CN113612768B - Network protection method and related device - Google Patents

Network protection method and related device Download PDF

Info

Publication number
CN113612768B
CN113612768B CN202110878831.9A CN202110878831A CN113612768B CN 113612768 B CN113612768 B CN 113612768B CN 202110878831 A CN202110878831 A CN 202110878831A CN 113612768 B CN113612768 B CN 113612768B
Authority
CN
China
Prior art keywords
network address
detection devices
network
suspicious
target detection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110878831.9A
Other languages
Chinese (zh)
Other versions
CN113612768A (en
Inventor
吴俊松
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Knownsec Information Technology Co Ltd
Original Assignee
Beijing Knownsec Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Knownsec Information Technology Co Ltd filed Critical Beijing Knownsec Information Technology Co Ltd
Priority to CN202110878831.9A priority Critical patent/CN113612768B/en
Publication of CN113612768A publication Critical patent/CN113612768A/en
Application granted granted Critical
Publication of CN113612768B publication Critical patent/CN113612768B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

In the network protection method and the related device provided by the application, the protection equipment acquires the suspicious network address and determines the suspicious network address as the network address to be intercepted when the access characteristic of the suspicious network address meets the interception condition. The suspicious network address is detected by at least two target detection devices in the plurality of abnormal detection devices, and the access characteristic is provided by the at least two target detection devices, so that the network address to be intercepted determined based on the access characteristic is more accurate.

Description

Network protection method and related device
Technical Field
The present application relates to the field of networks, and in particular, to a network protection method and related devices.
Background
As the degree of networking increases, the network security problem becomes more serious. For example, since DDoS attack has features of low cost and high yield, protection against DDoS is one of the more serious problems.
In order to improve network security, a plurality of anomaly detection devices are deployed in some network clusters to detect possible network attacks. However, the inventor researches and discovers that the detection results of a plurality of abnormal detection devices are relatively independent at present, and the identification result of a single abnormal detection device is accidental, so that misjudgment is easy to generate, and the service quality of a network cluster is affected.
Disclosure of Invention
In order to overcome at least one of the disadvantages in the prior art, an embodiment of the present application provides a network protection method and related device, including:
in a first aspect, this embodiment provides a network protection method, which is applied to a protection device in a cluster, where the protection device is communicatively connected to a plurality of abnormality detection devices in the cluster, and the method includes:
acquiring a suspicious network address; wherein the suspicious network address is detected by at least two object detection devices of the plurality of anomaly detection devices;
according to the suspicious network address, access characteristics of the suspicious network address are obtained, wherein the access characteristics are provided by detection of the at least two target detection devices;
and if the access characteristic meets the interception condition, determining the suspicious network address as the network address to be intercepted.
In a second aspect, the present embodiment provides a network protection device, which is applied to a protection device in a cluster, where the protection device is communicatively connected to a plurality of abnormality detection devices in the cluster, and the network protection device includes:
the website acquisition module is used for acquiring suspicious network addresses; wherein the suspicious network address is a network address detected by at least two target detection devices of the plurality of anomaly detection devices;
the feature acquisition module is used for acquiring access features of the suspicious network address according to the suspicious network address, wherein the access features are provided by the detection of the at least two target detection devices;
and the feature processing module is used for determining the suspicious network address as the network address to be intercepted if the access feature meets the interception condition.
In a third aspect, the present embodiment provides a protection device, where the protection device includes a processor and a memory, where the memory stores a computer program, and the computer program implements the network protection method when executed by the processor.
In a fourth aspect, the present embodiment provides a computer storage medium storing a computer program, where the computer program when executed by a processor implements the network protection method.
In a fifth aspect, the present embodiment provides a computer program product comprising a computer program/instruction which, when executed by a processor, implements the network protection method.
Compared with the prior art, the application has the following beneficial effects:
in the network protection method and the related device provided in this embodiment, the protection device obtains a suspicious network address, and determines the suspicious network address as a network address to be intercepted when the access characteristic of the suspicious network address meets the interception condition. The suspicious network address is detected by at least two target detection devices in the plurality of abnormal detection devices, and the access characteristic is provided by the at least two target detection devices, so that the network address to be intercepted determined based on the access characteristic is more accurate.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a cluster according to an embodiment of the present application;
FIG. 2 is a second exemplary embodiment of a cluster diagram;
FIG. 3 is a schematic diagram of a protective device according to an embodiment of the present application;
fig. 4 is a flow chart of a network protection method according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a network protection device according to an embodiment of the present application.
Icon: 120-memory; 130-a processor; 140-communication means; 201-a website acquisition module; 202-a feature acquisition module; 203-feature processing module.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments of the present application. The components of the embodiments of the present application generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the application, as presented in the figures, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
In the description of the present application, it should be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
It should be understood that the operations of the flow diagrams may be implemented out of order and that steps without logical context may be performed in reverse order or concurrently. Moreover, one or more other operations may be added to or removed from the flow diagrams by those skilled in the art under the direction of the present disclosure.
As shown in fig. 1, the present embodiment provides a schematic structural diagram of a cluster, where the cluster includes a plurality of anomaly detection devices. The anomaly detection devices can determine an anomaly network address from the accessed network addresses through a preset anomaly detection strategy or a deployed machine learning model, and intercept the anomaly network address. Or providing an abnormality detection device, deploying the abnormality detection device in an intranet environment, and detecting abnormality of network traffic flowing through the intranet.
However, the single anomaly detection device is relatively independent, so that the detected anomaly network address has a certain contingency, and a normal network address is easily determined as an anomaly network address and is intercepted, so that the quality of network service is reduced.
In view of this, the present embodiment provides a network protection method applied to protection devices in a cluster. As shown in fig. 2, the protection device is further in communication connection with a plurality of anomaly detection devices in the cluster, and is configured to screen out suspicious network addresses from the anomaly network addresses detected by the anomaly detection devices, and combine access features provided by at least two target detection devices that detect the suspicious network addresses to determine whether the suspicious network addresses are network addresses to be intercepted.
The specific type of the protection device can be a single server in a cluster or a server group. If the guard is a server farm, the server farm may be centralized or distributed (e.g., the servers may be distributed systems). In some embodiments, the guard device may be implemented on a cloud platform; for example only, the cloud platform may include a private cloud, public cloud, hybrid cloud, community cloud (community cloud), distributed cloud, inter-cloud (inter-cloud), multi-cloud (multi-cloud), and the like, or any combination thereof. In some embodiments, the protective device may be implemented on an electronic device having one or more components.
The device corresponding to the suspicious network address in this embodiment may be, but is not limited to, a mobile terminal, a tablet computer, a laptop computer, a built-in device in a motor vehicle, or the like, or any combination thereof. In some embodiments, the mobile terminal may include a smart home device, a wearable device, a smart mobile device, a virtual reality device, or an augmented reality device, or the like, or any combination thereof.
In some embodiments, the smart home device may include a smart lighting device, a control device for a smart appliance device, a smart monitoring device, a smart television, a smart video camera, or an intercom, or the like, or any combination thereof. In some embodiments, the wearable device may include a smart bracelet, a smart lace, a smart glass, a smart helmet, a smart watch, a smart garment, a smart backpack, a smart accessory, etc., or any combination thereof.
In some embodiments, the smart mobile device may include a smart phone, a personal digital assistant (Personal Digital Assistant, PDA), a gaming device, a navigation device, or a point of sale (POS) device, or the like, or any combination thereof.
Before describing the network protection method provided in this embodiment, in order to facilitate understanding of the present solution by those skilled in the art, the following description will first describe the structure of the protection device.
The embodiment provides a schematic structural diagram of the protection device. As shown in fig. 3, the guard includes a memory 120, a processor 130, and a communication device 140.
The memory 120, the processor 130, and the communication device 140 are electrically connected directly or indirectly to each other to realize data transmission or interaction. For example, the components may be electrically connected to each other via one or more communication buses or signal lines.
The Memory 120 may be, but is not limited to, a random access Memory (Random Access Memory, RAM), a Read Only Memory (ROM), a programmable Read Only Memory (Programmable Read-Only Memory, PROM), an erasable Read Only Memory (Erasable Programmable Read-Only Memory, EPROM), an electrically erasable Read Only Memory (Electric Erasable Programmable Read-Only Memory, EEPROM), etc. The memory 120 is used for storing a program, and the processor 130 executes the program after receiving an execution instruction.
The communication device 140 is used for establishing a communication connection between a server and a user terminal through a network, and for transceiving data through the network. The network may include a wired network, a wireless network, a fiber optic network, a telecommunications network, an intranet, the internet, a local area network (LocalArea Network, LAN), a wide area network (Wide Area Network, WAN), a wireless local area network (Wireless Local Area Networks, WLAN), a metropolitan area network (Metropolitan Area Network, MAN), a wide area network (Wide Area Network, WAN), a public switched telephone network (Public Switched Telephone Network, PSTN), a bluetooth network, a ZigBee network, a near field communication (Near Field Communication, NFC) network, or the like, or any combination thereof. In some embodiments, the network may include one or more network access points. For example, the network may include wired or wireless network access points, such as base stations and/or network switching nodes, through which one or more components of the service request processing system may connect to the network to exchange data and/or information.
The processor 130 may be an integrated circuit chip with signal processing capabilities and may include one or more processing cores (e.g., a single-core processor or a multi-core processor). By way of example only, the processors may include a central processing unit (Central Processing Unit, CPU), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), a special instruction set Processor (Application Specific Instruction-set Processor, ASIP), a graphics processing unit (Graphics Processing Unit, GPU), a physical processing unit (Physics Processing Unit, PPU), a digital signal Processor (Digital Signal Processor, DSP), a field programmable gate array (Field Programmable Gate Array, FPGA), a programmable logic device (Programmable Logic Device, PLD), a controller, a microcontroller unit, a reduced instruction set computer (Reduced Instruction Set Computing, RISC), a microprocessor, or the like, or any combination thereof.
Based on the above description of the protection device and the application scenario, the following describes the method including the steps in detail with reference to the flowchart of the network protection method shown in fig. 4. As shown in fig. 4, the method includes:
