CN114095245A - Tracing method, device, equipment and medium for network attack - Google Patents

Tracing method, device, equipment and medium for network attack Download PDF

Info

Publication number
CN114095245A
CN114095245A CN202111371923.4A CN202111371923A CN114095245A CN 114095245 A CN114095245 A CN 114095245A CN 202111371923 A CN202111371923 A CN 202111371923A CN 114095245 A CN114095245 A CN 114095245A
Authority
CN
China
Prior art keywords
tracing
script
target
tracing script
initial
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111371923.4A
Other languages
Chinese (zh)
Other versions
CN114095245B (en
Inventor
杨斌
马绍龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN202111371923.4A priority Critical patent/CN114095245B/en
Publication of CN114095245A publication Critical patent/CN114095245A/en
Application granted granted Critical
Publication of CN114095245B publication Critical patent/CN114095245B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)

Abstract

The disclosure relates to the technical field of internet, and discloses a method, a device, equipment and a medium for tracing a network attack. The method comprises the following steps: receiving a tracing script acquisition request generated by a target user accessing a target website; responding to a tracing script acquisition request, and determining a target tracing script set from an initial tracing script set based on script state information; and sending the target tracing script set to a client corresponding to the target website so that the client traces the source of the target user based on the target tracing script set. By the technical scheme, the target tracing script set for the network attack tracing is dynamically adjusted, the expansibility and the stability of the tracing script are improved, and the timeliness of tracing is greatly improved.

Description

Network attack tracing method, device, equipment and medium
Technical Field
The present disclosure relates to the field of internet technologies, and in particular, to a method, an apparatus, a device, and a medium for tracing a network attack.
Background
Nowadays, with the development of the honeypot field, honeypot technology is gradually mature. Among a plurality of honeypots, the WEB honeypot has become a common honeypot, and is mainly used for constructing an inductive virtual webpage aiming at a defense website so as to collect relevant information of an attacker who wants to attack the defense website and perform attacker tracking and tracing.
In the prior art, a WEB honeypot method is available, which collects various personal information of an attacker by nesting a plurality of tracing scripts in a webpage template.
However, this conventional solution can only collect information through multiple embedded tracing scripts, which may cause the following problems: on one hand, when some tracing scripts fail, the quantity and quality of collected information will be reduced, so that the tracing stability of the scheme is poor; on the other hand, when the source tracing script needs to be changed (such as added, deleted, modified), each script file on the server side needs to be modified manually, which is time-consuming and labor-consuming, so that the expansibility of the source tracing script is poor.
Disclosure of Invention
To solve the above technical problem or at least partially solve the above technical problem, the present disclosure provides a method, an apparatus, a device, and a medium for tracing a network attack.
In a first aspect, the present disclosure provides a method for tracing a network attack, including:
receiving a tracing script acquisition request generated by a target user accessing a target website;
responding to a tracing script obtaining request, and determining a target tracing script set from the initial tracing script set based on script state information;
and sending the target tracing script set to a client corresponding to the target website so that the client traces the source of the target user based on the target tracing script set.
In some embodiments, determining the target tracing script set from the initial tracing script set based on the script state information in response to the tracing script fetch request includes:
and responding to the tracing script acquisition request, and determining a target tracing script set from the initial tracing script set based on the script state information and the social information source.
In some embodiments, determining the target traceback script set from the initial traceback script set based on the script state information and the social information source comprises:
determining at least one first tracing script corresponding to each social information source from the initial tracing script set;
and determining a second tracing script with script state information as an effective state identifier from the first tracing scripts corresponding to each social information source.
In some embodiments, determining, from the first tracing scripts corresponding to each social information source, a second tracing script whose script state information is a valid state identifier includes:
and determining a second tracing script of which the script state information is an effective state identifier and which has a preset priority identifier from each first tracing script corresponding to each social information source.
In some embodiments, after ascertaining at least one first tracing script corresponding to each social information source from the initial tracing script set, the method further includes:
and if the script state information of each first tracing script corresponding to any social information source is the invalid state identifier, deleting the social information source and each first tracing script from the initial tracing script set.
In some embodiments, after sending the target tracing script set to the client corresponding to the target website, the method further includes:
receiving script information and a failure state identifier of a third tracing script sent by a client; the third tracing script is a tracing script in the target tracing script set;
and setting the script state information of the third tracing script in the initial tracing script set as a failure state identifier so as to update the initial tracing script set.
In some embodiments, after setting the script state information of the third tracing script in the initial tracing script set as the failure state identifier and updating the initial tracing script set, the method further includes:
if tracing failure information sent by the client is received, re-determining a target tracing script set from the updated initial tracing script set based on the script state information;
and sending the re-determined target tracing script set to the client so that the client continuously traces the source of the target user based on the re-determined target tracing script set.
In a second aspect, the present disclosure provides a tracing apparatus for a cyber attack, where the apparatus includes:
the source tracing script acquisition request receiving module is used for receiving a source tracing script acquisition request generated by a target user accessing a target website;
the target tracing script set determining module is used for responding to the tracing script obtaining request and determining a target tracing script set from the initial tracing script set based on the script state information;
and the target tracing script set sending module is used for sending the target tracing script set to the client corresponding to the target website so that the client traces the source of the target user based on the target tracing script set.
In some embodiments, the target tracing script set determining module further comprises a first target tracing script set determining unit configured to: and responding to the tracing script acquisition request, and determining a target tracing script set from the initial tracing script set based on the script state information and the social information source.
In some embodiments, the target tracing script set determining module further includes a first tracing script determining unit, a second tracing script determining unit and a target tracing script set determining unit;
the first tracing script determining unit is used for determining at least one first tracing script corresponding to each social information source from the initial tracing script set;
the second tracing script determining unit is used for determining a second tracing script of which the script state information is an effective state identifier from each first tracing script corresponding to each social information source;
the target tracing script set determining unit is configured to determine each second tracing script as the target tracing script set.
In some embodiments, the second tracing script determining unit is specifically configured to:
and determining a second tracing script of which the script state information is an effective state identifier and which has a preset priority identifier from each first tracing script corresponding to each social information source.
In some embodiments, the apparatus further comprises an initial tracing script set deleting module to:
after at least one first tracing script corresponding to each social information source is determined from the initial tracing script set, if the script state information of each first tracing script corresponding to any social information source is an invalid state identifier, deleting the social information source and each first tracing script from the initial tracing script set.
In some embodiments, the apparatus further comprises an initial tracing script set updating module to:
after the target tracing script set is sent to the client corresponding to the target website, receiving script information and a failure state identifier of a third tracing script sent by the client; the third tracing script is a tracing script in the target tracing script set;
and setting the script state information of the third tracing script in the initial tracing script set as a failure state identifier so as to update the initial tracing script set.
In some embodiments, the apparatus further comprises a target tracing script set re-determining unit configured to:
after the script state information of the third tracing script in the initial tracing script set is set as the failure state identifier to update the initial tracing script set, if tracing failure information sent by a client is received, a target tracing script set is determined again from the updated initial tracing script set based on the script state information;
and sending the re-determined target tracing script set to the client so that the client continuously traces the source of the target user based on the re-determined target tracing script set.
In a third aspect, the present disclosure provides an electronic device, including:
a processor and a memory;
the processor is configured to perform the steps of the method of any embodiment of the present disclosure by calling a program or instructions stored in the memory.
In a fourth aspect, the present disclosure provides a computer-readable storage medium storing a program or instructions for causing a computer to perform the steps of the method described in any embodiment of the present disclosure.
The method, the device, the equipment and the medium for tracing the source of the network attack, which are provided by the embodiment of the invention, can determine the target tracing script set from the initial tracing script set by receiving and responding to the tracing script acquisition request generated by the target user accessing the target website based on the script state information, and send the target tracing script set to the client corresponding to the target website, so that the client traces the source of the target user based on the target tracing script. The target tracing script set is dynamically configured from the initial tracing script set according to the script state information, the expansibility and the expansion effect of the target tracing script set are improved, and the effectiveness of each tracing script for tracing can be ensured, so that the information collection stability of an attacker is improved, and the reliability and the stability of tracing are further improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
In order to more clearly illustrate the embodiments or technical solutions in the prior art of the present disclosure, the drawings used in the description of the embodiments or prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
Fig. 1 is a schematic view of a scenario of a tracing method of a network attack according to an embodiment of the present disclosure.
Fig. 2 is a schematic flowchart of a method for tracing a network attack according to an embodiment of the present disclosure;
FIG. 3 is a schematic diagram of an initial tracing script set provided by an embodiment of the present disclosure;
fig. 4 is a schematic flowchart of another tracing method for network attacks according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of a tracing apparatus of a network attack according to an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of an electronic device provided in an embodiment of the present disclosure.
Detailed Description
In order that the above objects, features and advantages of the present disclosure may be more clearly understood, aspects of the present disclosure will be described in further detail below. It should be noted that the embodiments and features of the embodiments of the present disclosure may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure, but the present disclosure may be practiced in other ways than those described herein; it is to be understood that the embodiments disclosed in the specification are only a few embodiments of the present disclosure, and not all embodiments.
At present, honeypots are used for active defense of network security and are mainly used for constructing inductive virtual webpages aiming at defense websites so as to collect relevant information of attackers who want to attack the defense websites and carry out attacker tracking and tracing. Among a plurality of honeypots, the WEB honeypot becomes a common honeypot, and various personal information of attackers can be accurately positioned by nesting a plurality of tracing scripts in a webpage template to quickly trace the source.
In the prior art, the method for carrying out network tracing by using honeypots usually has the following defects: on one hand, when some tracing scripts fail, the quantity and quality of information which is traced and collected by the tracing scripts are reduced, so that the tracing stability of the scheme in the prior art is poor; on the other hand, when the tracing script needs to be added, deleted and modified, each script file on the server side must be modified manually, which is time-consuming and labor-consuming, so that the extensibility of the tracing script is poor.
Based on the above situation, the embodiments of the present disclosure provide a solution for a tracing method that can dynamically configure a tracing script and apply the tracing script to a network attack, so as to implement dynamic configuration of the tracing script, avoid meaningless tracing by using a failed tracing script, and improve the extensibility and stability of the tracing script.
The tracing method for the network attack provided by the embodiment of the disclosure is mainly suitable for the condition of tracing the source of an attacker by using a WEB honeypot. The tracing method of the network attack provided by the embodiment of the disclosure can be executed by a tracing device of the network attack, the device can be realized by a software and/or hardware mode, and the device can be integrated in electronic equipment with a certain operation function, such as a notebook computer, a desktop computer, a server and the like.
First, an application scenario of the tracing method of network attack provided by the embodiment of the present disclosure is explained.
Fig. 1 is a schematic application scenario diagram of a tracing method of a network attack provided by an embodiment of the present disclosure.
As shown in fig. 1, the application scenario is a scenario of interaction among a server 110, a client 120, and a target user 130 in a network environment.
The server 110 may be a server corresponding to a back-end running target web page; the client 120 may be a client device corresponding to the display target web page; target user 130 may be an attacker, such as a hacker, who may obtain resources at the target web page through a network attack.
Alternatively, the target web page may be a defense web page generated by the target website for defending against the attack of the target user 130, and when the target user 130 accesses, the target web page is displayed to the target user 130 for the target user to access.
Specifically, the target user 130 accesses the target website through the client 120, and the client 120 presents the target webpage to the target user 130 in response to an access request of the target user 130. And, the client 120 obtains the set of target tracing scripts from the service 110. Then, the client 120 calls each tracing script in the target tracing script set one by one to obtain the relevant information corresponding to the target user 130. In the embodiment of the present disclosure, the tracing script includes a JavaScript code (JS code for short) for collecting the social account information, so that the relevant information of the target user 130 obtained by the client 120 includes the social account information on the social network site corresponding to the JS code. The social account information may include information such as a user name, a nickname, and a mobile phone number. Then, the client 120 transmits the obtained related information or each piece of social account information obtained by analyzing the related information to the server 110. If the received information is related information, the server 110 analyzes the information to obtain corresponding social account information. Finally, the server 110 may trace the source of the target user 130 based on the obtained information of each account, thereby completing tracing the source of the target user when the target user accesses the target webpage, preventing a network attack, and ensuring the security of the target website.
According to the traceability scheme of the network attack, the traceability script is used for obtaining the social account information corresponding to the target user in the traceability process to trace and traceable the target user, so that the problem that the traceability accuracy is reduced due to the influence of a plurality of layers of agents set by the target user when an attacker is traced by using an IP address is avoided, and the traceability accuracy and timeliness of the network attack are greatly improved. For enterprises, WEB honeypots can be used for effectively defending attacks, and tracking and tracing of target users are carried out by collecting social data, so that the safety and stability of the enterprise network environment are effectively strengthened.
The following describes a tracing method of a network attack provided by the embodiment of the present disclosure with reference to fig. 2 to fig. 4.
In the embodiment of the present disclosure, the tracing method of the network attack may be applied to the server 110 shown in fig. 1, and the server 110 may be implemented as a single server or a server cluster.
Fig. 2 is a schematic flowchart of a method for tracing a network attack according to an embodiment of the present disclosure.
As shown in fig. 2, the tracing method specifically includes the following steps:
s210, receiving a source tracing script acquisition request generated by a target user accessing a target website.
The target user is a user accessing a target webpage embedded in a WEB honeypot, can be any attacker, and needs to obtain target information through tracing in the embodiment of the disclosure; the target website may be a defending website arranged to defend against attackers to acquire resources, which is used to induce attackers to attack.
Specifically, in the embodiment of the disclosure, a developer sets a target webpage for defense for a target website in advance according to a WEB honeypot to attract an attacker to visit. When a target user accesses a target website, a client can detect an access request of the target user, generate a tracing script obtaining request based on the access request of the target user, and transmit the tracing script obtaining request to a server corresponding to the target website so as to request the server to obtain the tracing script. The server receives the source script fetch request.
The tracing script in the process is used for acquiring relevant information of the target user, and at least comprises a JSONP interface and a JS code corresponding to the JSONP interface. The JSONP is a 'usage mode' of JSON, can be used for solving the problem of cross-domain data access of browsers, a webpage can obtain JSON data dynamically generated from other sources by utilizing an open policy of < script > elements, the usage mode is the so-called JSONP, and an interface supporting access by using the JSONP mode is called a JSONP interface. The JSONP interface can be collected through a network. The JS code is written aiming at the JSONP interface and is used for executing the functions of acquiring cookie data of a target user in the process of using the client, calling the corresponding JSONP interface, uploading/analyzing the returned data and the like.
S220, responding to the tracing script obtaining request, and determining a target tracing script set from the initial tracing script set based on the script state information.
The script state information is information for characterizing whether the tracing script is available, and may be, for example, a valid state identifier for characterizing that the tracing script is available, or an invalid state identifier for characterizing that the tracing script is unavailable. The initial tracing script set refers to a set of all tracing scripts maintained in the server. Each tracing script in the initial tracing script set corresponds to script state information. Each tracing script in the initial tracing script set can be constructed by continuously collecting JSONP interfaces in a network and generating JS codes for the JSONP interfaces, and script state information of each constructed tracing script can be defaulted to be an effective state identifier or can be determined to be the effective state identifier or an ineffective state identifier in a manual test mode. The target tracing script set is a set of a plurality of tracing scripts for acquiring social account information of the target user, wherein each tracing script contained in the set is obtained by screening from the initial tracing script set.
Specifically, after the server receives the tracing script obtaining request, the tracing script with the script state information being the valid state identifier can be dynamically screened according to the script state information of each tracing script in the initial tracing script set, so as to obtain a plurality of tracing scripts. Then, the server combines at least part of the screened tracing scripts to generate a target tracing script set.
In some embodiments, S220 may be implemented as: and responding to the tracing script acquisition request, and determining a target tracing script set from the initial tracing script set based on the script state information and the social information source.
The social information source refers to a source website of social account information, which may correspond to a social vendor providing a social application program. Considering that a target user may register social account information at a plurality of social information sources, and validity of a tracing script corresponding to some social information sources is unstable, each tracing script in an initial tracing script set in the embodiment of the present disclosure may also carry a social information source in addition to script state information. Namely, in the process of maintaining the initial tracing script set by the server, aiming at each social information source, the JSONP interfaces of the social information source are continuously collected as many as possible, and the corresponding JS codes are written to form a plurality of tracing scripts corresponding to the social information source. In this way, at least one traceability script is available for each social information source.
According to the above description, the content and the corresponding relationship included in the initial tracing script set can be as shown in fig. 3. The initial tracing script set comprises a social information source 1, social information sources 2, … … and a social information source n, wherein each social information source corresponds to a plurality of tracing scripts, and each tracing script carries script state information (such as an effective state identifier and an invalid state identifier). It should be noted that the storage structure and the storage form of the initial tracing script set are not limited.
Specifically, the server responds to the tracing script acquisition request, and according to script state information and social source information of each tracing script, at least one tracing script with effective state identification corresponding to a plurality of social information sources is screened from the initial tracing script set, so that a target tracing script set is generated. For example, the server screens out one/more tracing scripts corresponding to each social information source to generate a target tracing script set; for another example, the server screens out social information sources with more registered users, and then selects at least one tracing script carrying an effective state identifier from a plurality of tracing scripts corresponding to the social information sources to generate a target tracing script set.
In some embodiments, the determining the target tracing script set from the initial tracing script set based on the script state information and the social information source in response to the tracing script obtaining request includes: determining at least one first tracing script corresponding to each social information source from the initial tracing script set; determining a second tracing script with script state information as an effective state identifier from each first tracing script corresponding to each social information source; and determining each second tracing script as a target tracing script set.
The first tracing script is a tracing script corresponding to each social information source obtained by first selecting all tracing scripts in the initial tracing script set according to the social information sources. The second tracing script is a tracing script which is determined by secondary selection in each first tracing script obtained after the first selection according to the social information source and has the script state information as the effective state identifier.
Specifically, the server responds to the tracing script acquisition request, and performs first selection on all tracing scripts in the initial tracing script set according to the social information sources of each tracing script to obtain at least one tracing script in each social information source, namely a first tracing script. And then, the server performs second selection according to the script state information of each tracing script in each first tracing script, namely, determines a tracing script of which at least one script state information is an effective state identifier from each first tracing script as a second tracing script. And finally, the server combines all the determined second tracing scripts to generate a target tracing script set.
In other embodiments, the process of screening the initial tracing script set according to the social information source and the script state information to obtain the target tracing script set may further be implemented as follows: and the server responds to the tracing script acquisition request, and performs first selection on each tracing script in the initial tracing script set according to the script state information of each tracing script to obtain each tracing script of which the script state information is an effective state identifier. And then, the server selects all the tracing scripts of the effective state identifiers obtained by the first selection for the second time according to the social information sources, namely, selects one or more tracing scripts corresponding to the social information sources from all the tracing scripts of the effective state identifiers obtained by the first selection for generating a target tracing script set.
In some embodiments, the determining, from the first tracing scripts corresponding to each social information source, a second tracing script whose script state information is a valid state identifier includes: and determining a second tracing script of which the script state information is an effective state identifier and which has a preset priority identifier from each first tracing script corresponding to each social information source.
The preset priority identifier refers to the preset priority of the tracing script, and the higher the priority is, the more ahead the sequence of the tracing script selected for generating the target tracing script set is. The preset priority identifier can be artificially set; or can be randomly set; the source tracing script can be determined according to the JSONP interface acquisition time length, for example, the shorter the JSONP interface acquisition time length is, the higher the preset priority of the corresponding source tracing script is, so that the source tracing script with the shorter JSONP interface exposure time can be preferentially used, the effectiveness of the source tracing script in the target source tracing script set is improved, and the accuracy and timeliness of source tracing are further improved.
According to the above description, as shown in fig. 3, the initial tracing script set includes a social information source 1, a social information source 2, … …, and a social information source n, where each social information source corresponds to a plurality of tracing scripts, and each tracing script also carries a preset priority identifier (e.g., priority 1, priority 2, … …, and priority n).
Specifically, when the server performs secondary selection on each first tracing script corresponding to each social information source, one first tracing script with the highest preset priority identifier and the script state information being the valid state identifier may be selected as the second tracing script.
It should be noted that, for each social information source, there may be one or more second tracing scripts corresponding to the social information source.
In some embodiments, after determining at least one first tracing script corresponding to each social information source from the initial tracing script set, the method for tracing the network attack further includes: and if the script state information of each tracing script corresponding to any social information source is the invalid state identifier, deleting the social information source and each first tracing script from the initial tracing script set.
Specifically, after at least one first tracing script corresponding to each social information source is determined from the initial tracing script set according to the social information source, if the server determines that the script state information of all the first tracing scripts corresponding to a certain social information source is the failure state identifier, it indicates that all the tracing scripts in the social information source are failed, and the target user cannot be effectively traced. Therefore, the social information source and all the tracing scripts corresponding to the social information source are deleted from the initial tracing script set, so that meaningless information acquisition operation according to invalid tracing scripts is avoided, client running resources are saved, and the tracing accuracy is further improved.
In the embodiment of the disclosure, the tracing script in the target tracing script set is dynamically adjusted according to the dynamic adjustment rule.
The dynamic adjustment rule is to check the tracing script, if the tracing script in use is found to be in a failure state, the tracing script is replaced, and the tracing script with the highest priority in an effective state is adjusted to be in use. If all tracing scripts of one social information source are verified to be in a failure state, even if the social information source is configured in the target tracing script set, the source tracing scripts are removed and are no longer used as metadata of the tracing scripts.
Optionally, the tracing script may be scanned manually to check all tracing scripts, and if the scanned tracing script is found to be in a failure state, a failure state identifier is marked on the scanned tracing script; and if the state information of each tracing script scanning any social information source is the invalid state identification, deleting all the social information sources and all the tracing scripts corresponding to the social information sources from the initial tracing script set.
By dynamically adjusting the tracing scripts in the target tracing script set and the initial tracing script set, the expansibility of the tracing scripts is improved, and the use stability of the tracing scripts is improved. Because dynamic adjustment is carried out to ensure that one tracing script is always used, meaningless tracing of the tracing script identified by an invalid state is avoided, resources are saved, the efficiency of tracing a target user is improved, and the stability and reliability of tracing are improved.
And S230, sending the target tracing script set to a client corresponding to the target website so that the client traces the source of the target user based on the target tracing script set.
The client may be a device of the client providing the target website access function, and may be, but is not limited to, various smart phones, palmtop computers, tablet computers, notebook computers, desktop computers, and the like.
Specifically, the server sends the target tracing script set to a client corresponding to the target website, so that the client traces and traces the source of the target user based on the tracing script of the effective state identifier in the target tracing script set. Namely, the client calls the target tracing script to obtain the relevant information of the target user. And then, the client analyzes the acquired related information to obtain an analysis result, and the analysis result is returned to the server, so that the target user is traced by using the client based on the target tracing script set.
In the above process, the analyzing the acquired related information by the client includes:
(1) if the analysis is successful and the social account information of the target user is obtained, the social account information is sent to a server;
(2) and if the analysis is successful and the social account information of the target user is not obtained, the fact that the JSONP interface in the tracing script called by the client is effective is shown, but the target user does not log in the social account. At the moment, the client sends the identification information of the called tracing script and the identification information of 'unregistered' to the server, and continues to call other tracing scripts in the target tracing script set for tracing;
(3) and if the analysis fails, the fact that the JSONP interface in the tracing script called by the client side is invalid is shown, and the social account information of the target user in the corresponding social information source cannot be obtained. At this time, the client sends the identifier information of the called tracing script and the failure state identifier of the JSONP interface failure to the server, so that the server can dynamically adjust the initial tracing script set and the target tracing script set.
In this embodiment of the present disclosure, after sending the target tracing script set to the client corresponding to the target website, the method for tracing to the source of the network attack further includes: receiving script information and a failure state identifier of a third tracing script sent by a client; the third tracing script is a tracing script in the target tracing script set; and setting the script state information of the third tracing script in the initial tracing script set as a failure state identifier so as to update the initial tracing script set.
The third tracing script is a tracing script which is determined by the client from the target tracing script set and of which the script state information is the failure state identifier.
Specifically, according to the above description, after the client calls each tracing script in the target tracing script set, an analysis result may be obtained. If the parsing result corresponding to a certain tracing script is the identification information (namely script information) of the tracing script when parsing fails and the failure state identification of JSONP interface failure, then the tracing script is the third tracing script. And the client sends the script information and the failure state identification of the third tracing script to the server. The server dynamically adjusts script state information of a corresponding tracing script in the initial tracing script set according to information sent by the client, namely the server sets the script state information of a third tracing script in the initial tracing script set as a failure state identifier to dynamically update the initial tracing script set.
In this embodiment of the present disclosure, after setting the script state information of the third tracing script in the initial tracing script set as the failure state identifier to update the initial tracing script set, the tracing method of the network attack further includes: if tracing failure information sent by the client is received, re-determining a target tracing script set from the updated initial tracing script set based on the script state information; and sending the re-determined target tracing script set to the client so that the client continuously traces the source of the target user based on the re-determined target tracing script set.
Specifically, when the client uses each tracing script in the target tracing script set to trace the source of the target user, and analyzes the information obtained by tracing, and does not obtain the social information of the target user, it indicates that the target tracing script set is invalid. At this time, the client sends the tracing failure information to the server. And after receiving the tracing failure information sent by the client, the server determines a target tracing script set again from the updated initial tracing script set based on the script state information. And then, the server sends the re-determined target tracing script set to the client again so that the client continuously traces the source of the target user based on the re-determined target tracing script set. The method for re-determining the target tracing script set from the updated initial tracing script set is the same as the above method, and is not described herein again.
In some embodiments of the present disclosure, a social information source may be set, and tracing of a target user is realized by dynamically switching a tracing script corresponding to the social information source.
In other embodiments of the present disclosure, multiple social information sources may be set, and a target tracing script set is updated by dynamically switching a tracing script combination of the multiple social information sources, so as to implement tracing on a target user.
In the embodiments, in the process of tracing the source of the target user, the source tracing script is dynamically adjusted, so that a target source tracing script set with high availability and high stability can be generated, and the stability and reliability of tracing are improved.
According to the technical scheme, the target tracing script set is determined from the initial tracing script set based on the script state information by receiving and responding to the tracing script acquisition request generated by the target user accessing the target website, and the target tracing script set is sent to the client corresponding to the target website, so that the client traces the source of the target user based on the target tracing script. The target tracing script set is dynamically configured from the initial tracing script set according to the script state information, the expansibility and the expansion effect of the target tracing script set are improved, and the effectiveness of each tracing script for tracing can be ensured, so that the information collection stability of an attacker is improved, and the reliability and the stability of tracing are further improved.
Fig. 4 is a flowchart illustrating a tracing method of a network attack according to another embodiment of the present disclosure. Wherein explanations of the same or corresponding terms as those of the above embodiments are omitted.
As shown in fig. 4, the method for tracing a network attack specifically includes:
s401, the target user accesses the target webpage through the client.
In the disclosed embodiment, a target user requests access to a target web page through a client.
S402, the client receives an access request of a target user.
And S403, the client responds to the access request to connect the target webpage.
If the client successfully connects with the target webpage, jumping to S405; and if the client fails to connect the target webpage, jumping to S404.
S404, the client displays that the request webpage does not exist to the target user.
In the embodiment of the present disclosure, if it is determined that the client does not successfully connect to the target webpage in response to the access request, the client displays to the target user that the requested webpage does not exist and ends.
S405, the client acquires the target tracing script set from the server and displays the target webpage.
In the embodiment of the disclosure, if it is determined that the client successfully connects to the target webpage in response to the access request of the target user, the client acquires the target tracing script set from the server and displays the target webpage to the target user.
S406, the client calls each tracing script in the target tracing script set.
In the embodiment of the disclosure, in the process that a target user accesses a target webpage, a client calls each tracing script in a target tracing script set one by one so as to capture social account information of the target user from a social information source corresponding to the tracing script.
If the calling operation of the tracing script is successfully executed, jumping to S407; and if the calling operation of the tracing script fails to be executed, jumping to S409.
S407, the client acquires social account information of the target user.
In the embodiment of the present disclosure, each time the client calls one tracing script, it is determined whether the called tracing script is successfully executed, that is, whether response data of the tracing script is successfully analyzed. And if the social account information is successful, obtaining the social account information of the target user from the analysis result.
And S408, the client sends the social account information of the target user to the server.
In the embodiment of the disclosure, the successfully acquired tracing information (i.e., social account information) of the target user is sent to the server, and the tracing is ended.
S409, the client sends the script information and the failure state identification of the tracing script to the server.
In the embodiment of the present disclosure, if the client determines that a certain tracing script fails to be executed, the script information of the tracing script is obtained, the script state information of the failure state identifier is set for the client, and then the script information and the failure state identifier are sent to the server, so that the server dynamically updates the script state information of the tracing script in the initial tracing script set. The client then returns to S406 to continue invoking other tracing scripts.
According to the technical scheme of the embodiment of the disclosure, the target webpage can be set through the tracing method for the network attack, the authenticity and the confusion of the virtual defense website are increased, so that the attack of the target user is effectively resisted, the social account information of the target user is recorded under the condition that the target user is not aware through the dynamically configured target tracing script set, the target user can be traced more quickly, and the completeness and the stability of the target website are effectively reinforced through a faster reverse control implementation means. When the tracing fails, the failure tracing script can be marked to realize dynamic configuration of the tracing script, so that the tracing script achieves higher stability and reliability.
Fig. 5 is a schematic structural diagram of a tracing apparatus of a network attack according to an embodiment of the present disclosure.
As shown in fig. 5, the tracing apparatus 500 for network attack specifically includes:
a source script obtaining request receiving module 510, configured to receive a source script obtaining request generated by a target user accessing a target website;
a target tracing script set determining module 520, configured to determine a target tracing script set from the initial tracing script set based on the script state information in response to the tracing script obtaining request;
and a target tracing script set sending module 530, configured to send the target tracing script set to a client corresponding to the target website, so that the client traces the source of the target user based on the target tracing script set.
By the source tracing device for the network attack, a target source tracing script set can be determined from an initial source tracing script set based on script state information by receiving and responding a source tracing script acquisition request generated by a target user accessing a target website, and the target source tracing script set is sent to a client corresponding to the target website, so that the client traces the source of the target user based on the target source tracing script. The target tracing script set is dynamically configured from the initial tracing script set according to the script state information, the expansibility and the expansion effect of the target tracing script set are improved, and the effectiveness of each tracing script for tracing can be ensured, so that the information collection stability of an attacker is improved, and the reliability and the stability of tracing are further improved.
In some embodiments, the target tracing script set determining module 520 further includes a first target tracing script set determining unit for:
and responding to the tracing script acquisition request, and determining a target tracing script set from the initial tracing script set based on the script state information and the social information source.
In some embodiments, the target tracing script set determining module 520 further includes a first tracing script determining unit, a second tracing script determining unit, and a target tracing script set determining unit;
the first tracing script determining unit is used for determining at least one first tracing script corresponding to each social information source from the initial tracing script set;
the second tracing script determining unit is used for determining a second tracing script of which the script state information is an effective state identifier from each first tracing script corresponding to each social information source;
and the target tracing script set determining unit is used for determining each second tracing script as a target tracing script set.
In some embodiments, the second tracing script determining unit is specifically configured to:
and determining a second tracing script of which the script state information is an effective state identifier and which has a preset priority identifier from each first tracing script corresponding to each social information source.
In some embodiments, the tracing apparatus 500 for network attack further includes an initial tracing script set deleting module, configured to:
after at least one first tracing script corresponding to each social information source is determined from the initial tracing script set, if the script state information of each first tracing script corresponding to any social information source is a failure state identifier, deleting the social information source and each first tracing script from the initial tracing script set.
In some embodiments, the tracing apparatus 500 for network attack further includes an initial tracing script set updating module, configured to:
after the target tracing script set is sent to a client corresponding to a target website, receiving script information and a failure state identifier of a third tracing script sent by the client; the third tracing script is a tracing script in the target tracing script set;
and setting the script state information of the third tracing script in the initial tracing script set as a failure state identifier so as to update the initial tracing script set.
In some embodiments, the tracing apparatus 500 for network attack further includes a target tracing script set re-determining unit, configured to:
setting script state information of a third tracing script in the initial tracing script set as a failure state identifier to update the initial tracing script set, and if tracing failure information sent by a client is received, re-determining a target tracing script set from the updated initial tracing script set based on the script state information;
and sending the re-determined target tracing script set to the client so that the client continuously traces the source of the target user based on the re-determined target tracing script set.
The tracing device for network attacks provided by the embodiment of the disclosure can execute the tracing method for network attacks provided by any embodiment of the disclosure, and has corresponding functional modules and beneficial effects of the execution method.
It should be noted that, in the embodiment of the tracing apparatus for network attack, each unit and each module included in the embodiment are only divided according to functional logic, but are not limited to the above division, as long as the corresponding function can be realized; in addition, specific names of the functional units/modules are only used for distinguishing one functional unit/module from another functional unit/module, and are not used for limiting the protection scope of the present disclosure.
Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure. Referring to fig. 6, an electronic device 600 provided by an embodiment of the present disclosure includes: a processor 620 and a memory 610; the processor 620 is configured to execute the steps of the tracing method of network attacks provided by the embodiment of the present disclosure by calling the program or the instruction stored in the memory 610:
receiving a tracing script acquisition request generated by a target user accessing a target website; responding to a tracing script acquisition request, and determining a target tracing script set from an initial tracing script set based on script state information; and sending the target tracing script set to a client corresponding to the target website so that the client traces the source of the target user based on the target tracing script set.
Of course, those skilled in the art can understand that the processor 620 may also implement the technical solution of the method for tracing a network attack provided in any embodiment of the present disclosure.
The electronic device 600 shown in fig. 6 is only an example and should not bring any limitations to the function and scope of use of the embodiments of the present disclosure.
As shown in fig. 6, the electronic device 600 is embodied in the form of a general purpose computing device. The components of the electronic device 600 may include, but are not limited to: one or more processors 620, a memory 610, and a bus 650 that connects the various system components (including the memory 610 and the processors 620).
Bus 650 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. By way of example, such architectures include, but are not limited to, Industry Standard Architecture (ISA) bus, micro-channel architecture (MAC) bus, enhanced ISA bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
Electronic device 600 typically includes a variety of computer system readable media. Such media may be any available media that is accessible by electronic device 600 and includes both volatile and nonvolatile media, removable and non-removable media.
The memory 610 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM)611 and/or cache memory 612. The electronic device 600 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, the storage system 613 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 6, commonly referred to as a "hard drive"). Although not shown in FIG. 6, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to bus 650 by one or more data media interfaces. Memory 610 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the disclosure.
A program/utility 614 having a set (at least one) of program modules 615 may be stored, for example, in memory 610, such program modules 615 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination thereof may comprise an implementation of a network environment. Program modules 615 generally perform the functions and/or methods of any of the embodiments described in this disclosure.
The electronic device 600 may also communicate with one or more external devices 660 (e.g., keyboard, pointing device, display 670, etc.), one or more devices that enable a user to interact with the electronic device 600, and/or any devices (e.g., network card, modem, etc.) that enable the electronic device 600 to communicate with one or more other computing devices. Such communication may be through an input/output interface (I/O interface) 630. Also, the electronic device 600 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via the network adapter 640. As shown in FIG. 6, the network adapter 640 communicates with the other modules of the electronic device 600 via a bus 650. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 600, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
The embodiment of the present disclosure further provides a computer-readable storage medium, where the computer-readable storage medium stores a program or an instruction, and the program or the instruction causes a computer to execute the steps of the method for tracing a network attack provided by the embodiment of the present disclosure:
receiving a tracing script acquisition request generated by a target user accessing a target website; responding to a tracing script acquisition request, and determining a target tracing script set from an initial tracing script set based on script state information; and sending the target tracing script set to a client corresponding to the target website so that the client traces the source of the target user based on the target tracing script set.
Of course, the stored program or instruction of the computer-readable storage medium provided by the embodiments of the present disclosure are not limited to the method operations described above, and may also perform related operations in the tracing method of a network attack provided by any embodiment of the present disclosure.
The computer storage media of embodiments of the present disclosure may take any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It is to be understood that the terminology used in the disclosure is for the purpose of describing particular embodiments only, and is not intended to limit the scope of the present application. As used in the specification and claims of this disclosure, the terms "a," "an," "the," and/or "the" are not intended to be inclusive in the singular, but rather are inclusive in the plural, unless the context clearly dictates otherwise. The term "and/or" includes any and all combinations of one or more of the associated listed items. Relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method or apparatus that comprises the element.
The foregoing are merely exemplary embodiments of the present disclosure, which enable those skilled in the art to understand or practice the present disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A tracing method of network attacks is characterized by comprising the following steps:
receiving a tracing script acquisition request generated by a target user accessing a target website;
responding to the tracing script obtaining request, and determining a target tracing script set from an initial tracing script set based on script state information;
and sending the target tracing script set to a client corresponding to the target website so that the client traces the source of the target user based on the target tracing script set.
2. The method of claim 1, wherein determining a target traceback script set from an initial traceback script set based on script state information in response to the traceback script fetch request comprises:
and responding to the tracing script acquisition request, and determining the target tracing script set from the initial tracing script set based on the script state information and the social information source.
3. The method of claim 2, wherein the determining the target traceback script set from the initial traceback script set based on the script state information and social information sources in response to the traceback script fetch request comprises:
determining at least one first tracing script corresponding to each social information source from the initial tracing script set;
determining a second tracing script of which the script state information is an effective state identifier from the first tracing scripts corresponding to each social information source;
and determining each second tracing script as the target tracing script set.
4. The method according to claim 3, wherein the determining a second tracing script whose script status information is a valid status identifier from the first tracing scripts corresponding to each social information source comprises:
and determining a second tracing script of which the script state information is an effective state identifier and which has a preset priority identifier from each first tracing script corresponding to each social information source.
5. The method of claim 3, wherein after the determining at least one first tracing script for each social information source from the initial tracing script set, the method further comprises:
and if the script state information of each first tracing script corresponding to any social information source is a failure state identifier, deleting the social information source and each first tracing script from the initial tracing script set.
6. The method according to claim 1, wherein after the sending the target tracing script set to the client corresponding to the target website, the method further comprises:
receiving script information and a failure state identifier of a third tracing script sent by the client; the third tracing script is a tracing script in the target tracing script set;
setting the script state information of the third tracing script in the initial tracing script set as the failure state identifier so as to update the initial tracing script set.
7. The method according to claim 6, wherein after the setting the script state information of the third tracing script in the initial tracing script set to the failure state identifier to update the initial tracing script set, the method further comprises:
if tracing failure information sent by the client is received, re-determining the target tracing script set from the updated initial tracing script set based on the script state information;
and sending the re-determined target tracing script set to the client so that the client continuously traces the source of the target user based on the re-determined target tracing script set.
8. A traceable device of a network attack is characterized by comprising:
the source tracing script acquisition request receiving module is used for receiving a source tracing script acquisition request generated by a target user accessing a target website;
a target tracing script set determining module, configured to determine a target tracing script set from an initial tracing script set based on script state information in response to the tracing script acquisition request;
and the target tracing script set sending module is used for sending the target tracing script set to a client corresponding to the target website so that the client traces the source of the target user based on the target tracing script set.
9. An electronic device, characterized in that the electronic device comprises:
a processor and a memory;
the processor is used for executing the steps of the tracing method of the network attack according to any one of claims 1 to 7 by calling the program or the instruction stored in the memory.
10. A computer-readable storage medium, characterized in that it stores a program or instructions for causing a computer to execute the steps of the method for tracing a cyber attack according to any one of claims 1 to 7.
CN202111371923.4A 2021-11-18 2021-11-18 Network attack tracing method, device, equipment and medium Active CN114095245B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111371923.4A CN114095245B (en) 2021-11-18 2021-11-18 Network attack tracing method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111371923.4A CN114095245B (en) 2021-11-18 2021-11-18 Network attack tracing method, device, equipment and medium

Publications (2)

Publication Number Publication Date
CN114095245A true CN114095245A (en) 2022-02-25
CN114095245B CN114095245B (en) 2024-02-02

Family

ID=80301937

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111371923.4A Active CN114095245B (en) 2021-11-18 2021-11-18 Network attack tracing method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN114095245B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100138477A1 (en) * 2008-12-03 2010-06-03 Microsoft Corporation Crunching Dynamically Generated Script Files
CN105471883A (en) * 2015-12-10 2016-04-06 中国电子科技集团公司第三十研究所 Tor network tracing system and tracing method based on web injection
CN112532605A (en) * 2020-11-23 2021-03-19 中信银行股份有限公司 Network attack tracing method and system, storage medium and electronic device
CN113645242A (en) * 2021-08-11 2021-11-12 杭州安恒信息技术股份有限公司 Honeypot source tracing method, device and related equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100138477A1 (en) * 2008-12-03 2010-06-03 Microsoft Corporation Crunching Dynamically Generated Script Files
CN105471883A (en) * 2015-12-10 2016-04-06 中国电子科技集团公司第三十研究所 Tor network tracing system and tracing method based on web injection
CN112532605A (en) * 2020-11-23 2021-03-19 中信银行股份有限公司 Network attack tracing method and system, storage medium and electronic device
CN113645242A (en) * 2021-08-11 2021-11-12 杭州安恒信息技术股份有限公司 Honeypot source tracing method, device and related equipment

Also Published As

Publication number Publication date
CN114095245B (en) 2024-02-02

Similar Documents

Publication Publication Date Title
CN110519401B (en) Method, device, equipment and storage medium for improving network access success rate
CN107948314B (en) Business processing method and device based on rule file and server
CN106778260B (en) Attack detection method and device
US9262642B1 (en) Adaptive client-aware session security as a service
US11503070B2 (en) Techniques for classifying a web page based upon functions used to render the web page
CN111683047B (en) Unauthorized vulnerability detection method, device, computer equipment and medium
US20190222587A1 (en) System and method for detection of attacks in a computer network using deception elements
CN108256014B (en) Page display method and device
US10592399B2 (en) Testing web applications using clusters
JP6995211B2 (en) Enhanced online privacy
US10579710B2 (en) Bidirectional hyperlink synchronization for managing hypertexts in social media and public data repository
CN109450844B (en) Method and device for triggering vulnerability detection
US10594579B2 (en) System monitoring device
CN113204345A (en) Page generation method and device, electronic equipment and storage medium
CN114095567A (en) Data access request processing method and device, computer equipment and medium
CN112800410A (en) Multi-product login management method, device, equipment and storage medium
CN110677506B (en) Network access method, device, computer equipment and storage medium
US20230336636A1 (en) Systems and methods for tracking user access across web domains
CN110177096B (en) Client authentication method, device, medium and computing equipment
US10819750B1 (en) Multi-tenant authentication and permissions framework
CN114095245B (en) Network attack tracing method, device, equipment and medium
US20180109426A1 (en) Host pair detection
CN111368231B (en) Method and device for testing heterogeneous redundancy architecture website
CN110557465A (en) method and device for acquiring IP address of user side
US12032647B2 (en) Tenant network for rewriting of code included in a web page

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant