CN113949528A - Access control method and device based on flow data, storage medium and equipment - Google Patents
Access control method and device based on flow data, storage medium and equipment Download PDFInfo
- Publication number
- CN113949528A CN113949528A CN202111056404.9A CN202111056404A CN113949528A CN 113949528 A CN113949528 A CN 113949528A CN 202111056404 A CN202111056404 A CN 202111056404A CN 113949528 A CN113949528 A CN 113949528A
- Authority
- CN
- China
- Prior art keywords
- data
- access request
- http
- access
- attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 230000009467 reduction Effects 0.000 claims description 16
- 238000004891 communication Methods 0.000 claims description 15
- 238000007781 pre-processing Methods 0.000 claims description 6
- 230000009466 transformation Effects 0.000 claims description 6
- 238000003032 molecular docking Methods 0.000 claims description 5
- 210000001503 joint Anatomy 0.000 abstract 1
- 238000000513 principal component analysis Methods 0.000 description 9
- 238000012545 processing Methods 0.000 description 5
- 238000013459 approach Methods 0.000 description 4
- 230000004044 response Effects 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000010801 machine learning Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000011022 operating instruction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Abstract
The embodiment of the invention discloses an access control method, device, storage medium and equipment based on flow data, wherein after an HTTP/HTTPS flow port of a WEB application program is connected in a butt joint mode, an access request can be received through the HTTP/HTTPS flow port without modifying the setting of a WEB server port, so that the workload of workers is reduced, and the compatibility is improved.
Description
Technical Field
The invention relates to the technical field of computers, in particular to an access control method, device, storage medium and equipment based on flow data.
Background
With the development of the times, computer technology has penetrated into the aspects of people's lives, and the competition of the internet industry is more intense. While benefiting from the network to speed up the business operation, some organizations and departments have different degrees of attack and damage to the data on the network, and therefore, special protection needs to be performed on the data on the network by using a firewall so as to prevent attackers from obtaining the data. However, after the existing firewall is installed, the settings of the ports of the WEB server need to be adaptively modified to match the ports with the provided services, so that malicious access can be intercepted, which may increase the workload of the worker.
Disclosure of Invention
In view of this, embodiments of the present invention provide an access control method, an access control device, a storage medium, and an access control device based on traffic data, which mainly solve the problem that after an existing firewall is installed, malicious access can be intercepted only by adaptively modifying the port of a WEB server so that the port is matched with a provided service, thereby increasing the workload of a worker.
In a first aspect, an embodiment of the present invention provides an access control method based on traffic data, including:
determining a safety model;
connecting an HTTP/HTTPS flow port of a WEB application program;
when an access request is received through the HTTP/HTTPS flow port, judging whether the access request is a normal access request or not by using the security model; and if the access request is not a normal access request, intercepting the access request.
In a possible manner, the determining, by using the security model, whether the access request is a normal access request includes:
analyzing and acquiring request parameters carried by the access request according to the access request;
and matching the request parameters with normal access data in the security model, if the matching is successful, determining that the access request is a normal access request, and if the matching is failed, determining that the access request is not a normal access request.
In one possible approach, the method further comprises:
acquiring dynamic parameters;
and judging whether the dynamic parameters contain attack characters or not by using the security model, and deleting the attack characters or sending alarm information if the dynamic parameters contain the attack characters.
In one possible approach, the method further comprises:
obtaining a legal URL;
and marking the legal URL.
In one possible approach, the determining the security model includes:
acquiring flow sample data;
extracting Http/Http protocol traffic data based on the traffic sample data;
and carrying out supervised learning and unsupervised learning on the Http/Http protocol flow data to generate a safety model.
In one possible approach, the performing supervised learning and unsupervised learning on the Http/Http protocol traffic data to generate a safety model includes:
classifying the Http/Http protocol traffic data during unsupervised learning;
carrying out dimensionality reduction on the classified data by utilizing a PCA algorithm;
adjusting the data subjected to the dimensionality reduction to obtain normal access data and attack access data;
acquiring calibrated service sample data and attack sample data when supervised learning is carried out;
performing dimensionality reduction on the calibrated service sample data and attack sample data by using an LDA algorithm to obtain dimensionality-reduced data;
and optimizing the normal access data and the attack access data based on the data after the dimension reduction to obtain a security model.
In a possible mode, before performing the dimension reduction processing and the adjustment on the classified data, the method further includes:
and preprocessing the classified data, wherein the preprocessing comprises linear transformation, noise removal and redundant data.
In a second aspect, an embodiment of the present invention provides an access control apparatus, including:
a determination module for determining a security model;
the docking module is used for docking an HTTP/HTTPS flow port of a WEB application program;
the judging module is used for judging whether the access request is a normal access request or not by utilizing the security model when receiving the access request; and if the access request is not a normal access request, intercepting the access request.
In a third aspect, an embodiment of the present invention provides a storage medium, where at least one executable instruction is stored in the storage medium, and the executable instruction causes a processor to perform an operation corresponding to any one of the foregoing access control methods based on traffic data.
In a fourth aspect, an embodiment of the present invention provides an electronic device, including: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the operation corresponding to the access control method based on the flow data in any scheme.
According to the access control method, the device, the storage medium and the equipment based on the flow data, provided by the embodiment of the invention, after the HTTP/HTTPS flow port of the WEB application program is connected, the access request can be received through the HTTP/HTTPS flow port without modifying the setting of the WEB server port, so that the workload of workers is reduced, and the compatibility is also improved.
Drawings
The following drawings of the invention are included to provide a further understanding of the invention as a part of the examples. The drawings illustrate embodiments of the invention and, together with the description, serve to explain the principles of the invention.
In the drawings:
FIG. 1 is a flow diagram of a method for access control based on traffic data in accordance with an alternative embodiment of the present invention;
FIG. 2 is a flowchart of step S101 according to an alternative embodiment of the present invention;
FIG. 3 is a flowchart of step S203 according to an alternative embodiment of the present invention;
FIG. 4 is a flowchart of step S103 according to an alternative embodiment of the present invention;
FIG. 5 is a flow chart of a method for access control based on traffic data in accordance with another alternative embodiment of the present invention;
FIG. 6 is a flow chart of a method for access control based on traffic data in accordance with yet another alternative embodiment of the present invention;
fig. 7 is a schematic structural diagram of an access control device according to an alternative embodiment of the present invention.
Detailed Description
In the following description, numerous specific details are set forth in order to provide a more thorough understanding of the present invention. It will be apparent, however, to one skilled in the art, that the present invention may be practiced without one or more of these specific details. In other instances, well-known features have not been described in order to avoid obscuring the invention.
It should be noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the invention. As used herein, the singular is intended to include the plural unless the context clearly dictates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
Exemplary embodiments according to the present invention will now be described in more detail with reference to the accompanying drawings. These exemplary embodiments may, however, be embodied in many different forms and should not be construed as limited to only the embodiments set forth herein. It is to be understood that these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of these exemplary embodiments to those skilled in the art.
In a first aspect, an embodiment of the present invention provides an access control method based on traffic data, where an execution subject of the method may be a network device or a server in a network, or a module or a chip integrated on the network device or the server. Specifically, as shown in fig. 1, an access control method based on traffic data includes:
step S101: a security model is determined.
Step S102: and connecting HTTP/HTTPS flow ports of the WEB application program.
In the step, after the interception software is installed, the HTTP/HTTPS flow port of the WEB application program is butted, the setting of the original WEB server port is not required to be modified, the compatibility of the interception software is improved, and the workload of workers is reduced.
Step S103: when an access request is received through the HTTP/HTTPS flow port, judging whether the access request is a normal access request or not by using a security model; if the access request is not a normal access request, step S104 is performed.
Step S104: an access request is intercepted.
Judging whether the access request is a normal access request or not through a security model, and if the access request is the normal access request, accessing normally; and if the access request is not a normal access request, intercepting the access request to protect the data to be accessed.
According to the access control method based on the flow data, after the HTTP/HTTPS flow port of the WEB application program is connected, the access request can be received through the HTTP/HTTPS flow port, and the setting of the WEB server port is not required to be modified, so that the workload of workers is reduced, and the compatibility is improved.
Specifically, as shown in fig. 2, step S101 in the above embodiment includes the following steps:
step S201: and acquiring flow sample data.
The traffic sample data may flow through a certain network element in the existing network architecture, such as: radio Network Controller (RNC), Serving GPRS Support Node (SGSN), and Gateway GPRS Support Node (GGSN). The traffic sample data may be obtained by periodically performing data acquisition on the network element by the execution main body, that is, obtaining traffic within a preset time period to form traffic sample data.
Step S202: and extracting the Http/Http protocol traffic data based on the traffic sample data.
The Http/Http protocol traffic data includes Http header information and payload information of access requests and responses, and specifically includes but is not limited to packet header parameters and parameter values, time, event classification, request and response context, source and destination information.
Step S203: and carrying out supervised learning and unsupervised learning on the Http/Http protocol flow data to generate a safety model.
One of unsupervised learning and machine learning with supervision. The unsupervised learning is a training mode of machine learning, which is essentially a statistical means, and can find potential structures in unlabeled data.
The supervised learning refers to a process of training a model by enabling a machine to learn a large amount of sample data with labels, and enabling the model to obtain corresponding output according to input. A function is generated by mapping a portion of the input data to an output data, such as a class, to map the output to an appropriate output.
The security model is obtained by performing unsupervised learning and supervised learning based on flow sample data, so that the detection of the access request is more sensitive, the detection accuracy and the data security are improved, a feature library does not need to be configured, and the feature library is prevented from being updated frequently.
Specifically, as shown in fig. 3, step S203 in the above embodiment includes:
step S301: and classifying the Http/Http protocol traffic data during unsupervised learning.
In the step, firstly, the Http/Http protocol flow data is subjected to dimension-increasing processing, and then classification processing is performed.
Step S302: and preprocessing the classified data, wherein the preprocessing comprises linear transformation, noise removal and redundant data.
And performing linear transformation on the classified data, and removing noise and redundant data, thereby reducing the interference of redundant data and noise and reducing the computation of subsequent processing.
Step S303: and carrying out dimensionality reduction on the classified data by utilizing a PCA algorithm.
The PCA (principal component analysis), also called principal component analysis, aims to convert multiple indexes into a few comprehensive indexes by using the idea of dimension reduction. In statistics, principal component analysis, PCA, is a technique that simplifies the data set, and is a linear transformation. This transformation transforms the data into a new coordinate system such that the first large variance of any data projection is at the first coordinate (called the first principal component), the second large variance is at the second coordinate (the second principal component), and so on. Principal component analysis is often used to reduce the dimensionality of the data set while maintaining the features of the data set that contribute most to the variance. The high dimensional data is projected to a low latitude using the PCA algorithm in this step.
Step S304: and adjusting the data subjected to the dimensionality reduction to obtain normal access data and attack access data.
Step S305: and acquiring calibrated service sample data and attack sample data during supervised learning.
Step S306: and performing dimensionality reduction on the calibrated service sample data and the attack sample data by using an LDA algorithm to obtain data subjected to dimensionality reduction.
The LDA algorithm is a method which projects the points into a space with lower dimensionality, so that the projected points can be distinguished according to categories, and under the condition that the points are clustered, the points of the same category are closer to each other in the projected space.
Step S307: and optimizing the normal access data and the attack access data based on the data subjected to dimensionality reduction to obtain a security model.
In the embodiment, the normal access data and the attack access data obtained by unsupervised learning are optimized by using supervised learning, so that the normal access data and the attack access data are more accurate, and the accuracy of the security model is improved.
Specifically, as shown in fig. 4, step S103 in the foregoing embodiment specifically includes:
step S401: and analyzing and acquiring the request parameters carried by the access request according to the access request.
The request parameters include, but are not limited to, packet header parameters and parameter values, time, event classification, request and response context, source and destination information.
Step S402: the request parameters are matched with normal access data in the security model.
Step S403 a: and if the matching is successful, determining that the access request is a normal access request.
Step S403 b: if the matching fails, it is determined that the access request is not a normal access request.
The request parameters are matched with normal access data in the security model, the successfully matched access request is determined to be a normal access request, the unsuccessfully matched access request is determined not to be a normal access request, namely, the unsuccessfully matched access request is determined to be an access request of malicious attack, and therefore the request parameters are matched with the normal access data to determine whether the access request is a normal access mode.
In other embodiments, as shown in fig. 5, the method further comprises:
step S501: and acquiring dynamic parameters. Wherein, the dynamic parameter is the parameter input by the visitor.
Step S502: and judging whether the dynamic parameters contain attack characters or not by using the security model, and deleting the attack characters or sending alarm information if the dynamic parameters contain the attack characters.
Specifically, the dynamic parameters are matched with normal access data in the security model, if partial characters in the dynamic parameters are not matched with the normal access data, attack characters are determined to be contained in the dynamic parameters, the unmatched characters are determined to be the attack characters, and then the attack characters are deleted, so that the submitted contents can not form cross-site scripting attacks, and the access security is further improved.
In some realizable modes, after the attack character is determined, the attack character is not deleted, but alarm information is sent to an administrator, and whether the attack character is deleted or not is determined by the administrator, so that the accuracy of attack character determination is improved.
In still other embodiments, as shown in fig. 6, the method further comprises:
step S601: and obtaining a legal URL.
The legal URL determining process comprises the following steps: and matching the URL with the normal access data in the security model, and if the matching is successful, determining that the URL is a legal URL.
Step S602: the legal URL is marked.
After the legal URL is marked, the legal URL can be distinguished from other URLs, so that whether the URL is legal or not can be conveniently identified.
In a second aspect, as shown in fig. 7, an embodiment of the present invention provides an access control apparatus, including:
a determining module 701, configured to determine a security model;
a docking module 702, configured to dock an HTTP/HTTPs traffic port of a WEB application;
a judging module 703, configured to, when an access request is received through the HTTP/HTTPs traffic port, judge whether the access request is a normal access request by using the security model; if the access request is not a normal access request, the access request is intercepted.
According to the access control device provided by the embodiment of the invention, after the HTTP/HTTPS flow port of the WEB application program is connected, the access request can be received through the HTTP/HTTPS flow port, and the setting of the WEB server port is not required to be modified, so that the workload of workers is reduced, and the compatibility is improved.
In a third aspect, an embodiment of the present invention provides a storage medium, where at least one executable instruction is stored in the storage medium, and the executable instruction causes a processor to perform an operation corresponding to any one of the foregoing access control methods based on traffic data.
In a fourth aspect, an embodiment of the present invention provides an electronic device, including: the processor, the memory, the communication interface and the communication bus, and the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the operation corresponding to the access control method based on the flow data.
In particular, the program may include program code comprising computer operating instructions.
The processor may be a central processing unit CPU or an application Specific Integrated circuit asic or one or more Integrated circuits configured as an embodiment of the invention. The computer device includes one or more processors, which may be the same type of processor, such as one or more CPUs; or may be different types of processors such as one or more CPUs and one or more ASICs.
And the memory is used for storing programs. The memory may comprise high-speed RAM memory, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The present invention has been illustrated by the above embodiments, but it should be understood that the above embodiments are for illustrative and descriptive purposes only and are not intended to limit the invention to the scope of the described embodiments. Furthermore, it will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, and that many variations and modifications may be made in accordance with the teachings of the present invention, which variations and modifications are within the scope of the present invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (10)
1. An access control method based on traffic data, comprising:
determining a safety model;
connecting an HTTP/HTTPS flow port of a WEB application program;
when an access request is received through the HTTP/HTTPS flow port, judging whether the access request is a normal access request or not by using the security model; and if the access request is not a normal access request, intercepting the access request.
2. The method of claim 1, wherein said determining whether the access request is a normal access request using the security model comprises:
analyzing and acquiring request parameters carried by the access request according to the access request;
and matching the request parameters with normal access data in the security model, if the matching is successful, determining that the access request is a normal access request, and if the matching is failed, determining that the access request is not a normal access request.
3. The method of claim 1, further comprising:
acquiring dynamic parameters;
and judging whether the dynamic parameters contain attack characters or not by using the security model, and deleting the attack characters or sending alarm information if the dynamic parameters contain the attack characters.
4. The method of claim 3, further comprising:
obtaining a legal URL;
and marking the legal URL.
5. The method of claim 1, wherein determining the security model comprises:
acquiring flow sample data;
extracting Http/Http protocol traffic data based on the traffic sample data;
and carrying out supervised learning and unsupervised learning on the Http/Http protocol flow data to generate a safety model.
6. The method of claim 5, wherein the learning the Http/Http protocol traffic data with and without supervision, generating a security model comprises:
classifying the Http/Http protocol traffic data during unsupervised learning;
carrying out dimensionality reduction on the classified data by utilizing a PCA algorithm;
adjusting the data subjected to the dimensionality reduction to obtain normal access data and attack access data;
acquiring calibrated service sample data and attack sample data when supervised learning is carried out;
performing dimensionality reduction on the calibrated service sample data and attack sample data by using an LDA algorithm to obtain dimensionality-reduced data;
and optimizing the normal access data and the attack access data based on the data after the dimension reduction to obtain a security model.
7. The method of claim 6, wherein before performing the dimensionality reduction and adjustment on the classified data, the method further comprises:
and preprocessing the classified data, wherein the preprocessing comprises linear transformation, noise removal and redundant data.
8. An access control apparatus, comprising:
determining a model for determining a security model;
the docking module is used for docking an HTTP/HTTPS flow port of a WEB application program;
the judging module is used for judging whether the access request is a normal access request or not by utilizing the security model when the access request is received through the HTTP/HTTPS flow port; and if the access request is not a normal access request, intercepting the access request.
9. A storage medium, wherein at least one executable instruction is stored in the storage medium, and the executable instruction causes a processor to execute operations corresponding to the access control method based on traffic data according to any one of claims 1 to 7.
10. An electronic device, comprising: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction causes the processor to execute the operation corresponding to the access control method based on the flow data in any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111056404.9A CN113949528A (en) | 2021-09-09 | 2021-09-09 | Access control method and device based on flow data, storage medium and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111056404.9A CN113949528A (en) | 2021-09-09 | 2021-09-09 | Access control method and device based on flow data, storage medium and equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113949528A true CN113949528A (en) | 2022-01-18 |
Family
ID=79328373
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111056404.9A Pending CN113949528A (en) | 2021-09-09 | 2021-09-09 | Access control method and device based on flow data, storage medium and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113949528A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114531303A (en) * | 2022-04-24 | 2022-05-24 | 北京天维信通科技有限公司 | Server port hiding method and system |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107404473A (en) * | 2017-06-06 | 2017-11-28 | 西安电子科技大学 | Based on Mshield machine learning multi-mode Web application means of defences |
| CN109922013A (en) * | 2019-01-28 | 2019-06-21 | 世纪龙信息网络有限责任公司 | Service access flow control methods, device, server and storage medium |
| CN110808968A (en) * | 2019-10-25 | 2020-02-18 | 新华三信息安全技术有限公司 | Network attack detection method and device, electronic equipment and readable storage medium |
| CN111526136A (en) * | 2020-04-15 | 2020-08-11 | 优刻得科技股份有限公司 | Malicious attack detection method, system, device and medium based on cloud WAF |
| CN111600919A (en) * | 2019-02-21 | 2020-08-28 | 北京金睛云华科技有限公司 | Web detection method and device based on artificial intelligence |
| CN111641658A (en) * | 2020-06-09 | 2020-09-08 | 杭州安恒信息技术股份有限公司 | Request intercepting method, device, equipment and readable storage medium |
| CN112738109A (en) * | 2020-12-30 | 2021-04-30 | 杭州迪普科技股份有限公司 | Web attack detection method and device |
| WO2021139641A1 (en) * | 2020-01-07 | 2021-07-15 | 深信服科技股份有限公司 | Web attack detection method and device, electronic apparatus, and storage medium |
-
2021
- 2021-09-09 CN CN202111056404.9A patent/CN113949528A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107404473A (en) * | 2017-06-06 | 2017-11-28 | 西安电子科技大学 | Based on Mshield machine learning multi-mode Web application means of defences |
| CN109922013A (en) * | 2019-01-28 | 2019-06-21 | 世纪龙信息网络有限责任公司 | Service access flow control methods, device, server and storage medium |
| CN111600919A (en) * | 2019-02-21 | 2020-08-28 | 北京金睛云华科技有限公司 | Web detection method and device based on artificial intelligence |
| CN110808968A (en) * | 2019-10-25 | 2020-02-18 | 新华三信息安全技术有限公司 | Network attack detection method and device, electronic equipment and readable storage medium |
| WO2021139641A1 (en) * | 2020-01-07 | 2021-07-15 | 深信服科技股份有限公司 | Web attack detection method and device, electronic apparatus, and storage medium |
| CN111526136A (en) * | 2020-04-15 | 2020-08-11 | 优刻得科技股份有限公司 | Malicious attack detection method, system, device and medium based on cloud WAF |
| CN111641658A (en) * | 2020-06-09 | 2020-09-08 | 杭州安恒信息技术股份有限公司 | Request intercepting method, device, equipment and readable storage medium |
| CN112738109A (en) * | 2020-12-30 | 2021-04-30 | 杭州迪普科技股份有限公司 | Web attack detection method and device |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114531303A (en) * | 2022-04-24 | 2022-05-24 | 北京天维信通科技有限公司 | Server port hiding method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113949526A (en) | Access control method and device, storage medium and electronic equipment | |
| US20060037077A1 (en) | Network intrusion detection system having application inspection and anomaly detection characteristics | |
| CN109768992B (en) | Webpage malicious scanning processing method and device, terminal device and readable storage medium | |
| US20210004628A1 (en) | Method and system for website detection | |
| US8631124B2 (en) | Network analysis system and method utilizing collected metadata | |
| US20070011742A1 (en) | Communication information monitoring apparatus | |
| CN112738102B (en) | Asset identification method, device, equipment and storage medium | |
| US10038706B2 (en) | Systems, devices, and methods for separating malware and background events | |
| CN103346972A (en) | Flow control device and method based on user terminal | |
| CN111164575B (en) | Sample data generating device, sample data generating method, and computer-readable storage medium | |
| CN109948335B (en) | System and method for detecting malicious activity in a computer system | |
| WO2019184664A1 (en) | Method, apparatus, and system for detecting malicious file | |
| CN112565226A (en) | Request processing method, device, equipment and system and user portrait generation method | |
| US11550920B2 (en) | Determination apparatus, determination method, and determination program | |
| RU2697958C1 (en) | System and method for detecting malicious activity on a computer system | |
| US20100217891A1 (en) | Document Source Debugger | |
| CN113949528A (en) | Access control method and device based on flow data, storage medium and equipment | |
| CN108156127B (en) | Network attack mode judging device, judging method and computer readable storage medium thereof | |
| US9300677B2 (en) | Data security system | |
| US20080060078A1 (en) | Methods and systems for detecting an access attack | |
| CN110955890B (en) | Method and device for detecting malicious batch access behaviors and computer storage medium | |
| US20200210578A1 (en) | System and method of detecting a source of malicious activity in a computer system | |
| CN108650274B (en) | Network intrusion detection method and system | |
| CN114124555A (en) | Message playback method and device, electronic equipment and computer readable medium | |
| EP3432544B1 (en) | System and method of determining ddos attacks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 101100 No. 9-2074, Liangli Third Street, East District, economic development zone, Tongzhou District, Beijing Applicant after: Zhongyun Wangan Technology Co.,Ltd. Address before: 705, floor 7, block D, floor 6, building 1, No. 6, Jianguomenwai street, Chaoyang District, Beijing 100022 (inner 1) Applicant before: Zhongyun Wangan Technology Co.,Ltd. |
|
| CB02 | Change of applicant information |