step S101, obtaining a suspicious network address.
Wherein the suspicious network address is detected by at least two object detection devices of the plurality of abnormality detection devices.
Illustratively, the guard device receives at least one abnormal network address detected by each abnormal detection device, and then, for each abnormal network address, determines the abnormal network address as a suspicious network address when the abnormal network address is detected by at least two object detection devices among the plurality of abnormal detection devices.
Step S102, according to the suspicious network address, the access characteristic of the suspicious network address is obtained.
Wherein the access characteristic is provided by at least two object detection devices detection.
Step S103, if the access characteristic meets the interception condition, determining the suspicious network address as the network address to be intercepted.
Based on the design, the protection equipment acquires the suspicious network address and determines the suspicious network address as the network address to be intercepted when the access characteristic of the suspicious network address meets the interception condition. The suspicious network address is detected by at least two target detection devices in the plurality of abnormal detection devices, and the access characteristic is provided by the at least two target detection devices, so that the network address to be intercepted determined based on the access characteristic is more accurate.
It should be noted that, for an abnormal network address detected by only a single object detection device of the plurality of abnormality detection devices, another set of interception conditions is used to discriminate it. For example, when the guard device detects that the number of accesses, the frequency of accesses, and the access period of the abnormal network address satisfy the set interception condition, the abnormal network address is determined as the network address to be intercepted.
In addition, in this embodiment, the protection device further configures the network address to be intercepted to the firewall, so that the firewall intercepts the access request of the network address to be intercepted.
The firewall may be a firewall in a network environment where the protection device is located, or may be another firewall outside the network environment where the protection device is located. For example, the firewall may also be a firewall deployed in other single sign-on network environments. It should be noted that, the single sign-on in this embodiment is configured to manage access rights of multiple systems independent of each other, so that a user may access one or more systems using a single user name and password; thus avoiding the need to use different user names and passwords in the process of switching the system. Such as a banking intranet environment, a hospital intranet environment, various large enterprise organization intranet environments, and the like.
Therefore, in some embodiments, the protection device may further provide a display device, and display the network address to be intercepted to the display device, so as to remind an operator of the single sign-on system to configure the network address to be intercepted to a firewall of the system, so that the firewall intercepts an access request of the network address to be intercepted.
The embodiment provides a plurality of interception conditions for adapting to different requirements on detection precision. In one embodiment, the access characteristic includes a total number of accesses by which the suspicious network address is detected by the at least two object detection devices. And if the guard equipment detects that the total access times of the network addresses exceeds the set times threshold, determining the network addresses to be intercepted as the network addresses.
Illustratively, it is assumed that the network address is detected by 5 object detection devices, specifically including device a, device B, device C, device D, and device E. Whereas device a detected 5 times, device B detected 1 time, device C detected 3 times, device D detected 7 times, and device E detected 2 times, the total number of accesses was 18 times. And, assuming that the threshold number of times is 15, since the total number of accesses of the possible network address exceeds 18 times, the suspicious network address is the network address to be intercepted.
In another embodiment, the access characteristic includes a device number of the at least two object detection devices. And if the protection equipment detects that the number of the equipment is larger than the number threshold, determining the suspicious network address as the network address to be intercepted.
By way of example, assuming a number threshold of 5 and a number of target detection devices of 7, the suspicious network address is the network address to be intercepted.
Further, in order to make the detection of the intercepted network address more objective and accurate, in another embodiment, the total number of accesses of the suspicious network address and the number of devices of the target detection device are considered. The access characteristic comprises the total number of accesses of the suspicious network address detected by at least two target detection devices and the number of devices of the target detection devices, and the data processing device performs weighted summation according to the respective weights of the total number of accesses and the number of devices to obtain an interception evaluation score; and then, if the interception evaluation score is greater than the score threshold, determining the suspicious network address as the network address to be intercepted.
By way of example, assume that the total number of detected accesses to the suspicious network address is 10, and the number of devices of the target detection device is 7; and the weight of each of the total number of accesses and the number of devices is 0.5.
In addition, in order to measure the total number of accesses and the number of devices in a unified scale, in this embodiment, normalization processing is performed on the total number of accesses and the number of devices. Also assume that the number threshold of total number of accesses is 15, and the number threshold of target detection devices is 5; the total number of accesses is normalized by 10/15 and the number of devices is normalized by 7/5, so the final intercept evaluation score is: 10/15 x 0.5+7/5 x 0.5=1.03. If the score threshold is 1, the suspicious network address is the network address to be intercepted.
It should be noted that, the total number of accesses and the number of devices of the target device are all obtained by statistics in a preset period, and the score threshold, the number threshold and the number threshold are suspected to be properly adjusted by a person skilled in the art according to needs, which is not specifically limited in this embodiment.
In addition, the person skilled in the art can add access characteristics appropriately according to the requirement to improve the identification accuracy of the network address to be intercepted. For example, the access characteristic includes a total number of accesses by which the suspicious network address is detected by at least two target detection apparatuses, the number of apparatuses of the target detection apparatuses, and an access frequency at which the network address is possible; the protection equipment obtains interception evaluation scores according to the total number of accesses, the number of equipment and the respective weights of the access frequencies, and if the interception evaluation scores are greater than a score threshold, the suspicious network address is determined to be the network address to be intercepted.
Based on the same inventive concept as the network protection method provided in the present embodiment, the present embodiment further provides a corresponding apparatus, which specifically includes:
the embodiment provides a network protection device, which is applied to protection equipment in a cluster, wherein the protection equipment is in communication connection with a plurality of abnormality detection equipment in the cluster. The network guard includes at least one functional module that may be stored in memory in the form of software. As shown in fig. 5, functionally divided, the network guard includes:
a website acquisition module 201, configured to acquire a suspicious network address; wherein the suspicious network address is a network address detected by at least two object detection devices of the plurality of abnormality detection devices.
In this embodiment, the website obtaining module 201 is used to implement step S101 in fig. 4, and for a detailed description of the website obtaining module 201, reference may be made to the detailed description of step S101.
The feature acquisition module 202 is configured to acquire an access feature of the suspicious network address according to the suspicious network address, where the access feature is detected and provided by at least two object detection devices.
In this embodiment, the feature acquisition module 202 is used to implement step S102 in fig. 4, and for a detailed description of the feature acquisition module 202, reference may be made to the detailed description of step S102.
The feature processing module 203 is configured to determine that the suspicious network address is a network address to be intercepted if the access feature satisfies the interception condition.
In this embodiment, the feature processing module 203 is configured to implement step S103 in fig. 4, and for a detailed description of the feature processing module 203, reference may be made to the detailed description of step S103.
It should be noted that the network protection device may also include other software functional modules for implementing other steps or sub-steps of the network protection method. Alternatively, the website obtaining module 201, the feature obtaining module 202, and the feature processing module 203 may be used to implement other steps or sub-steps of the network protection method, which are not limited in this embodiment, and may be appropriately adjusted according to different module division criteria by those skilled in the art.
The embodiment provides a protection device, which comprises a processor and a memory, wherein the memory stores a computer program, and the network protection method is realized when the computer program is executed by the processor.
The present embodiment provides a computer storage medium storing a computer program, which when executed by a processor, implements the network protection method.
The present embodiments provide a computer program product comprising a computer program/instruction which, when executed by a processor, implements the network protection method.
In summary, in the network protection method and the related device provided by the embodiments of the present application, the protection device obtains the suspicious network address, and determines the suspicious network address as the network address to be intercepted when the access feature of the suspicious network address meets the interception condition. The suspicious network address is detected by at least two target detection devices in the plurality of abnormal detection devices, and the access characteristic is provided by the at least two target detection devices, so that the network address to be intercepted determined based on the access characteristic is more accurate.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The apparatus embodiments described above are merely illustrative, for example, of the flowcharts and block diagrams in the figures that illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form a single part, or each module may exist alone, or two or more modules may be integrated to form a single part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The above description is merely illustrative of various embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think about variations or substitutions within the scope of the present application, and the application is intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (5)

1. A network protection method, applied to a protection device in a cluster, where the protection device is communicatively connected to a plurality of abnormality detection devices in the cluster, the method comprising:
acquiring a suspicious network address; wherein the suspicious network address is detected by at least two object detection devices of the plurality of anomaly detection devices;
according to the suspicious network address, obtaining access characteristics of the suspicious network address, wherein the access characteristics are provided by the detection of the at least two target detection devices, and the access characteristics comprise the total number of times of access of the suspicious network address detected by the at least two target detection devices and the number of devices of the target detection devices;
carrying out weighted summation on the ratio between the total number of accesses and the number threshold of the total number of accesses and the ratio between the number of devices and the number threshold of target detection devices to obtain an interception evaluation score;
and if the interception evaluation score is greater than a score threshold, determining the suspicious network address as the network address to be intercepted.
2. The network protection method of claim 1, further comprising:
and configuring the network address to be intercepted to a firewall so that the firewall intercepts the access request of the network address to be intercepted.
3. A network guard for use with a guard device in a cluster, the guard device in communication with a plurality of anomaly detection devices in the cluster, the network guard comprising:
the website acquisition module is used for acquiring suspicious network addresses; wherein the suspicious network address is a network address detected by at least two target detection devices of the plurality of anomaly detection devices;
the feature acquisition module is used for acquiring access features of the suspicious network address according to the suspicious network address, wherein the access features are provided by the detection of the at least two target detection devices, and the access features comprise the total number of accesses of the suspicious network address detected by the at least two target detection devices and the number of devices of the target detection devices;
the characteristic processing module is used for carrying out weighted summation on the ratio between the total number of accesses and the number threshold value of the total number of accesses and the ratio between the number of devices and the number threshold value of the target detection device to obtain an interception evaluation score;
and if the interception evaluation score is greater than a score threshold, determining the suspicious network address as the network address to be intercepted.
4. A protection device comprising a processor and a memory, the memory storing a computer program which, when executed by the processor, implements the network protection method of any of claims 1-2.
5. A computer storage medium, characterized in that the computer storage medium stores a computer program which, when executed by a processor, implements the network protection method according to any one of claims 1-2.
CN202110878831.9A 2021-08-02 2021-08-02 Network protection method and related device Active CN113612768B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110878831.9A CN113612768B (en) 2021-08-02 2021-08-02 Network protection method and related device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110878831.9A CN113612768B (en) 2021-08-02 2021-08-02 Network protection method and related device

Publications (2)

Publication Number Publication Date
CN113612768A CN113612768A (en) 2021-11-05
CN113612768B true CN113612768B (en) 2023-10-17

Family

ID=78306401

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110878831.9A Active CN113612768B (en) 2021-08-02 2021-08-02 Network protection method and related device

Country Status (1)

Country Link
CN (1) CN113612768B (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102801738A (en) * 2012-08-30 2012-11-28 中国人民解放军国防科学技术大学 Distributed DoS (Denial of Service) detection method and system on basis of summary matrices
WO2014063622A1 (en) * 2012-10-24 2014-05-01 Tencent Technology (Shenzhen) Company Limited Method and system for detecting website visit attempts by browsers
CN104391979A (en) * 2014-12-05 2015-03-04 北京国双科技有限公司 Malicious web crawler recognition method and device
CN106685899A (en) * 2015-11-09 2017-05-17 阿里巴巴集团控股有限公司 Method and device for identifying malicious access
CN107370724A (en) * 2017-06-09 2017-11-21 北京易华录信息技术股份有限公司 A kind of distributed cloud computing system
CN108667856A (en) * 2018-08-10 2018-10-16 广东电网有限责任公司 A kind of network anomaly detection method, device, equipment and storage medium
CN109347876A (en) * 2018-11-29 2019-02-15 深圳市网心科技有限公司 A kind of safety defense method and relevant apparatus
CN109756456A (en) * 2017-11-06 2019-05-14 中兴通讯股份有限公司 A kind of method, the network equipment and readable storage medium storing program for executing improving network equipment safety
CN109886290A (en) * 2019-01-08 2019-06-14 平安科技(深圳)有限公司 Detection method, device, computer equipment and the storage medium of user's request
CN111092881A (en) * 2019-12-12 2020-05-01 杭州安恒信息技术股份有限公司 Access interception method, device, equipment and readable storage medium
CN112468478A (en) * 2020-11-23 2021-03-09 杭州贝嘟科技有限公司 Attack interception method and device, computer equipment and storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103116723A (en) * 2013-02-06 2013-05-22 北京奇虎科技有限公司 Method, device and system of web site interception process

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102801738A (en) * 2012-08-30 2012-11-28 中国人民解放军国防科学技术大学 Distributed DoS (Denial of Service) detection method and system on basis of summary matrices
WO2014063622A1 (en) * 2012-10-24 2014-05-01 Tencent Technology (Shenzhen) Company Limited Method and system for detecting website visit attempts by browsers
CN104391979A (en) * 2014-12-05 2015-03-04 北京国双科技有限公司 Malicious web crawler recognition method and device
CN106685899A (en) * 2015-11-09 2017-05-17 阿里巴巴集团控股有限公司 Method and device for identifying malicious access
CN107370724A (en) * 2017-06-09 2017-11-21 北京易华录信息技术股份有限公司 A kind of distributed cloud computing system
CN109756456A (en) * 2017-11-06 2019-05-14 中兴通讯股份有限公司 A kind of method, the network equipment and readable storage medium storing program for executing improving network equipment safety
CN108667856A (en) * 2018-08-10 2018-10-16 广东电网有限责任公司 A kind of network anomaly detection method, device, equipment and storage medium
CN109347876A (en) * 2018-11-29 2019-02-15 深圳市网心科技有限公司 A kind of safety defense method and relevant apparatus
CN109886290A (en) * 2019-01-08 2019-06-14 平安科技(深圳)有限公司 Detection method, device, computer equipment and the storage medium of user's request
CN111092881A (en) * 2019-12-12 2020-05-01 杭州安恒信息技术股份有限公司 Access interception method, device, equipment and readable storage medium
CN112468478A (en) * 2020-11-23 2021-03-09 杭州贝嘟科技有限公司 Attack interception method and device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN113612768A (en) 2021-11-05

Similar Documents

Publication Publication Date Title
JP6735021B2 (en) User interface for secure and remote management of network endpoints
ES2898869T3 (en) System and methods for automatic device detection
CN105745869B (en) For regional network/home network security gateway
EP3221793B1 (en) Method and system for detecting threats using passive cluster mapping
US20200213324A1 (en) Discovering and evaluating privileged entities in a network environment
US10148683B1 (en) ATO threat detection system
US9954881B1 (en) ATO threat visualization system
CN108768926A (en) The tracking and alleviation of infected host equipment
CN105991694B (en) A kind of method and apparatus realizing Distributed Services and calling
CN110084034A (en) A kind of cipher set-up method, storage medium and electronic equipment based on weak passwurd detection
CN109743294A (en) Interface access control method, device, computer equipment and storage medium
US11521231B2 (en) Fraud prevention in programmatic advertising
US20230362142A1 (en) Network action classification and analysis using widely distributed and selectively attributed sensor nodes and cloud-based processing
CN108520177A (en) Application software management method and device, mobile terminal and readable storage medium
CN105100048B (en) WiFi network secure authentication method, server, client terminal device and system
CN113468515A (en) User identity authentication method and device, electronic equipment and storage medium
EP3500925B1 (en) System and method for wireless network security
WO2013022655A1 (en) Delivering data from a range of input devices over a secure path to trusted services in a secure element
CN113612768B (en) Network protection method and related device
CN114240060A (en) Risk control method, risk processing system, risk processing device, server, and storage medium
WO2018166142A1 (en) Authentication processing method and apparatus
CN106790071A (en) A kind of DNS full flows kidnap the detection method and device of risk
CN111132142A (en) Security defense method and device
CN113365272B (en) Method and system for preventing network from being rubbed
US20180268034A1 (en) Triggered scanning using provided configuration information

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant