CN114095245B - Network attack tracing method, device, equipment and medium - Google Patents

Network attack tracing method, device, equipment and medium Download PDF

Info

Publication number
CN114095245B
CN114095245B CN202111371923.4A CN202111371923A CN114095245B CN 114095245 B CN114095245 B CN 114095245B CN 202111371923 A CN202111371923 A CN 202111371923A CN 114095245 B CN114095245 B CN 114095245B
Authority
CN
China
Prior art keywords
script
tracing
target
traceability
initial
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111371923.4A
Other languages
Chinese (zh)
Other versions
CN114095245A (en
Inventor
杨斌
马绍龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN202111371923.4A priority Critical patent/CN114095245B/en
Publication of CN114095245A publication Critical patent/CN114095245A/en
Application granted granted Critical
Publication of CN114095245B publication Critical patent/CN114095245B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)

Abstract

The disclosure relates to the technical field of Internet, and discloses a tracing method, device, equipment and medium for network attack. The method comprises the following steps: receiving a traceability script acquisition request generated by a target user accessing a target website; responding to the tracing script acquisition request, and determining a target tracing script set from the initial tracing script set based on script state information; and sending the target tracing script set to a client corresponding to the target website, so that the client traces the source of the target user based on the target tracing script set. Through the technical scheme, the target tracing script set for network attack tracing is dynamically adjusted, the expansibility and stability of the tracing script are improved, and the timeliness of tracing is greatly improved.

