Web server periodically monitors file access requests from at least one client to the file service system; extracting the category of the file access request, if the file access request is a file uploading request, starting a file uploading mode attack behavior detection program by the Web server for scanning, if the file access request is not a file uploading request, extracting a file identifier, looking up a table to obtain a file storage position, and sending the uploaded file to a specified position for storage; if the file is a file downloading request, the file is directly positioned to the position of the file to be downloaded according to the file identifier, a file downloading mode attack behavior detection program is started at the position, real-time scanning is carried out while the file is acquired at the position of the downloading request, if the attack behavior is found, an interception program is started, the downloading request is rejected, and therefore file attack behavior scanning is carried out in a targeted mode, and the safety of the file is guaranteed.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a method and a system for detecting web attack behaviors based on a file service system.
Background
With the rapid development of computer technology, the technology in the aspects of networks, magnetic disks, CPUs and the like is greatly improved, distributed file service systems are continuously improved and enhanced, and meanwhile, a large-capacity, high-performance and high-reliability distributed storage environment is increasingly required along with the application of large-scale parallel computing, network new media, image processing and the like.
Although the existing distributed file service system basically meets the storage requirements of users on files, due to the limitation of the users on the security levels of different files, files in part of the file service system face security threats, especially network attack behaviors in network security risks, so that the file storage process faces a great threat, and how to improve the existing distributed file service system and effectively detect the network attack behaviors become technical problems to be solved by the invention.
Disclosure of Invention
In order to solve the technical problems, the invention provides a web attack behavior detection method and a web attack behavior detection system based on a file service system, and aims to solve the problems that the existing distributed file system is not deployed enough and the security threat caused by attack behavior detection cannot be timely carried out.
The purpose of the first aspect of the invention is realized by the following technical scheme:
a web attack behavior detection method based on a file service system comprises the following steps:
step S101: the method comprises the following steps that a Web server periodically monitors file access requests from at least one client to a file service system;
step S102: extracting the type of the file access request, and if the file access request is a file uploading request, then the process goes to step S103: if the request is a download request, step S104 is entered;
step S103: the Web server directly starts a file uploading mode attack behavior detection program to scan files, if no attack behavior exists, an uploaded file identifier is extracted, table look-up is carried out to obtain position information stored by the file, and the uploaded file is sent to a specified position to be stored;
step S104: directly positioning to the position of a file to be downloaded according to a file identifier carried in a downloading request, starting a file downloading mode attack behavior detection program at the position, scanning in real time while acquiring the file at the position of the downloading request, starting an interception program if an attack behavior is found, rejecting the downloading request and entering step S106; if no attack behavior is found, go to step S105;
step S105: returning a response message for receiving the file access request to the client;
step S106: and returning a response message of refusing to receive the file access request to the client.
Further, before the step of periodically listening for a file access request from at least one client to the file service system, the Web server further includes:
the method comprises the steps of establishing a distributed attack behavior detection model of a plurality of web servers and a file service system in advance, wherein each web server correspondingly manages the file service system which is mutually associated, dividing the file service system into a plurality of subfile service systems in the model, setting a file list in each subfile service system to indicate the position of a file, and storing the file list of each subfile service system which is correspondingly managed in each web server.
Furthermore, a file uploading mode attack behavior detection program is set in the web server, and a file downloading mode attack behavior detection program is set in each subfile service system.
Further, the setting of the file upload mode attack behavior detection program in the web server specifically includes setting a blacklist and a whitelist program detection model in the web server, setting a network security behavior database acquired before the current time in the whitelist detection model, where security behavior characteristics are stored in the database, and establishing a network attack behavior data training model acquired before the current time in the blacklist detection model.
Further, the Web server directly starts a file upload pattern attack behavior detection program to perform file scanning, and the method specifically includes: when a file is scanned, polling is carried out on the file in a white list database, if the file is matched with the white list database, the file request is a legal request, a file identifier is extracted, polling is carried out in a file list to search a corresponding storage position of the file to be stored in a corresponding subfile service system, if the file is not matched with the corresponding storage position, a black list detection model is called, an access denial request is sent out when an attack behavior is found, if the attack behavior is not found, new behavior characteristic data are trained, the behavior characteristic data are dispatched to the white list detection model to update white list data, if the attack behavior is found, the behavior characteristic data are extracted and stored in the black list detection model to update the black list data.
Further, the file identifier is a feature value obtained by hash calculation of a file name or a file extension, and the feature value uniquely indicates a corresponding file.
Further, after the step of periodically monitoring a file access request from at least one client to the file service system, the Web server further includes: and extracting the user authority carried by the access request, and if the user authority does not meet the authority requirement, directly rejecting the file access request.
Further, if the user permission carried by the access request is extracted to meet the permission access requirement, extracting client attribute information corresponding to the permission, and when an attack behavior characteristic exists in the process of scanning out an uploaded file or downloading the file, recording the attack behavior characteristic and simultaneously corresponding the client attribute information to the corresponding attack behavior characteristic to form attack behavior data, wherein the data comprises the client attribute information and the attack behavior characteristic data, and the client attribute information comprises a client IP address or an MAC address.
The object of the second aspect of the present invention is to provide a web attack behavior detection system based on a file service system, which includes the file service system and a web server to execute the attack behavior detection method as described above.
It is an object of a third aspect of the invention to propose a readable storage medium having stored thereon a computer program which, when being executed by a processor, carries out the steps of the attack behavior detection method as described above.
The invention has the beneficial effects that:
the invention provides a Web attack behavior detection method and a system based on a file service system.A Web server periodically monitors file access requests from at least one client to the file service system; extracting the category of the file access request, if the file access request is a file uploading request, directly starting a file uploading mode attack behavior detection program by the Web server to scan the file, if the file is not an attack behavior, extracting an uploaded file identifier, looking up a table to obtain position information stored by the file, and sending the uploaded file to a specified position for storage; if the file is a file downloading request, directly positioning to the position of the file to be downloaded according to a file identifier carried in the downloading request, starting a file downloading mode attack behavior detection program at the position, scanning in real time while acquiring the file at the position of the downloading request, and starting an interception program to reject the downloading request if the attack behavior is found. Therefore, the attack behavior scanning of the file access request is effectively carried out while the reasonable deployment of the distributed file subsystem is realized, and the safety of the file in the downloading or uploading process is ensured.
Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention. The objectives and other advantages of the present invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be further described in detail with reference to the accompanying drawings, in which:
FIG. 1 is a flowchart of a web attack behavior detection method based on a file service system according to the present invention;
fig. 2 is a frame diagram of a web attack behavior detection system based on a file service system according to the present invention.
Detailed Description
Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. It should be understood that the preferred embodiments are illustrative of the invention only and are not limiting upon the scope of the invention.
As shown in fig. 1, the present invention provides a web attack behavior detection method based on a file service system, which includes the steps of:
step S101: the method comprises the following steps that a Web server periodically monitors file access requests from at least one client to a file service system;
step S102: extracting the type of the file access request, if the file access request is a file uploading request, entering a step S103, and if not, entering a step S104;
step S103: the Web server directly starts a file uploading mode attack behavior detection program to scan files, if no attack behavior exists, an uploaded file identifier is extracted, table lookup is carried out to obtain position information stored by the file, the uploaded file is sent to a specified position to be stored, and the step S105 is carried out; if the attack behavior occurs, the step S106 is executed;
step S104: if the file is a file downloading request, directly positioning to the position of a file to be downloaded according to a file identifier carried in the downloading request, starting a file downloading mode attack behavior detection program at the position, scanning in real time while acquiring the file at the position of the downloading request, starting an interception program if the attack behavior is found, rejecting the downloading request, and entering step S106, and if the attack behavior is not found, entering step S105;
step S105: and returning a response message for receiving the file access request to the client.
Step S106: and returning a response message of refusing to receive the file access request to the client.
According to the embodiment of the invention, the web attack behavior detection method based on the file service system further comprises the following steps:
the method comprises the steps of establishing a distributed attack behavior detection model of a plurality of web servers and a file service system in advance, wherein each web server correspondingly manages the file service system which is mutually associated, dividing the file service system into a plurality of subfile service systems in the model, setting a file list in each subfile service system to indicate the position of a file, and storing the file list of each subfile service system which is correspondingly managed in each web server.
According to the embodiment of the invention, the attack behavior detection system based on the http request is arranged on the basis of a plurality of web servers, file service systems and clients. Each web server corresponds to one or more groups of subfile service systems, as shown in fig. 2, the web server 1 corresponds to a subfile service system 11, 12., subfile service system 1 n; the web server 2 corresponds to the subfile service system 21, 22., the subfile service system 2 n; web server n corresponds to subfile serving systems n1, n 2. A client 1, say, when a file data request needs to be made, a client n carries client attribute information, where the attribute information includes a client IP address or MAC address or other unique identification client location or affiliation. The data request sent by the client carries the identification corresponding to the web server, so that the data request is addressed to the corresponding web server.
In the invention, in order to better explain the potential attacks that may exist in an attack behavior, in the establishment of the attack behavior detection system of the invention, a basic addressing list is already established between a client and a web server before data interaction is performed, for example, text file content stored in the web server 1, video file content stored in the web server 2, and audio data content stored in the web server 3, but also corresponding file content stored in each web server can be limited in other classification manners, so that different files belong to different web server jurisdictions, and any associated client can be addressed to the corresponding web server when needing to upload or download the files. The present invention is different from the prior art in that the web server corresponds to a plurality of sub-file server systems, that is, the web server itself does not store the file content, but redirects to different sub-file service systems, such as the text file content stored by the web server 1, for example, but actually the content is not stored in the web server 1, but belongs to a plurality of sub-file service systems corresponding to the web server 1, and the text file content can be divided into files with different extensions, such as doc, ppt, jpg, etc., and meanwhile, each sub-file service system has a file service identifier stored with its corresponding extension to identify the specific category of the text file stored by the sub-file service system.
Each web server stores file service identifications and corresponding position information of the corresponding sub-file service systems to form a list, and when a request enters the web server, the web server conducts polling in the list to locate the specific position of the file.
According to the embodiment of the invention, in order to better detect the attack behavior, the invention also sets the access authority, as mentioned above, the data interaction process between the client and the web server is established in advance, in order to enable the data request process to be carried out more safely, when the web server receives a file access request from a client, the user authority carried by the access request is extracted, and if the file access request does not meet the authority requirement, the file access request is directly refused. If the user authority carried by the access request is extracted to meet the authority access requirement, extracting client attribute information corresponding to the authority, recording attack behavior characteristics and simultaneously corresponding the client attribute information to the corresponding attack behavior characteristics when the attack behavior characteristics exist in the process of scanning an uploaded file or downloading the file so as to form attack behavior data, wherein the data comprises the client attribute information and the attack behavior characteristic data, and the client attribute information comprises a client IP address or an MAC address. In the invention, a web server side and each subfile service system are respectively provided with a scanning thread, if a file request is uploaded, the scanning of the attack behavior is carried out on the web server side, if the file request is downloaded, the scanning thread is directly positioned to the subfile service system, and meanwhile, the scanning of the attack behavior scanning thread is started in the subfile service system. Whether the web server or the subfile service system scans the attack behavior, on one hand, the access denial request is returned, on the other hand, the source of the attack behavior is determined according to the client attribute information, so that the attack behavior can be effectively positioned, and a data basis is provided for the analysis of the subsequent attack behavior.
As described above, scanning threads are respectively set in the web server and each subfile service system, specifically, a file upload mode attack behavior detection program scanning thread is set in the web server, and a file download mode attack behavior detection program scanning thread is set in each subfile service system.
The method for setting the file uploading mode attack behavior detection program in the web server specifically comprises the steps of setting a blacklist and a white list program detection model in the web server, setting a network security behavior database acquired before the current time in the white list detection model, wherein security behavior characteristics are stored in the database, and establishing a network attack behavior data training model acquired before the current time in the blacklist detection model.
The method for detecting the attack behavior of the file uploading mode by the Web server includes the following steps: when a file is scanned, polling is carried out on the file in a white list database, if the file is matched with the white list database, the file request is a legal request, a file identifier is extracted, polling is carried out in a file list to search a corresponding storage position of the file to be stored in a corresponding subfile service system, if the file is not matched with the corresponding storage position, a black list detection model is called, an access denial request is sent out when an attack behavior is found, if the attack behavior is not found, new behavior characteristic data are trained, the behavior characteristic data are dispatched to the white list detection model to update white list data, if the attack behavior is found, the behavior characteristic data are extracted and stored in the black list detection model to update the black list data. The file identifier is a characteristic value obtained by hash calculation of a file name or a file extension, and the characteristic value uniquely indicates a corresponding file.
According to an embodiment of the present invention, the present invention further provides a web attack behavior detection system based on a file service system, where the system includes the file service system and a web server to execute the attack behavior detection method.
According to an embodiment of the present invention, the present invention further provides a readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the steps of the attack behavior detection method as described above.
It should be recognized that embodiments of the present invention can be realized and implemented by computer hardware, a combination of hardware and software, or by computer instructions stored in a non-transitory computer readable memory. The methods may be implemented in a computer program using standard programming techniques, including a non-transitory computer-readable storage medium configured with the computer program, where the storage medium so configured causes a computer to operate in a specific and predefined manner, according to the methods and figures described in the detailed description. Each program may be implemented in a high level procedural or object oriented programming language to communicate with a computer system. However, the program(s) can be implemented in assembly or machine language, if desired. In any case, the language may be a compiled or interpreted language. Furthermore, the program can be run on a programmed application specific integrated circuit for this purpose.
Further, the operations of processes described herein can be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The processes described herein (or variations and/or combinations thereof) may be performed under the control of one or more computer systems configured with executable instructions, and may be implemented as code (e.g., executable instructions, one or more computer programs, or one or more applications) collectively executed on one or more processors, by hardware, or combinations thereof. The computer program includes a plurality of instructions executable by one or more processors.
Further, the method may be implemented in any type of computing platform operatively connected to a suitable interface, including but not limited to a personal computer, mini computer, mainframe, workstation, networked or distributed computing environment, separate or integrated computer platform, or in communication with a charged particle tool or other imaging device, and the like. Aspects of the invention may be embodied in machine-readable code stored on a non-transitory storage medium or device, whether removable or integrated into a computing platform, such as a hard disk, optically read and/or write storage medium, RAM, ROM, or the like, such that it may be read by a programmable computer, which when read by the storage medium or device, is operative to configure and operate the computer to perform the procedures described herein. Further, the machine-readable code, or portions thereof, may be transmitted over a wired or wireless network. The invention described herein includes these and other different types of non-transitory computer-readable storage media when such media include instructions or programs that implement the steps described above in conjunction with a microprocessor or other data processor. The invention also includes the computer itself when programmed according to the methods and techniques described herein.
A computer program can be applied to input data to perform the functions described herein to transform the input data to generate output data that is stored to non-volatile memory. The output information may also be applied to one or more output devices, such as a display. In a preferred embodiment of the invention, the transformed data represents physical and tangible objects, including particular visual depictions of physical and tangible objects produced on a display.
Finally, the above embodiments are only intended to illustrate the technical solutions of the present invention and not to limit the present invention, and although the present invention has been described in detail with reference to the preferred embodiments, it will be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions, and all of them should be covered by the claims of the present invention.
Claims (10)
1. A web attack behavior detection method based on a file service system is characterized by comprising the following steps:
step S101: the method comprises the following steps that a Web server periodically monitors file access requests from at least one client to a file service system;
step S102: extracting the type of the file access request, and if the file access request is a file uploading request, then the process goes to step S103: if the request is a download request, step S104 is entered;
step S103: the Web server directly starts a file uploading mode attack behavior detection program to scan files, if no attack behavior exists, an uploaded file identifier is extracted, table look-up is carried out to obtain position information stored by the file, and the uploaded file is sent to a specified position to be stored;
step S104: directly positioning to the position of a file to be downloaded according to a file identifier carried in a downloading request, starting a file downloading mode attack behavior detection program at the position, scanning in real time while acquiring the file at the position of the downloading request, starting an interception program if an attack behavior is found, rejecting the downloading request, and entering step S106; if no attack behavior is found, go to step S105;
step S105: returning a response message for receiving the file access request to the client;
step S106: and returning a response message of refusing to receive the file access request to the client.
2. The method for detecting the web attack behavior based on the file service system according to claim 1, wherein: in step S101, before the step, the method further includes:
the method comprises the steps of establishing a distributed attack behavior detection model of a plurality of web servers and a file service system in advance, wherein each web server correspondingly manages the file service system which is mutually associated, dividing the file service system into a plurality of subfile service systems in the model, setting a file list in each subfile service system to indicate the position of a file, and storing the file list of each subfile service system which is correspondingly managed in each web server.
3. The method for detecting the web attack behavior based on the file service system according to claim 2, wherein: and setting a file uploading mode attack behavior detection program in the web server, and setting a file downloading mode attack behavior detection program in each subfile service system.
4. The method for detecting the web attack behavior based on the file service system according to claim 3, wherein: the method for setting the file uploading mode attack behavior detection program in the web server specifically comprises the following steps:
setting a blacklist and whitelist program detection model in a web server, setting a network security behavior database acquired before the current time in the whitelist detection model, wherein security behavior characteristics are stored in the database, and establishing a network attack behavior data training model acquired before the current time in the blacklist detection model.
5. The method for detecting the web attack behavior based on the file service system according to claim 4, wherein: the method for directly starting the file uploading mode attack behavior detection program to scan the file by the Web server specifically comprises the following steps:
when a file is scanned, polling is carried out on the file in a white list database, if the file is matched with the white list database, the file request is a legal request, a file identifier is extracted, polling is carried out in a file list to search a corresponding storage position of the file to be stored in a corresponding subfile service system, if the file is not matched with the corresponding storage position, a black list detection model is called, an access denial request is sent out when an attack behavior is found, if the attack behavior is not found, new behavior characteristic data are trained, the behavior characteristic data are dispatched to the white list detection model to update white list data, if the attack behavior is found, the behavior characteristic data are extracted and stored in the black list detection model to update the black list data.
6. The method for detecting the web attack behavior based on the file service system according to claim 1, wherein: the file identification is a characteristic value obtained by hash calculation of a file name or a file extension, and the characteristic value uniquely indicates a corresponding file.
7. The method for detecting the web attack behavior based on the file service system according to claim 1, wherein: after the step of periodically monitoring file access requests from at least one client to the file service system, the Web server further comprises: and extracting the user authority carried by the access request, and if the user authority does not meet the authority requirement, directly rejecting the file access request.
8. The method for detecting web attack behavior based on file service system according to claim 7, characterized in that: if the user authority carried by the access request is extracted to meet the authority access requirement, extracting client attribute information corresponding to the authority, recording attack behavior characteristics and simultaneously corresponding the client attribute information to the corresponding attack behavior characteristics when the attack behavior characteristics exist in the process of scanning an uploaded file or downloading the file so as to form attack behavior data, wherein the data comprises the client attribute information and the attack behavior characteristic data, and the client attribute information comprises a client IP address or an MAC address.
9. A file serving system based web attack behavior detection system according to any one of claims 1 to 8, characterized in that: the system comprises a file service system and a web server to execute the attack behavior detection method according to any one of claims 1 to 8.
10. A readable storage medium, characterized by: the readable storage medium has stored thereon a computer program which, when being executed by a processor, carries out the steps of the attack behavior detection method according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110336028.2A CN113190837A (en) | 2021-03-29 | 2021-03-29 | Web attack behavior detection method and system based on file service system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110336028.2A CN113190837A (en) | 2021-03-29 | 2021-03-29 | Web attack behavior detection method and system based on file service system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113190837A true CN113190837A (en) | 2021-07-30 |
Family
ID=76974383
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110336028.2A Pending CN113190837A (en) | 2021-03-29 | 2021-03-29 | Web attack behavior detection method and system based on file service system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113190837A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113709154A (en) * | 2021-08-25 | 2021-11-26 | 平安国际智慧城市科技股份有限公司 | Browser security processing method and device, computer equipment and storage medium |
| CN113992409A (en) * | 2021-10-28 | 2022-01-28 | 上海钧正网络科技有限公司 | WebShell interception method, system, medium and computer equipment |
| CN114301627A (en) * | 2021-11-29 | 2022-04-08 | 北京天融信网络安全技术有限公司 | Uploaded file security scanning method and device and computer readable storage medium |
| CN117376033A (en) * | 2023-12-06 | 2024-01-09 | 浙江网商银行股份有限公司 | File processing method and device |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101465738A (en) * | 2007-12-17 | 2009-06-24 | 北京启明星辰信息技术股份有限公司 | Real time monitoring method and system for document transmission |
| CN103227992A (en) * | 2013-04-01 | 2013-07-31 | 南京理工大学常熟研究院有限公司 | Android terminal-based vulnerability scanning system |
| US9311479B1 (en) * | 2013-03-14 | 2016-04-12 | Fireeye, Inc. | Correlation and consolidation of analytic data for holistic view of a malware attack |
| CN105959335A (en) * | 2016-07-19 | 2016-09-21 | 腾讯科技(深圳)有限公司 | Network attack behavior detection method and related device |
| CN106411899A (en) * | 2016-09-30 | 2017-02-15 | 北京奇虎科技有限公司 | Security detection method and device for data files |
| CN109194739A (en) * | 2018-09-03 | 2019-01-11 | 中国平安人寿保险股份有限公司 | A kind of file uploading method, storage medium and server |
| CN109617996A (en) * | 2019-01-04 | 2019-04-12 | 平安科技(深圳)有限公司 | File uploads and method for down loading, server and computer readable storage medium |
| CN110086788A (en) * | 2019-04-17 | 2019-08-02 | 杭州安恒信息技术股份有限公司 | Deep learning WebShell means of defence based on cloud WAF |
| CN110224990A (en) * | 2019-07-17 | 2019-09-10 | 浙江大学 | A kind of intruding detection system based on software definition security architecture |
| US20200228561A1 (en) * | 2015-02-20 | 2020-07-16 | Authentic8, Inc. | Secure application for accessing web resources |
| CN111901337A (en) * | 2020-07-28 | 2020-11-06 | 中国平安财产保险股份有限公司 | File uploading method and system and storage medium |
| CN112182583A (en) * | 2020-09-27 | 2021-01-05 | 国网山东省电力公司电力科学研究院 | File uploading vulnerability detection method and system based on WEB application |
| CN112231603A (en) * | 2020-11-02 | 2021-01-15 | 深圳市欢太科技有限公司 | File downloading method, server, client and storage medium |
-
2021
- 2021-03-29 CN CN202110336028.2A patent/CN113190837A/en active Pending
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101465738A (en) * | 2007-12-17 | 2009-06-24 | 北京启明星辰信息技术股份有限公司 | Real time monitoring method and system for document transmission |
| US9311479B1 (en) * | 2013-03-14 | 2016-04-12 | Fireeye, Inc. | Correlation and consolidation of analytic data for holistic view of a malware attack |
| CN103227992A (en) * | 2013-04-01 | 2013-07-31 | 南京理工大学常熟研究院有限公司 | Android terminal-based vulnerability scanning system |
| US20200228561A1 (en) * | 2015-02-20 | 2020-07-16 | Authentic8, Inc. | Secure application for accessing web resources |
| CN105959335A (en) * | 2016-07-19 | 2016-09-21 | 腾讯科技(深圳)有限公司 | Network attack behavior detection method and related device |
| CN106411899A (en) * | 2016-09-30 | 2017-02-15 | 北京奇虎科技有限公司 | Security detection method and device for data files |
| CN109194739A (en) * | 2018-09-03 | 2019-01-11 | 中国平安人寿保险股份有限公司 | A kind of file uploading method, storage medium and server |
| CN109617996A (en) * | 2019-01-04 | 2019-04-12 | 平安科技(深圳)有限公司 | File uploads and method for down loading, server and computer readable storage medium |
| CN110086788A (en) * | 2019-04-17 | 2019-08-02 | 杭州安恒信息技术股份有限公司 | Deep learning WebShell means of defence based on cloud WAF |
| CN110224990A (en) * | 2019-07-17 | 2019-09-10 | 浙江大学 | A kind of intruding detection system based on software definition security architecture |
| CN111901337A (en) * | 2020-07-28 | 2020-11-06 | 中国平安财产保险股份有限公司 | File uploading method and system and storage medium |
| CN112182583A (en) * | 2020-09-27 | 2021-01-05 | 国网山东省电力公司电力科学研究院 | File uploading vulnerability detection method and system based on WEB application |
| CN112231603A (en) * | 2020-11-02 | 2021-01-15 | 深圳市欢太科技有限公司 | File downloading method, server, client and storage medium |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113709154A (en) * | 2021-08-25 | 2021-11-26 | 平安国际智慧城市科技股份有限公司 | Browser security processing method and device, computer equipment and storage medium |
| CN113709154B (en) * | 2021-08-25 | 2023-08-15 | 平安国际智慧城市科技股份有限公司 | Browser security processing method and device, computer equipment and storage medium |
| CN113992409A (en) * | 2021-10-28 | 2022-01-28 | 上海钧正网络科技有限公司 | WebShell interception method, system, medium and computer equipment |
| CN114301627A (en) * | 2021-11-29 | 2022-04-08 | 北京天融信网络安全技术有限公司 | Uploaded file security scanning method and device and computer readable storage medium |
| CN117376033A (en) * | 2023-12-06 | 2024-01-09 | 浙江网商银行股份有限公司 | File processing method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113190837A (en) | Web attack behavior detection method and system based on file service system | |
| US11652793B2 (en) | Dynamic firewall configuration | |
| US9929991B2 (en) | Just-in-time, email embedded URL reputation determination | |
| CN110213212B (en) | Equipment classification method and device | |
| EP3410336B1 (en) | Forensic analysis | |
| CN109862003B (en) | Method, device, system and storage medium for generating local threat intelligence library | |
| EP2869508A1 (en) | Method for receiving message, and deep packet inspection device and system | |
| TW201642135A (en) | Detecting malicious files | |
| CN109802919B (en) | Web page access intercepting method and device | |
| CN107786551B (en) | Method for accessing intranet server and device for controlling access to intranet server | |
| CN115134099B (en) | Network attack behavior analysis method and device based on full flow | |
| KR101503701B1 (en) | Method and Apparatus for Protecting Information Based on Big Data | |
| CN111010405B (en) | SaaS-based website security monitoring system | |
| CN107463839A (en) | A kind of system and method for managing application program | |
| CN111683162B (en) | IP address management method based on flow identification | |
| CN106254312B (en) | method and device for achieving server attack prevention through virtual machine heterogeneous | |
| CN111314301A (en) | Website access control method and device based on DNS (Domain name Server) analysis | |
| CN112671887A (en) | Asset identification method and device, electronic equipment and computer storage medium | |
| CN115883223A (en) | User risk portrait generation method and device, electronic equipment and storage medium | |
| CN108683631A (en) | A kind of method and system preventing scanning authority | |
| CN111756716A (en) | Flow detection method and device and computer readable storage medium | |
| CN113938314B (en) | Method and device for detecting encrypted traffic and storage medium | |
| CN113778709B (en) | Interface calling method, device, server and storage medium | |
| CN114417198A (en) | Phishing early warning method, phishing early warning device, phishing early warning system | |
| CN108768987B (en) | Data interaction method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210730 |