CN113572776A - Illegal intrusion detection device and method - Google Patents
Illegal intrusion detection device and method Download PDFInfo
- Publication number
- CN113572776A CN113572776A CN202110854802.9A CN202110854802A CN113572776A CN 113572776 A CN113572776 A CN 113572776A CN 202110854802 A CN202110854802 A CN 202110854802A CN 113572776 A CN113572776 A CN 113572776A
- Authority
- CN
- China
- Prior art keywords
- bait
- log
- unit
- database
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 46
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000004458 analytical method Methods 0.000 claims abstract description 37
- 230000008520 organization Effects 0.000 claims abstract description 9
- 238000004519 manufacturing process Methods 0.000 claims description 4
- 238000012544 monitoring process Methods 0.000 claims description 3
- 238000013500 data storage Methods 0.000 claims description 2
- 238000009434 installation Methods 0.000 claims description 2
- 230000009545 invasion Effects 0.000 abstract description 3
- 230000006399 behavior Effects 0.000 description 35
- 241000700605 Viruses Species 0.000 description 7
- 238000010586 diagram Methods 0.000 description 3
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000009385 viral infection Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
Abstract
An illegal intrusion detection device comprises a detection device, a file server, a first terminal, a second terminal, a mail server and an authentication server, wherein the detection device, the file server, the first terminal, the second terminal, the mail server and the authentication server are connected through a network in an organization; the attacker server carries out remote operation through the Internet, a firewall and a proxy server; the detection device comprises a bait generation unit and a log collection and analysis unit. A method of illegal intrusion detection is also disclosed. The device and the method can judge whether illegal invasion occurs due to human factors such as setting errors or operation errors.
Description
Technical Field
The present invention relates to an illegal entry detection device and method for detecting illegal entry into a network.
Background
In recent years, there has been an increase in targeted attacks for the purpose of reducing the size of targeted organizations and individuals, skillfully deceiving users to download and execute programs, maliciously infecting terminals inside organizations with malware unique to the target by means of unknown vulnerabilities, and the like, and for the purpose of stealing confidential information and destroying systems inside companies. Since malware for targeted attacks is made to avoid detection by antivirus software, it is difficult to prevent it by antivirus software.
In the conventional illegal entry detecting device, a behavior specifying an attack or an entry indicating illegal entry is stored in an information database in advance as information, a behavior operating on a terminal is monitored, and when the behavior matches the behavior information, the attack or the entry is detected as a method of performing illegal entry.
In addition, in the related art, for the purpose of detecting virus infection in a network, a server, a folder, an application, and the like are installed in advance on a monitoring network, a bait unit accessible via the network is installed, the intrusion of a virus is detected by detecting access to the bait unit, and when the intrusion of a virus is detected, a computer that is a transmission source of the virus is detected based on communication information of the bait at the time of the intrusion of the virus, thereby realizing a method of detecting an unknown virus.
In the related art intrusion detection device, what behavior is shown in normal operation and all the behaviors that are not shown in normal operation must be stored in a database for all the processes to be monitored, and detection omission occurs. In addition, it is difficult to display what behavior is actually displayed in normal operation for all processes that operate on a computer.
In the conventional virus detection method, it is impossible to determine whether or not the originator of the access bait is actually infected with a virus, or whether or not the access has occurred due to an artificial factor such as a setting error or an operation error.
Disclosure of Invention
The present invention has been made to solve the above-described problems, and is intended to detect the occurrence of a targeted attack by detecting an action of an attacker searching within an internal network of an organization when the attacker is allowed to invade the internal network of the organization from an external network of the organization by the targeted attack.
In order to solve the above-described problems, an illegal entry detection device according to the present invention is a bait generation unit that generates a bait for a device that can be accessed via a network, and a log collection unit behavior pattern database that collects records of access control for the bait generated by the bait generation unit, and stores a behavior pattern representing a pattern of an access control event observed when an attacker enters the network, and a record analysis unit that detects an entry of the attacker based on a degree of coincidence with the behavior pattern stored in the behavior pattern database.
Further, the illegal entry detection method of the present invention includes: a bait generating step in which a bait generating unit generates a bait for a device accessible via a network, a log collecting unit record collecting step, a behavior pattern database storing step in which a log for collecting access control to the bait generated by the bait generating unit stores a pattern representing an access control event observed when an attacker invades the network, and a log analyzing step in which a pattern of an event for access control to the bait contained in a log collected by the log collecting unit, a record analyzing step in which invasion of the attacker is detected based on a degree of coincidence with the behavior pattern stored in the behavior pattern database.
The log collection unit record collection step of the hack detecting method of the present invention includes generating a computer as a collector behavior pattern database of a device accessible via a network using a log collection unit, storing behavior patterns representing patterns of access control events observed when an attacker hacks the network, and detecting hacking behavior of the attacker by a record analysis unit based on a degree of coincidence with the behavior patterns stored in the behavior pattern database.
Further, a computer-readable recording medium of the illegal intrusion detection method of the present invention is an illegal intrusion detection method by a bait generation unit that generates a computer as a device accessible via a network, a log collection unit that collects access control logs generated by the bait generation unit, a pattern record of an event of access control to the bait contained in the logs collected by the log collection unit, and a record analysis unit that detects intrusion of an attacker based on a degree of coincidence with the behavior pattern stored in the behavior pattern database.
The intrusion of an attacker into an internal network can be detected by detecting an event that the attacker is likely to intrude into the internal network according to the presence or absence of access to a computer, and by discriminating the passing of a target type attack according to the behavior patterns of a user and a terminal accessing the computer.
Drawings
Fig. 1 is a schematic structural view of an illegal entry detecting apparatus according to the present invention.
FIG. 2 is a schematic view of the structure of the detecting unit 1 of the present invention.
Fig. 3 is a schematic diagram of the steps of bait production according to the invention.
FIG. 4 is a schematic diagram of the log collection procedure of the present invention.
FIG. 5 is a schematic diagram of the log analysis steps of the present invention.
Detailed Description
As shown in fig. 1, the intrusion detection device includes a detection device 1, a file server 2, a first terminal 3, a second terminal 4, a mail server 5, and an authentication server 6, and the detection device 1, the file server 2, the first terminal 3, the second terminal 4, the mail server 5, and the authentication server 6 are connected via a network 7 inside an organization. Further, the attacker server 8 is remotely operated through the internet 9, the firewall 10, and the proxy server 11, so that the first terminal 3 is infected with malware.
As shown in fig. 2, the detection apparatus 1 includes a bait generation unit 12 and a log collection and analysis unit 13. The bait creating unit 12 further includes a bait making registration unit 14, a bait information database 15, and a bait database 16. The log collection/analysis unit 13 includes a log collection unit 17, a log analysis unit 18, a log database 19, and a behavior pattern database 20.
In the behavior pattern database 20 of the log collection and analysis unit 13, pattern behaviors of events observed in the case where an attacker invades an internal network through a targeted attack are stored. Specifically, a pattern (behavior pattern) of events such as "authentication of a plurality of different users is performed from the same terminal", "access denial to a file or folder by a specific user account occurs more frequently than usual", "access to a suspicious website frequently from a specific terminal", "mail attached with a suspicious file is received by a user using a terminal", and the like are examples of the pattern of events.
In addition, the log database 19 of the log collection and analysis unit 13 stores logs collected from various devices such as the firewall 10, the proxy server 11, the mail server 5, the authentication server 6, the file server 2, the first terminal 3, and the second terminal 4. In the storage of the log, the log may be stored in a table created in accordance with the form of each log collected, but in the present invention, each log having a different form is converted into a single form like a record collection device generally called a "unified log management system".
In the file server 2, folders or files are saved as electronic data in a data storage unit. Here, the folder represents a decoy folder, and the file represents a decoy file. For the sake of convenience, these folders and files are shown as being distinguished from other folders and files for the sake of explanation of the present embodiment, but are not actually distinguished from other folders and files. It is assumed that the electronic data stored therein can be accessed from another first terminal 3 and second terminal 4 connected via the network 7 inside the organization.
Further, it is assumed that the electronic data on the file server 2 is set for access control based on proper user authentication by the authentication server 6. Therefore, in the case where a user without an access right accesses a folder or a file of electronic data, a log to which access is denied is recorded in the log database 19. In addition, in the case where access is permitted, a log is also recorded.
The log includes items such as date, data attribute (file access or user authentication), terminal name, user name, access control object name (folder path or file path), access control result (permission or rejection), user authentication result (permission or rejection), and the like.
The log of the access to the folder or the file recorded on the file server 2 is collected to the detection apparatus 1 via the network 7, and is stored in the log database 19 by the log collection unit 17 of the log collection and analysis unit 13. The log analysis unit 18 refers to the log collected in the detection device 1 from the log database 19, and analyzes the log to detect an unauthorized intrusion. In fig. 1, the detection apparatus 1 and other devices are connected via the network 7, but the detection apparatus 1 may collect records generated in each device on the network, and thus the configuration is not limited to that of fig. 1, and each device and the log collection network may be configured separately.
The illegal intrusion detection method of the illegal intrusion detection device comprises the following steps: (1) three steps of bait creation, (2) log collection, and (3) intrusion detection by log analysis.
Fig. 3 shows a procedure of creating a bait, and first, in step 101, the bait generating unit 12 acquires bait information currently set on the file server 2 by referring to the bait information database 15 through the bait production registering unit 14. The data structure of the bait information database 15 includes the name of the item of the bait, the file server name of the bait, the attribute of the bait (the difference between files and folders), the classification of the bait (individual, client, specification, etc.), and the path in which the bait is set on the file server (set path).
Next, in step 102, when there is a bait on the bait installation route acquired in step 101, the bait creating and registering unit 14 branches to yes and performs the process of step 103. If there is no bait, the flow branches no and the process proceeds to step 105.
Next, in step 103, the bait making registration unit 14 deletes the bait that has been set on the setting path from the file server 2, and in step 104, deletes the acquisition information deleted from the file server 2 from the bait information database 15.
Next, in step 105, the creation bait registration unit 14 accesses the file server 2 and randomly selects an arbitrary folder for creating a bait.
Then, in step 106, the bait making registration unit 14 randomly selects a folder or file of the bait with reference to the bait database 16.
The data structure of the bait database 16 includes the names of bait items, the attributes of the bait files (differences in files or folders), the classification of the bait (individual, customer, specification, etc.), and electronic data on which the bait is based is registered as a bait file. Further, since the folder is divided into a plurality of files below the folder, the plurality of files including the folder are compressed into one file and are collected. By presetting names which are interesting and accessible to attackers, the intrusion detection rate of the attackers can be improved.
Next, in step 107, the bait creation login unit 14 creates a bait in the folder selected in step 105.
Finally, in step 108, the bait creating login unit 14 registers the created bait information to the bait information database 15, and ends the operation of creating the bait.
The step of log collection, as shown in fig. 4, comprises using a log collection unit 17. First, in step 201, the log collection unit 17 determines whether or not logs are received from each device connected to the monitoring network 7. If the log is received, the flow branches to step 202, and if the log is not received, the log reception is waited for.
Next, in step 202, the log collection unit 17 sequentially stores the received logs in the log database 19.
The step of intrusion detection by log analysis as shown in fig. 5 comprises using a log analysis unit 18. Intrusion detection by log analysis is an operation when an occurrence of a bait set in the file server 2 occurs. When accessing the bait, the access control log transmitted from the file server 2 is monitored, and when the detection device 1 receives the access control log matching the acquisition information stored in the bait information database 15, it is determined that the access to the bait has occurred.
First, in step 301, the log analysis unit 18 first initializes the value of the counter X to 0.
Next, in step 302, the log analysis unit 18 reads a behavior pattern from the behavior pattern database 20.
Next, in step 303, if the reading of the behavior pattern is successful, the log analysis unit 18 branches yes and performs the process of step 304.
Next, in step 304, the log analysis unit 18 identifies the user and the terminal who have accessed the bait from the access-controlled log, and searches the log database 19 based on the information.
Next, when an event matching the behavior pattern read in 302 occurs as a result of searching the log database 19 in step 305, the log analysis unit 18 branches yes, adds 1 to the counter X in step 306, and returns to the process in step 302.
In step 305, if an event matching the behavior pattern is not detected, the process returns to step 302.
As described above, the processing from step 302 to step 306 is repeated, and when the reading of the behavior pattern fails in step 303, it is determined that the processing for all the items of the behavior pattern database 20 is completed, and the flow proceeds to the no branch to perform the processing of step 307.
next, in step 307, the log analysis unit 18 compares the value of the counter X at that time with a threshold value provided in advance, and if the counter X is equal to or greater than the threshold value, the flow branches yes, and in step 307, since the access frequency to the lure (counter X) is high as the degree of matching with the behavior pattern, it is determined that the target attack has occurred, and the process is terminated.
When the value of the counter X is smaller than the threshold value, the process is terminated as it is. In this case, the access to the generated bait is determined to be harmless access such as an operation error or a setting error of an authorized user.
As described above, an event that an attacker may invade the network inside the organization is detected based on the presence or absence of access to the computer, and whether or not the invasion of the attacker into the network inside the organization is detected by the targeted attack is determined based on the behavior patterns of the user and the terminal accessing the computer.
Further, by determining the occurrence of the target-type attack based on the frequency of access to the computer, it is possible to appropriately determine the effect of whether the access to the computer was erroneously accessed by an attacker or an authorized user.
Claims (8)
1. An illegal intrusion detection device comprises a detection device, a file server, a first terminal, a second terminal, a mail server and an authentication server, wherein the detection device, the file server, the first terminal, the second terminal, the mail server and the authentication server are connected through a network in an organization; the attacker server carries out remote operation through the Internet, a firewall and a proxy server;
the method is characterized in that: the detection device comprises a bait generation unit and a log collection and analysis unit;
the bait generating unit also comprises a bait manufacturing and logging unit, a bait information database and a bait database;
the log collection and analysis unit consists of a log collection unit, a log analysis unit, a log database and a behavior pattern database;
in a behavior pattern database of a log collection and analysis unit, a behavior pattern of an event observed in a case where an attacker invades an internal network by a targeted attack is stored;
the log database of the log collection and analysis unit stores logs collected from various devices such as a firewall, a proxy server, a mail server, an authentication server, a file server, a first terminal and a second terminal;
in the file server, saving the folder or the file as electronic data in a data storage unit;
logs regarding accesses to folders or files recorded on the file server are collected to the detecting device via a network, and are stored to the log database by a log collecting unit of the log collecting and analyzing unit.
2. The illegal intrusion detection device according to claim 1, characterized in that: the behavior patterns of the events include "authentication of a plurality of different users from the same terminal", "access denial of a specific user account to a file or folder occurs more than usual", "access to a suspicious website frequently from a specific terminal", "mail attached with a suspicious file is received by a user using a terminal".
3. The illegal intrusion detection device according to claim 2, characterized in that: the log comprises date, data attribute, terminal name, user name, access control object name, access control result and user authentication result.
4. The illegal intrusion detection device according to claim 3, characterized in that: the data attribute comprises file access or user authentication; the access control object name comprises a folder path or a file path; the access control result comprises a permission or a denial; the user authentication result includes permission or denial.
5. The illegal intrusion detection device according to claim 4, wherein: the log analysis unit refers to the log collected to the detection device from the log database, and analyzes the detection of the illegal intrusion.
6. A method of hacking detection using the hacking detecting device according to any one of claims 1 to 5; the method is characterized by comprising the following steps:
step 1: creating a bait; step 2: collecting logs; and step 3: intrusion detection by log analysis;
the step 1 of creating the bait comprises the following steps:
step 101, a bait generating unit refers to a bait information database through a bait making and registering unit to obtain bait information currently arranged on a file server;
step 102, when the bait obtained in step 101 has a bait on the installation route, the bait creating/registering unit branches yes and performs the process of step 103; if there is no bait, the flow branches no to perform the process of step 105;
103, the bait making and logging unit deletes the set bait on the set path from the file server;
104, deleting the decoy information deleted from the file server from the decoy information database;
105, creating a bait login unit to access a file server, and randomly selecting any folder for manufacturing a bait;
106, the bait making and registering unit randomly selects a bait folder or a bait file according to the bait database;
step 107, the bait creating and registering unit creates a bait in the folder selected in the step;
finally, in step 108, the bait creation login unit registers the created bait information to the bait information database, and ends the operation of creating the bait.
The step 2 of collecting logs comprises the following steps:
step 201, a log collection unit judges whether a log is received from each device connected to a monitoring network; in case a log is received, go to step 202; waiting for receiving the log in case that the log is not received;
step 202, the log collection unit stores the received logs in a log database in sequence;
the step 3 of performing intrusion detection through log analysis includes:
step 301, the log analysis unit initializes the counter X of the bait to 0;
step 302, the log analysis unit reads a behavior pattern from the behavior pattern database;
step 303, the log analysis unit enters a yes branch to perform the processing of step 304 when the reading of the behavior pattern is successful;
step 304, the log analysis unit determines the user and the terminal which have accessed the bait according to the log of the access control, and retrieves a log database based on the information;
in step 305, when the log analysis unit has searched the log database and an event matching the behavior pattern read in step 302 has occurred as a result of the search, the log analysis unit branches yes; in the case where no event in accordance with the behavior pattern is detected, return is made to the processing of step 302;
step 306, adding 1 to the counter X and returning to the processing of step 302;
as described above, the processing from step 302 to step 306 is repeated, and when the reading of the behavior pattern fails in step 303, it is determined that the processing for all the items of the behavior pattern database 20 is completed, and the flow proceeds to the no branch to perform the processing of step 307;
in step 307, the log analysis unit compares the value of the counter X at that time with a threshold value provided in advance, and if the counter X is equal to or greater than the threshold value, the flow branches yes, and in step 307, since the access frequency to the bait is high as the degree of matching with the behavior pattern, it is determined that the target attack has occurred, and the process is terminated.
7. A method of hack detection as claimed in claim 6; the method is characterized in that: in step 307, when the value of the counter X is smaller than the threshold value, the process is terminated as it is.
8. A method of hack detection as claimed in claim 7; the method is characterized in that: if the value of the counter X is smaller than the threshold value, the access to the generated bait is determined to be an access harmless to the authorized user, such as an operation error or a setting error.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110854802.9A CN113572776A (en) | 2021-07-27 | 2021-07-27 | Illegal intrusion detection device and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110854802.9A CN113572776A (en) | 2021-07-27 | 2021-07-27 | Illegal intrusion detection device and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113572776A true CN113572776A (en) | 2021-10-29 |
Family
ID=78168312
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110854802.9A Pending CN113572776A (en) | 2021-07-27 | 2021-07-27 | Illegal intrusion detection device and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113572776A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114244589A (en) * | 2021-12-07 | 2022-03-25 | 国网福建省电力有限公司 | Intelligent firewall and method based on AAA authentication and authorization information |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2013218640A (en) * | 2012-04-12 | 2013-10-24 | Mitsubishi Electric Corp | Illegal access detection device, illegal access detection method and program |
| WO2014103115A1 (en) * | 2012-12-26 | 2014-07-03 | 三菱電機株式会社 | Illicit intrusion sensing device, illicit intrusion sensing method, illicit intrusion sensing program, and recording medium |
| CN112187719A (en) * | 2020-08-31 | 2021-01-05 | 新浪网技术(中国)有限公司 | Information acquisition method and device of attacked server and electronic equipment |
-
2021
- 2021-07-27 CN CN202110854802.9A patent/CN113572776A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2013218640A (en) * | 2012-04-12 | 2013-10-24 | Mitsubishi Electric Corp | Illegal access detection device, illegal access detection method and program |
| WO2014103115A1 (en) * | 2012-12-26 | 2014-07-03 | 三菱電機株式会社 | Illicit intrusion sensing device, illicit intrusion sensing method, illicit intrusion sensing program, and recording medium |
| CN112187719A (en) * | 2020-08-31 | 2021-01-05 | 新浪网技术(中国)有限公司 | Information acquisition method and device of attacked server and electronic equipment |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114244589A (en) * | 2021-12-07 | 2022-03-25 | 国网福建省电力有限公司 | Intelligent firewall and method based on AAA authentication and authorization information |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7555777B2 (en) | Preventing attacks in a data processing system | |
| US10601848B1 (en) | Cyber-security system and method for weak indicator detection and correlation to generate strong indicators | |
| JP4364901B2 (en) | Attack database structure | |
| CN111600856B (en) | Safety system of operation and maintenance of data center | |
| KR101689298B1 (en) | Automated verification method of security event and automated verification apparatus of security event | |
| US9311476B2 (en) | Methods, systems, and media for masquerade attack detection by monitoring computer user behavior | |
| CN110730175B (en) | Botnet detection method and detection system based on threat information | |
| US9055093B2 (en) | Method, system and computer program product for detecting at least one of security threats and undesirable computer files | |
| WO2014103115A1 (en) | Illicit intrusion sensing device, illicit intrusion sensing method, illicit intrusion sensing program, and recording medium | |
| CN111786966A (en) | Method and device for browsing webpage | |
| CN103428196A (en) | URL white list-based WEB application intrusion detecting method and apparatus | |
| KR102222377B1 (en) | Method for Automatically Responding to Threat | |
| CN110188538B (en) | Method and device for detecting data by adopting sandbox cluster | |
| CN110868403B (en) | Method and equipment for identifying advanced persistent Attack (APT) | |
| CN107666464B (en) | Information processing method and server | |
| CN111510463B (en) | Abnormal behavior recognition system | |
| Bortolameotti et al. | Headprint: detecting anomalous communications through header-based application fingerprinting | |
| CN108040036A (en) | A kind of industry cloud Webshell safety protecting methods | |
| CN113572776A (en) | Illegal intrusion detection device and method | |
| CN113572778A (en) | Method for detecting illegal network intrusion | |
| CN116055083B (en) | Method for improving network security and related equipment | |
| US11770388B1 (en) | Network infrastructure detection | |
| KR20050095147A (en) | Hacking defense apparatus and method with hacking type scenario | |
| CN116915419A (en) | Network threat protection method, device, equipment and medium | |
| CN111859363A (en) | Method and device for identifying unauthorized application access and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| DD01 | Delivery of document by public notice |
Addressee: Wen Yanmei Document name: Deemed withdrawal notice |
|
| DD01 | Delivery of document by public notice | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20211029 |
|
| WD01 | Invention patent application deemed withdrawn after publication |