Description

Network attack tracing method, device, equipment and medium
Technical Field
The disclosure relates to the technical field of internet, and in particular relates to a tracing method, device, equipment and medium for network attack.
Background
Today, along with the development of the honeypot field, the honeypot technology is gradually mature. Among the honeypots, the WEB honeypot is a common honeypot, and is mainly used for constructing an inducible virtual webpage aiming at a defending website so as to collect relevant information of an attacker who wants to attack the defending website and trace the source of the attacker.
In the prior art, there is a WEB honeypot method, which collects various personal information of an attacker by nesting a plurality of traceability scripts in a WEB page template.
However, this existing solution can only collect information through multiple embedded traceability scripts, which can cause the following problems: on one hand, when some traceability scripts fail, the quantity and quality of information collected by the traceability scripts can be reduced, so that the traceability stability of the scheme is poor; on the other hand, when the traceability script needs to be changed (such as added, deleted and modified), each script file on the server side needs to be manually modified, which is time-consuming and labor-consuming, so that the extensibility of the traceability script is poor.
Disclosure of Invention
In order to solve the technical problems or at least partially solve the technical problems, the disclosure provides a tracing method, a tracing device, tracing equipment and tracing media for network attack.
In a first aspect, the present disclosure provides a tracing method for a network attack, including:
receiving a traceability script acquisition request generated by a target user accessing a target website;
responding to the tracing script acquisition request, and determining a target tracing script set from the initial tracing script set based on script state information;
And sending the target tracing script set to a client corresponding to the target website so that the client traces the source of the target user based on the target tracing script set.
In some embodiments, in response to the trace-source script acquisition request, determining the target trace-source script set from the initial trace-source script set based on the script state information comprises:
and responding to the tracing script acquisition request, and determining a target tracing script set from the initial tracing script set based on the script state information and the social information source.
In some embodiments, determining a target set of trace scripts from the initial set of trace scripts based on the script state information and the social information source comprises:
determining at least one first tracing script corresponding to each social information source from the initial tracing script set;
and determining a second traceability script with script state information being a valid state identifier from the first traceability scripts corresponding to each social information source.
In some embodiments, determining, from each first trace script corresponding to each social information source, a second trace script whose script state information is a valid state identifier includes:
and determining a second traceability script with valid state identification and preset priority identification as script state information from each first traceability script corresponding to each social information source.
In some embodiments, after validating the at least one first traceability script corresponding to each social information source from the initial traceability script set, the method further includes:
and if the script state information of each first traceability script corresponding to any social information source is the failure state identification, deleting the social information source and each first traceability script from the initial traceability script set.
In some embodiments, after the target traceability script set is sent to the client corresponding to the target website, the method further includes:
receiving script information and failure state identification of a third traceability script sent by a client; the third traceability script is a traceability script in the target traceability script set;
and setting script state information of a third traceable script in the initial traceable script set as a failure state identifier so as to update the initial traceable script set.
In some embodiments, after setting script state information of a third tracing script in the initial tracing script set to a failure state identifier and updating the initial tracing script set, the method further includes:
if the tracing failure information sent by the client is received, re-determining a target tracing script set from the updated initial tracing script set based on the script state information;
And sending the redetermined target tracing script set to the client so that the client can continue tracing the target user based on the redetermined target tracing script set.
In a second aspect, the present disclosure provides a tracing apparatus for a network attack, the apparatus including:
the traceability script acquisition request receiving module is used for receiving a traceability script acquisition request generated when a target user accesses a target website;
the target tracing script set determining module is used for determining a target tracing script set from the initial tracing script set based on script state information in response to the tracing script acquisition request;
and the target tracing script set sending module is used for sending the target tracing script set to the client corresponding to the target website so that the client traces the source of the target user based on the target tracing script set.
In some embodiments, the target traceability script set determining module further includes a first target traceability script set determining unit configured to: and responding to the tracing script acquisition request, and determining a target tracing script set from the initial tracing script set based on the script state information and the social information source.
In some embodiments, the target traceability script set determining module further includes a first traceability script determining unit, a second traceability script determining unit, and a target traceability script set determining unit;
The first tracing script determining unit is used for determining at least one first tracing script corresponding to each social information source from the initial tracing script set;
the second tracing script determining unit is used for determining a second tracing script with script state information being an effective state identifier from the first tracing scripts corresponding to each social information source;
the target tracing script set determining unit is configured to determine each of the second tracing scripts as the target tracing script set.
In some embodiments, the second traceability script determining unit is specifically configured to:
and determining a second traceability script with valid state identification and preset priority identification as script state information from each first traceability script corresponding to each social information source.
In some embodiments, the apparatus further comprises an initial traceability script set deletion module configured to:
after determining at least one first tracing script corresponding to each social information source from the initial tracing script set, if the script state information of each first tracing script corresponding to any social information source is a failure state identifier, deleting the social information source and each first tracing script from the initial tracing script set.
In some embodiments, the apparatus further comprises an initial traceability script set update module to:
after the target traceability script set is sent to the client corresponding to the target website, script information and failure state identification of a third traceability script sent by the client are received; the third traceability script is a traceability script in the target traceability script set;
and setting script state information of a third traceable script in the initial traceable script set as a failure state identifier so as to update the initial traceable script set.
In some embodiments, the apparatus further includes a target trace-source script set redefining unit configured to:
setting the script state information of the third traceable script in the initial traceable script set as the failure state identifier so as to update the initial traceable script set, and if the traceable failure information sent by the client is received, re-determining a target traceable script set from the updated initial traceable script set based on the script state information;
and sending the redetermined target tracing script set to the client so that the client can continue tracing the target user based on the redetermined target tracing script set.
In a third aspect, the present disclosure provides an electronic device comprising:
a processor and a memory;
the processor is configured to perform the steps of the method described in any of the embodiments of the present disclosure by invoking a program or instructions stored in the memory.
In a fourth aspect, the present disclosure provides a computer-readable storage medium storing a program or instructions that cause a computer to perform the steps of the method described in any of the embodiments of the present disclosure.
According to the tracing method, device, equipment and medium for the network attack, provided by the embodiment of the disclosure, the tracing script acquisition request generated by the target user accessing the target website can be received and responded, the target tracing script set is determined from the initial tracing script set based on the script state information, and the target tracing script set is sent to the client corresponding to the target website, so that the client traces the source of the target user based on the target tracing script. The method and the system realize dynamic configuration of the target tracing script set from the initial tracing script set according to the script state information, improve the expansibility and expansion effect of the target tracing script set, and ensure the effectiveness of each tracing script for tracing, thereby improving the stability of attacker information collection and further improving the reliability and stability of tracing.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure.
In order to more clearly illustrate the embodiments of the present disclosure or the solutions in the prior art, the drawings that are required for the description of the embodiments or the prior art will be briefly described below, and it will be obvious to those skilled in the art that other drawings can be obtained from these drawings without inventive effort.
Fig. 1 is a schematic view of a scenario of a tracing method for a network attack according to an embodiment of the present disclosure.
Fig. 2 is a flow chart of a tracing method for network attack according to an embodiment of the present disclosure;
FIG. 3 is a schematic diagram of an initial set of traceability scripts provided by an embodiment of the present disclosure;
fig. 4 is a flowchart of another tracing method for network attack according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of a tracing device for network attack according to an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
In order that the above objects, features and advantages of the present disclosure may be more clearly understood, a further detailed description of aspects of the present disclosure will be provided below. It should be noted that, without conflict, the embodiments of the present disclosure and features in the embodiments may be combined with each other.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure, but the present disclosure may be practiced otherwise than as described herein; it will be apparent that the embodiments in the specification are only some, but not all, embodiments of the disclosure.
At present, honey pot is used for actively defending network security, and the honey pot is mainly used for constructing an inducible virtual webpage aiming at a defending website so as to collect relevant information of an attacker who wants to attack the defending website and trace the attacker. Among the honeypots, the WEB honeypot becomes a common honeypot, and various personal information of an attacker is accurately positioned by embedding a plurality of tracing scripts in a webpage template to realize quick tracing.
In the prior art, the following defects often exist in the network tracing method by utilizing honeypots: on one hand, when some tracing scripts fail, the quantity and quality of information collected by tracing can be reduced, so that the tracing stability of the scheme in the prior art is poor; on the other hand, when the traceability script needs to be added, deleted and modified, each script file on the server side must be manually modified, which is time-consuming and labor-consuming, so that the extensibility of the traceability script is poor.
Based on the above situation, the embodiment of the disclosure provides a scheme of a tracing method of dynamically configuring a tracing script applied to network attack, so as to realize dynamic configuration of the tracing script, avoid meaningless tracing by using a failure tracing script, and improve expansibility and stability of the tracing script.
The tracing method for the network attack provided by the embodiment of the disclosure is mainly suitable for the situation of tracing and tracing by using the WEB honey pot. The tracing method of the network attack provided by the embodiment of the disclosure can be executed by a tracing device of the network attack, the device can be realized by software and/or hardware, and the device can be integrated in electronic equipment with a certain operation function, such as a notebook computer, a desktop computer, a server and the like.
Firstly, an application scenario of the network attack tracing method provided by the embodiment of the present disclosure is described.
Fig. 1 is an application scenario schematic diagram of a tracing method for network attack provided in an embodiment of the present disclosure.
As shown in fig. 1, the application scenario is a scenario in which interaction is performed among a server 110, a client 120, and a target user 130 in a network environment.
The server 110 may be a server corresponding to a back-end running target web page; the client 120 may be a user device corresponding to the target webpage; the target user 130 may be an attacker who may obtain resources from the target web page through a network attack means, such as a hacker.
Alternatively, the target web page may be a defensive web page generated by the target web site for defending against the attack of the target user 130, and when the target user 130 accesses, the target web page is presented to the target user 130 for access.
Specifically, the target user 130 accesses the target website through the client 120, and the client 120 presents the target webpage to the target user 130 in response to the access request of the target user 130. And, the client 120 obtains the set of target traceability scripts from the service 110. Then, the client 120 calls each tracing script in the target tracing script set one by one to obtain relevant information corresponding to the target user 130. In the embodiment of the present disclosure, the traceable script includes JavaScript codes (abbreviated as JS codes) for collecting social account information, so that the relevant information of the target user 130 obtained by the client 120 includes the social account information on the social website corresponding to the JS codes. The social account information may include information such as a user name, a nickname, a cell phone number, and the like. Then, the client 120 transmits the obtained related information or each social account information obtained by analyzing the related information to the server 110. If the relevant information is received, the server 110 analyzes the relevant information to obtain corresponding social account information. Finally, the server 110 may trace the source of the target user 130 based on the obtained account information, so as to complete tracing the target user when accessing the target webpage, so as to defend against network attacks and ensure the security of the target website.
According to the tracing scheme of the network attack, in the tracing and tracing process, the tracing script is used for acquiring the social account information corresponding to the target user to trace and trace the target user, so that the problem that the tracing accuracy is reduced due to the influence of the multi-layer agent set by the target user when an attacker traces the source by using the IP address is avoided, and the tracing accuracy and timeliness of the network attack are greatly improved. For enterprises, WEB honeypots can be utilized to effectively defend attacks, and target users are tracked and traced by collecting social data, so that the safety and stability of the enterprise network environment are effectively enhanced.
The following describes a tracing method for network attack provided by the embodiment of the present disclosure with reference to fig. 2 to fig. 4.
In the embodiment of the present disclosure, the tracing method of the network attack may be applied to the server 110 shown in fig. 1, where the server 110 may be implemented as a single server or may be implemented as a server cluster.
Fig. 2 is a flow chart of a tracing method for network attack according to an embodiment of the present disclosure.
As shown in fig. 2, the tracing method specifically includes the following steps:
s210, receiving a traceability script acquisition request generated by a target user accessing a target website.
The target user is a user accessing a target webpage embedded in the WEB honey pot, and can be any attacker, and in the embodiment of the disclosure, the target information of the target user needs to be obtained through tracing; the target website may be a defensive website arranged to defend against an attacker obtaining resources, which is used to induce an attacker attack.
Specifically, in the embodiment of the disclosure, a developer sets a target webpage for defending for a target website in advance according to a WEB honey pot so as to induce an attacker to access. When a target user accesses a target website, the client can detect an access request of the target user, generate a traceability script acquisition request based on the access request of the target user, and transmit the traceability script acquisition request to a server corresponding to the target website so as to request the server to acquire the traceability script. The server receives the traceability script acquisition request.
The traceable script in the process is a script for acquiring related information of the target user, and at least comprises a JSONP interface and a JS code corresponding to the JSONP interface. JSONP is a "usage pattern" of JSON, which can be used to solve the problem of cross-domain data access of a browser, and a web page can obtain JSON data dynamically generated from other sources by using an open policy of a < script > element, and the usage pattern is a so-called JSONP, and an interface supporting access using the JSONP pattern is called a JSONP interface. The JSONP interface may be collected over a network. The JS codes are codes written for the JSONP interfaces and used for executing the functions of acquiring cookie data in the process that a target user uses a client, calling the corresponding JSONP interfaces, uploading/analyzing returned data and the like.
S220, responding to the tracing script acquisition request, and determining a target tracing script set from the initial tracing script set based on script state information.
The script state information is information for representing whether the traceability script is available or not, for example, may be a valid state identifier for representing whether the traceability script is available or an invalid state identifier for representing whether the traceability script is unavailable. The initial set of trace-source scripts refers to a set of all trace-source scripts maintained in the server. Each trace-source script in the initial trace-source script set corresponds to script state information. Each traceable script in the initial traceable script set can be constructed by continuously collecting JSONP interfaces in a network and generating JS codes for the JSONP interfaces, script state information of each constructed traceable script can be defaulted to be a valid state identifier, and the script state information can be determined to be a valid state identifier or an invalid state identifier in a manual test mode. The target traceability script set is a set of a plurality of traceability scripts for acquiring social account information of a target user, and each traceability script is obtained by screening from the initial traceability script set.
Specifically, after the server receives the traceability script acquisition request, the traceability scripts with the script state information being the valid state identifier can be dynamically screened according to the script state information of each traceability script in the initial traceability script set, so that a plurality of traceability scripts are obtained. And then, the server combines at least part of the trace scripts obtained by screening to generate a target trace script set.
In some embodiments, S220 may be implemented as: and responding to the tracing script acquisition request, and determining a target tracing script set from the initial tracing script set based on the script state information and the social information source.
Where social information sources refer to source websites of social account information, which may correspond to social vendors that provide social applications. In consideration of the situations that a target user may register social account information at a plurality of social information sources, and the validity of trace scripts corresponding to some social information sources is unstable, each trace script in the initial trace script set in the embodiment of the disclosure may carry social information sources in addition to script state information. In the process of maintaining the initial traceability script set by the server, for each social information source, JSONP interfaces of the social information source are continuously collected as much as possible, corresponding JS codes are written, and a plurality of traceability scripts corresponding to the social information source are formed. Thus, at least one traceability script is available for each social information source.
According to the above description, the content and the corresponding relationship included in the initial tracing script set may be as shown in fig. 3. The initial tracing script set comprises a social information source 1, social information sources 2 and … … and a social information source n, each social information source corresponds to a plurality of tracing scripts, and each tracing script carries script state information (such as effective state identification and ineffective state identification). The storage structure, storage form, and the like of the initial traceability script set are not limited.
Specifically, the server responds to a tracing script obtaining request, and according to script state information and social source information of each tracing script, at least one tracing script with script state information corresponding to a plurality of social information sources as a valid state identifier is screened out from an initial tracing script set, so that a target tracing script set is generated. For example, the server screens out one or more tracing scripts corresponding to each social information source to generate a target tracing script set; for another example, the server screens out more social information sources of a certain number of registered users, and then selects at least one tracing script carrying a valid state identifier from a plurality of tracing scripts corresponding to the social information sources to generate a target tracing script set.
In some embodiments, in response to the tracing script acquisition request, determining the target tracing script set from the initial tracing script set based on the script status information and the social information source includes: determining at least one first tracing script corresponding to each social information source from the initial tracing script set; determining a second traceability script with script state information being a valid state identifier from the first traceability scripts corresponding to each social information source; and determining each second tracing script as a target tracing script set.
The first tracing script refers to tracing scripts corresponding to each social information source obtained by first selecting all tracing scripts in the initial tracing script set according to the social information source. The second traceability script refers to a traceability script with valid state identification of script state information determined by secondary selection in each first traceability script obtained after the first selection according to social information sources.
Specifically, the server responds to the traceability script obtaining request, and according to the social information source of each traceability script, first selects all traceability scripts in the initial traceability script set to obtain at least one traceability script, namely a first traceability script, in each social information source. And then, the server performs second selection according to the script state information of each of the first traceable scripts, namely, determines at least one traceable script with the script state information being the effective state identification from the first traceable scripts as a second traceable script. And finally, the server combines all the determined second traceability scripts to generate a target traceability script set.
In other embodiments, the above process of screening the initial tracing script set according to social information sources and script status information to obtain the target tracing script set may be further implemented as: and the server responds to the traceability script acquisition request, and according to the script state information of each traceability script, performs first selection on each traceability script in the initial traceability script set to obtain each traceability script with the script state information being a valid state identifier. And then, the server performs second selection on the tracing scripts of all the valid state identifiers obtained by the first selection according to the social information sources, namely, selects one or more tracing scripts corresponding to the social information sources from the tracing scripts of all the valid state identifiers obtained by the first selection, and is used for generating a target tracing script set.
In some embodiments, determining, from the first trace scripts corresponding to each social information source, the second trace script in which the script state information is the valid state identifier includes: and determining a second traceability script with valid state identification and preset priority identification as script state information from each first traceability script corresponding to each social information source.
The preset priority identification refers to a preset priority of the traceability script, and the higher the priority is, the earlier the traceability script is selected to generate the target traceability script set. The preset priority identification may be manually set; or may be randomly arranged; the method can also be determined according to the time length acquired by the JSONP interface, for example, the shorter the JSONP interface acquires time length is, the higher the preset priority of the corresponding traceability script is, so that the traceability script with shorter exposure time of the JSONP interface is preferentially used, the effectiveness of the traceability script in the target traceability script set is improved, and the accuracy and timeliness of traceability are further improved.
According to the above description, as shown in fig. 3, the initial trace script set includes social information source 1, social information sources 2, … …, and social information source n, each social information source corresponds to a plurality of trace scripts, and each trace script further carries a preset priority identifier (such as priority 1, priority 2, … …, and priority n).
Specifically, when the server performs secondary selection on each first tracing script corresponding to each social information source, one first tracing script with the highest preset priority identifier and the script state information being the valid state identifier can be selected as the second tracing script.
It should be noted that, for each social information source, the corresponding second traceability script may be one or more.
In some embodiments, after determining at least one first tracing script corresponding to each social information source from the initial tracing script set, the tracing method of the network attack further includes: and if the script state information of each trace script corresponding to any social information source is the failure state identification, deleting the social information source and each first trace script from the initial trace script set.
Specifically, after determining at least one first tracing script corresponding to each social information source from the initial tracing script set according to the social information source, if the server determines that script state information of all first tracing scripts corresponding to a certain social information source is a failure state identifier, it indicates that all tracing scripts in the social information source are failed, and effective tracing cannot be performed on a target user. Therefore, the social information source and all the corresponding tracing scripts are deleted from the initial tracing script set, so that meaningless information acquisition operation is avoided according to the invalid tracing scripts, running resources of a client are saved, and tracing accuracy is further improved.
In the embodiment of the disclosure, the tracing scripts in the target tracing script set are dynamically adjusted according to the dynamic adjustment rule.
The dynamic adjustment rule is to check the trace source script, and if the trace source script in use is found to be in a failure state, the trace source script is replaced, and the trace source script with the highest priority in a valid state is adjusted to be in use. If all the trace scripts of one social information source are verified to be in a failure state, even if the social information source is already configured in the target trace script set, the social information source is rejected and is not used as metadata of the trace scripts.
Optionally, scanning can be performed manually, all the traceability scripts can be checked, and if the scanned traceability scripts are found to be in a failure state, failure state identification is marked on the traceability scripts; and if the state information of each trace source script of any social information source is a failure state identification, deleting all the social information sources and all trace source scripts corresponding to the social information sources from the initial trace source script set.
By dynamically adjusting the tracing scripts in the target tracing script set and the initial tracing script set, the expansibility of the tracing scripts is improved, and the stability of the tracing scripts in use is improved. Because the dynamic adjustment is used for ensuring that one tracing script is always in use, meaningless tracing of the tracing script by using the invalid state identification is avoided, resources are further saved, the tracing efficiency of a target user is improved, and the tracing stability and reliability are improved.
And S230, the target tracing script set is sent to a client corresponding to the target website, so that the client traces the source of the target user based on the target tracing script set.
The client may be a device of a user side providing a target website access function, and may be, but not limited to, various smart phones, palm computers, tablet computers, notebook charges, desktop computers, and the like.
Specifically, the server sends the target tracing script set to the client corresponding to the target website, so that the client traces and traces the target user based on the tracing script of the effective state identification in the target tracing script set. That is, the client first invokes the target tracing script to obtain the relevant information of the target user. And then, the client analyzes the acquired related information to obtain an analysis result, and returns the analysis result to the server so as to trace the source of the target user by using the client based on the target tracing script set.
In the above process, the client analyzing the acquired related information includes:
(1) The method comprises the steps that analysis is successful, social account information of a target user is obtained, and the social account information is sent to a server;
(2) And the analysis is successful, but the social account information of the target user is not obtained, and the fact that the JSONP interface in the traceable script called by the client is effective is explained, but the target user does not log in the social account. At the moment, the client sends the identification information of the called traceability script and the identification information of 'unregistered' to the server, and continues to call other traceability scripts in the target traceability script set for traceability;
(3) And the analysis fails, namely that the JSONP interface in the traceable script called by the client fails, and the social account information of the target user in the corresponding social information source cannot be acquired. At this time, the client sends the identification information of the called traceable script and the failure state identification of the JSONP interface failure to the server, so that the server dynamically adjusts the initial traceable script set and the target traceable script set.
In the embodiment of the present disclosure, after the target tracing script set is sent to the client corresponding to the target website, the tracing method of the network attack further includes: receiving script information and failure state identification of a third traceability script sent by a client; the third traceability script is a traceability script in the target traceability script set; and setting script state information of a third traceable script in the initial traceable script set as a failure state identifier so as to update the initial traceable script set.
The third traceability script refers to a traceability script, wherein the traceability script is determined from the target traceability script set by the client and has script state information of failure state identification.
Specifically, according to the above description, after the client invokes each tracing script in the target tracing script set, an analysis result may be obtained. If the analysis result corresponding to a certain trace-source script is the identification information (namely script information) of the trace-source script when the analysis fails and the failure state identification of the JSONP interface failure, the trace-source script is the third trace-source script. And the client sends script information and failure state identification of the third traceability script to the server. And the server dynamically adjusts script state information of the corresponding traceable script in the initial traceable script set according to the information sent by the client, namely the server sets the script state information of the third traceable script as a failure state identifier in the initial traceable script set, so as to dynamically update the initial traceable script set.
In the embodiment of the present disclosure, after setting script status information of a third tracing script in an initial tracing script set to a failure status identifier to update the initial tracing script set, the tracing method of network attack further includes: if the tracing failure information sent by the client is received, re-determining a target tracing script set from the updated initial tracing script set based on the script state information; and sending the redetermined target tracing script set to the client so that the client can continue tracing the target user based on the redetermined target tracing script set.
Specifically, when the client performs tracing on the target user by using each tracing script in the target tracing script set, analyzes information obtained by tracing, and does not acquire social information of the target user, the target tracing script set is invalid. At this time, the client sends the source tracing failure information to the server. And after receiving the tracing failure information sent by the client, the server redetermines the target tracing script set from the updated initial tracing script set based on the script state information. And then, the server sends the redetermined target tracing script set to the client again, so that the client continues tracing the target user based on the redetermined target tracing script set. The method for redefining the target tracing script set from the updated initial tracing script set is the same as the above method, and will not be described herein.
In some embodiments of the present disclosure, a social information source may be set, and tracing of a target user is implemented by dynamically switching tracing scripts corresponding to the social information source.
In other embodiments of the present disclosure, a plurality of social information sources may be set, and a target traceability script set is updated by dynamically switching traceability script combinations of the plurality of social information sources, so as to implement traceability tracking on a target user.
In the embodiments, in the process of tracing the source of the target user, the tracing script is dynamically adjusted, so that the target tracing script set with high availability and high stability can be generated, and the stability and reliability of tracing are improved.
According to the technical scheme, the target traceability script set is determined from the initial traceability script set based on script state information by receiving and responding to the traceability script acquisition request generated by the target user accessing the target website, and the target traceability script set is sent to the client corresponding to the target website, so that the client can trace the source of the target user based on the target traceability script. The method and the system realize dynamic configuration of the target tracing script set from the initial tracing script set according to the script state information, improve the expansibility and expansion effect of the target tracing script set, and ensure the effectiveness of each tracing script for tracing, thereby improving the stability of attacker information collection and further improving the reliability and stability of tracing.
Fig. 4 is a flowchart of a tracing method of another network attack according to an embodiment of the present disclosure. Wherein the explanation of the same or corresponding terms as those of the above embodiments is not repeated herein.
As shown in fig. 4, the tracing method for network attack specifically includes:
s401, the target user accesses the target webpage through the client.
In the embodiment of the disclosure, a target user requests access to a target webpage through a client.
S402, the client receives an access request of the target user.
S403, the client responds to the access request to connect the target webpage.
If the client is successfully connected with the target webpage, jumping to S405; if the client fails to connect to the target web page, the process goes to S404.
S404, the client displays that the requested webpage does not exist to the target user.
In the embodiment of the disclosure, if it is determined that the client does not successfully connect to the target web page in response to the access request, the client displays to the target user that the requested web page does not exist and ends.
S405, the client acquires a target traceability script set from the server and displays a target webpage.
In the embodiment of the disclosure, if it is determined that the client is successfully connected to the target webpage in response to the access request of the target user, the client acquires the target traceability script set from the server, and simultaneously displays the target webpage to the target user.
S406, the client calls each tracing script in the target tracing script set.
In the embodiment of the disclosure, in the process that the target user accesses the target webpage, the client side can call each tracing script in the target tracing script set one by one so as to capture social account information of the target user from social information sources corresponding to the tracing scripts.
If the call operation of the tracing script is successfully executed, jumping to S407; if the execution of the call operation of the trace-source script fails, the process goes to S409.
S407, the client acquires social account information of the target user.
In the embodiment of the disclosure, each time a client invokes a traceability script, whether the invoked traceability script is successfully executed is judged, namely whether response data of the traceability script is successfully analyzed is judged. If the analysis result is successful, the social account information of the target user is obtained from the analysis result.
S408, the client sends the social account information of the target user to the server.
In the embodiment of the disclosure, the tracing information (i.e., social account information) of the target user, which is successfully acquired, is sent to the server, and the tracing is ended.
S409, the client sends script information of the traceability script and the failure state identification to the server.
In the embodiment of the disclosure, if the client side judges that execution of a certain traceable script fails, script information of the traceable script is obtained, script state information of a failure state identifier is set for the traceable script, and then the script information and the failure state identifier are sent to the server, so that the server dynamically updates the script state information of the traceable script in the initial traceable script set. Then, the client returns to S406, and continues to call other tracing scripts.
According to the technical scheme, the target webpage can be set through the tracing method of the network attack, the authenticity and the confusion of the virtual defending website are increased, so that the attack of the target user is effectively resisted, the social account information of the target user is recorded under the condition that the target user does not feel through the dynamically configured target tracing script set, the target user can be tracked more quickly, the countermeasures are implemented more quickly, and the completeness and the stability of the target website are effectively strengthened. When the tracing fails, the invalid tracing script can be marked to realize dynamic configuration of the tracing script, so that the tracing script achieves higher stability and reliability.
Fig. 5 is a schematic structural diagram of a tracing device for network attack according to an embodiment of the present disclosure.
As shown in fig. 5, the tracing device 500 for network attack specifically includes:
the traceability script acquisition request receiving module 510 is configured to receive a traceability script acquisition request generated when a target user accesses a target website;
the target tracing script set determining module 520 is configured to determine a target tracing script set from the initial tracing script set based on script state information in response to the tracing script acquisition request;
The target tracing script set sending module 530 is configured to send the target tracing script set to a client corresponding to the target website, so that the client traces a source of the target user based on the target tracing script set.
According to the tracing device for the network attack, the tracing script acquisition request generated by the target user accessing the target website can be received and responded, the target tracing script set is determined from the initial tracing script set based on the script state information, and the target tracing script set is sent to the client corresponding to the target website, so that the client traces the source of the target user based on the target tracing script. The method and the system realize dynamic configuration of the target tracing script set from the initial tracing script set according to the script state information, improve the expansibility and expansion effect of the target tracing script set, and ensure the effectiveness of each tracing script for tracing, thereby improving the stability of attacker information collection and further improving the reliability and stability of tracing.
In some embodiments, the target traceability script set determination module 520 further includes a first target traceability script set determination unit configured to:
and responding to the tracing script acquisition request, and determining a target tracing script set from the initial tracing script set based on the script state information and the social information source.
In some embodiments, the target traceability script set determination module 520 further includes a first traceability script determination unit, a second traceability script determination unit, and a target traceability script set determination unit;
the first tracing script determining unit is used for determining at least one first tracing script corresponding to each social information source from the initial tracing script set;
the second tracing script determining unit is used for determining a second tracing script with script state information being an effective state identifier from the first tracing scripts corresponding to each social information source;
the target tracing script set determining unit is used for determining each second tracing script as a target tracing script set.
In some embodiments, the second traceability script determining unit is specifically configured to:
and determining a second traceability script with valid state identification and preset priority identification as script state information from each first traceability script corresponding to each social information source.
In some embodiments, the tracing apparatus 500 for network attack further includes an initial tracing script set deleting module, configured to:
after determining at least one first tracing script corresponding to each social information source from the initial tracing script set, if the script state information of each first tracing script corresponding to any social information source is a failure state identifier, deleting the social information source and each first tracing script from the initial tracing script set.
In some embodiments, the tracing device 500 for network attack further includes an initial tracing script set updating module, configured to:
after the target traceability script set is sent to the client corresponding to the target website, script information and failure state identification of a third traceability script sent by the client are received; the third traceability script is a traceability script in the target traceability script set;
and setting script state information of a third traceable script in the initial traceable script set as a failure state identifier so as to update the initial traceable script set.
In some embodiments, the tracing apparatus 500 for network attack further includes a target tracing script set redetermining unit, configured to:
setting script state information of a third traceable script in the initial traceable script set as a failure state identifier so as to update the initial traceable script set, and if the traceable failure information sent by the client is received, re-determining a target traceable script set from the updated initial traceable script set based on the script state information;
and sending the redetermined target tracing script set to the client so that the client can continue tracing the target user based on the redetermined target tracing script set.
The network attack tracing device provided by the embodiment of the disclosure can execute the network attack tracing method provided by any embodiment of the disclosure, and has the corresponding functional modules and beneficial effects of the execution method.
It should be noted that, in the embodiment of the tracing device for network attack, each unit and module included are only divided according to the functional logic, but not limited to the above division, so long as the corresponding function can be realized; in addition, the specific names of the functional units/modules are also only for convenience of distinguishing from each other, and are not used to limit the protection scope of the present disclosure.
Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure. Referring to fig. 6, an electronic device 600 provided in an embodiment of the present disclosure includes: a processor 620 and a memory 610; the processor 620 is configured to execute the steps of the tracing method for network attack provided by the embodiment of the present disclosure by calling the program or the instruction stored in the memory 610:
receiving a traceability script acquisition request generated by a target user accessing a target website; responding to the tracing script acquisition request, and determining a target tracing script set from the initial tracing script set based on script state information; and sending the target tracing script set to a client corresponding to the target website so that the client traces the source of the target user based on the target tracing script set.
Of course, those skilled in the art will appreciate that the processor 620 may also implement the technical solution of the tracing method for network attack provided in any embodiment of the present disclosure.
The electronic device 600 shown in fig. 6 is merely an example and should not be construed to limit the functionality and scope of use of embodiments of the present disclosure in any way.
As shown in fig. 6, the electronic device 600 is in the form of a general purpose computing device. Components of electronic device 600 may include, but are not limited to: one or more processors 620, a memory 610, and a bus 650 that connects the different system components (including the memory 610 and the processor 620).
Bus 650 represents one or more of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, a processor, and a local bus using any of a variety of bus architectures. By way of example, and not limitation, such architectures include Industry Standard Architecture (ISA) bus, micro channel architecture (MAC) bus, enhanced ISA bus, video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
Electronic device 600 typically includes a variety of computer system readable media. Such media can be any available media that is accessible by electronic device 600 and includes both volatile and nonvolatile media, removable and non-removable media.
Memory 610 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM) 611 and/or cache memory 612. The electronic device 600 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 613 may be used to read from or write to non-removable, nonvolatile magnetic media (not shown in FIG. 6, commonly referred to as a "hard disk drive"). Although not shown in fig. 6, a magnetic disk drive for reading from and writing to a removable non-volatile magnetic disk (e.g., a "floppy disk"), and an optical disk drive for reading from or writing to a removable non-volatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In such cases, each drive may be coupled to bus 650 via one or more data medium interfaces. Memory 610 may include at least one program product having a set (e.g., at least one) of program modules configured to carry out the functions of the various embodiments of the disclosure.
A program/utility 614 having a set (at least one) of program modules 615 may be stored in, for example, memory 610, such program modules 615 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment. Program modules 615 generally perform the functions and/or methods in any of the embodiments described in this disclosure.
The electronic device 600 may also communicate with one or more external devices 660 (e.g., keyboard, pointing device, display 670, etc.), one or more devices that enable a user to interact with the electronic device 600, and/or any devices (e.g., network card, modem, etc.) that enable the electronic device 600 to communicate with one or more other computing devices. Such communication may occur through an input/output interface (I/O interface) 630. Also, the electronic device 600 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN) and/or a public network, such as the Internet, through the network adapter 640. As shown in fig. 6, network adapter 640 communicates with other modules of electronic device 600 over bus 650. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 600, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
The embodiments of the present disclosure also provide a computer readable storage medium storing a program or instructions that cause a computer to execute the steps of the tracing method for a network attack provided by the embodiments of the present disclosure:
Receiving a traceability script acquisition request generated by a target user accessing a target website; responding to the tracing script acquisition request, and determining a target tracing script set from the initial tracing script set based on script state information; and sending the target tracing script set to a client corresponding to the target website so that the client traces the source of the target user based on the target tracing script set.
Of course, the program or the instructions stored in the computer readable storage medium provided by the embodiments of the present disclosure are not limited to the method operations described above, but may also perform related operations in the network attack tracing method provided by any embodiment of the present disclosure.
The computer storage media of the embodiments of the present disclosure may take the form of any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations of the present disclosure may be written in one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
It is noted that the terminology used in the present disclosure is for the purpose of describing particular embodiments only and is not intended to limit the scope of the present application. As used in the specification and the claims, the terms "a," "an," "the," and/or "the" are not specific to a singular, but may include a plurality, unless the context clearly dictates otherwise. The term "and/or" includes any and all combinations of one or more of the associated listed items. Relational terms such as "first" and "second", and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method or apparatus comprising such elements.
The foregoing is merely a specific embodiment of the disclosure to enable one skilled in the art to understand or practice the disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown and described herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (7)

1. The tracing method for the network attack is characterized by comprising the following steps:
receiving a traceability script acquisition request generated by a target user accessing a target website;
responding to the traceability script acquisition request, and determining a target traceability script set from the initial traceability script set based on script state information and social information sources;
the target tracing script set is sent to a client corresponding to the target website, so that the client traces the source of the target user based on the target tracing script set;
after the target traceability script set is sent to the client corresponding to the target website, the method further comprises:
Receiving script information and failure state identification of a third traceability script sent by the client; the third tracing script is a tracing script in the target tracing script set;
setting the script state information of the third traceable script in the initial traceable script set as the failure state identifier so as to update the initial traceable script set;
after setting the script state information of the third tracing script in the initial tracing script set to the failure state identifier to update the initial tracing script set, the method further includes:
if the tracing failure information sent by the client is received, the target tracing script set is redetermined from the updated initial tracing script set based on the script state information;
and sending the redetermined target tracing script set to the client so that the client can continue tracing the target user based on the redetermined target tracing script set.
2. The method of claim 1, wherein the determining the target set of traceable scripts from the initial set of traceable scripts based on the script state information and social information sources in response to the traceable script acquisition request comprises:
Determining at least one first tracing script corresponding to each social information source from the initial tracing script set;
determining a second traceability script with script state information being a valid state identifier from the first traceability scripts corresponding to each social information source;
and determining each second tracing script as the target tracing script set.
3. The method of claim 2, wherein determining, from each of the first trace scripts corresponding to each social information source, a second trace script in which the script status information is a valid status identifier includes:
and determining a second traceability script with valid state identification and preset priority identification from the first traceability scripts corresponding to each social information source.
4. The method of claim 2, wherein after the determining at least one first traceability script corresponding to each social information source from the initial traceability script set, the method further comprises:
and if the script state information of each first tracing script corresponding to any social information source is a failure state identification, deleting the social information source and each first tracing script from the initial tracing script set.
5. A tracing device for network attack, comprising:
the traceability script acquisition request receiving module is used for receiving a traceability script acquisition request generated when a target user accesses a target website;
the target tracing script set determining module is used for responding to the tracing script acquisition request and determining a target tracing script set from the initial tracing script set based on script state information and social information sources;
the target tracing script set sending module is used for sending the target tracing script set to a client corresponding to the target website so that the client traces the source of the target user based on the target tracing script set;
the initial tracing script set updating module is used for receiving script information and failure state identification of a third tracing script sent by a client after the target tracing script set is sent to the client corresponding to the target website; the third traceability script is a traceability script in the target traceability script set;
setting script state information of a third traceable script in the initial traceable script set as a failure state identifier so as to update the initial traceable script set;
The target tracing script set redetermining unit is used for setting script state information of a third tracing script in the initial tracing script set as a failure state identifier so as to update the initial tracing script set, and if tracing failure information sent by the client is received, redetermining the target tracing script set from the updated initial tracing script set based on the script state information;
and sending the redetermined target tracing script set to the client so that the client can continue tracing the target user based on the redetermined target tracing script set.
6. An electronic device, the electronic device comprising:
a processor and a memory;
the processor is configured to execute the steps of the network attack tracing method according to any one of claims 1 to 4 by calling a program or instructions stored in the memory.
7. A computer-readable storage medium storing a program or instructions that cause a computer to perform the steps of the network attack tracing method according to any one of claims 1 to 4.
CN202111371923.4A 2021-11-18 2021-11-18 Network attack tracing method, device, equipment and medium Active CN114095245B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111371923.4A CN114095245B (en) 2021-11-18 2021-11-18 Network attack tracing method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111371923.4A CN114095245B (en) 2021-11-18 2021-11-18 Network attack tracing method, device, equipment and medium

Publications (2)

Publication Number Publication Date
CN114095245A CN114095245A (en) 2022-02-25
CN114095245B true CN114095245B (en) 2024-02-02

Family

ID=80301937

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111371923.4A Active CN114095245B (en) 2021-11-18 2021-11-18 Network attack tracing method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN114095245B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105471883A (en) * 2015-12-10 2016-04-06 中国电子科技集团公司第三十研究所 Tor network tracing system and tracing method based on web injection
CN112532605A (en) * 2020-11-23 2021-03-19 中信银行股份有限公司 Network attack tracing method and system, storage medium and electronic device
CN113645242A (en) * 2021-08-11 2021-11-12 杭州安恒信息技术股份有限公司 Honeypot source tracing method, device and related equipment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8645916B2 (en) * 2008-12-03 2014-02-04 Microsoft Corporation Crunching dynamically generated script files

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105471883A (en) * 2015-12-10 2016-04-06 中国电子科技集团公司第三十研究所 Tor network tracing system and tracing method based on web injection
CN112532605A (en) * 2020-11-23 2021-03-19 中信银行股份有限公司 Network attack tracing method and system, storage medium and electronic device
CN113645242A (en) * 2021-08-11 2021-11-12 杭州安恒信息技术股份有限公司 Honeypot source tracing method, device and related equipment

Also Published As

Publication number Publication date
CN114095245A (en) 2022-02-25

Similar Documents

Publication Publication Date Title
US10713108B2 (en) Computing system issue detection and resolution
US9270662B1 (en) Adaptive client-aware session security
US20140181262A1 (en) Use of internet information services logging to collect user information in an asynchronous manner
EP3763097B1 (en) System and method for restricting access to web resources from web robots
CN111683047B (en) Unauthorized vulnerability detection method, device, computer equipment and medium
US20160277417A1 (en) Method and apparatus for communication number update
US10592399B2 (en) Testing web applications using clusters
CN109889511B (en) Process DNS activity monitoring method, equipment and medium
CN108256014B (en) Page display method and device
CN109450844B (en) Method and device for triggering vulnerability detection
CN112100536A (en) Webpage access method, device and equipment and readable storage medium
CN109088884B (en) Website access method, device, server and storage medium based on identity authentication
WO2020088170A1 (en) Domain name system configuration method and related apparatus
US20180331924A1 (en) System monitoring device
CN111740992A (en) Website security vulnerability detection method, device, medium and electronic equipment
US9027106B2 (en) Organizational attribution of user devices
CN112800410A (en) Multi-product login management method, device, equipment and storage medium
CN112118238A (en) Method, device, system, equipment and storage medium for authentication login
CN110677506A (en) Network access method, device, computer equipment and storage medium
CN108629182B (en) Vulnerability detection method and vulnerability detection device
US11700280B2 (en) Multi-tenant authentication framework
CN112019377B (en) Method, system, electronic device and storage medium for network user role identification
CN114095245B (en) Network attack tracing method, device, equipment and medium
US20200036749A1 (en) Web browser incorporating social and community features
CN111368231B (en) Method and device for testing heterogeneous redundancy architecture website

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant