CN114154087A - Time blind comment detection method, device, equipment and readable storage medium - Google Patents

Time blind comment detection method, device, equipment and readable storage medium Download PDF

Info

Publication number
CN114154087A
CN114154087A CN202111470655.1A CN202111470655A CN114154087A CN 114154087 A CN114154087 A CN 114154087A CN 202111470655 A CN202111470655 A CN 202111470655A CN 114154087 A CN114154087 A CN 114154087A
Authority
CN
China
Prior art keywords
access
current
time
url
duration
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111470655.1A
Other languages
Chinese (zh)
Inventor
程国冰
范渊
刘博�
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
DBAPPSecurity Co Ltd
Original Assignee
DBAPPSecurity Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by DBAPPSecurity Co Ltd filed Critical DBAPPSecurity Co Ltd
Priority to CN202111470655.1A priority Critical patent/CN114154087A/en
Publication of CN114154087A publication Critical patent/CN114154087A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/955Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a time blind comment detection method, a device, equipment and a readable storage medium, wherein the method comprises the following steps: acquiring access flow of a service site to be detected in each time period within a preset historical time period, and acquiring the historical access time period of each URL according to the access flow; determining the standard access time length of each URL according to the historical access time length of each URL; acquiring the current access flow of a service site to be detected, acquiring the access duration of the current URL according to the current access flow, and determining the standard access duration of the current URL from the standard access durations of all URLs; and judging whether the access time length of the current URL exceeds the corresponding standard access time length, if so, determining that the time blind annotation is successful. According to the technical scheme, the standard visit duration is obtained based on the historical real visit condition of the service site, so that the deviation is reduced, and the detection accuracy is improved when the visit duration based on the standard visit duration and the current URL is detected.

Description

Time blind comment detection method, device, equipment and readable storage medium
Technical Field
The present application relates to the field of blind comment detection technologies, and in particular, to a time blind comment detection method, apparatus, device, and readable storage medium.
Background
The blind note is that in the SQL (Structured Query Language) injection process, after the SQL statement is selected, the selected data cannot be displayed back to the front-end page, at this time, some methods are needed to make a judgment or attempt, and this process is called blind note. The time blind note is also called a delay blind note, and is a method for performing SQL injection by using time difference.
At present, when time blind annotation detection is performed, analog data is usually used for achieving the time blind annotation detection, specifically, blind annotation is performed under the condition that a blind annotation point is known, average durations corresponding to two requests are obtained by sending a request with an attack parameter and a normal request respectively, and a time difference is obtained according to the average durations corresponding to the two requests, so that detection is achieved according to the time difference.
In summary, how to improve the accuracy of time blind annotation detection is a technical problem to be solved urgently by those skilled in the art.
Disclosure of Invention
In view of the above, an object of the present application is to provide a time blind annotation detection method, apparatus, device and readable storage medium, which are used to improve the accuracy of time blind annotation detection.
In order to achieve the above purpose, the present application provides the following technical solutions:
a method of temporal blind bet detection, comprising:
the method comprises the steps of obtaining access flow of a service site to be detected in each time period within preset historical time in advance, and obtaining URLs and historical access time of the URLs according to the access flow in each time period;
correspondingly determining the standard access duration of each URL according to the historical access duration of each URL;
acquiring the current access flow of the service site to be detected, acquiring a current URL and the access duration of the current URL according to the current access flow, and determining the standard access duration of the current URL from the standard access durations of the URLs;
and judging whether the access duration of the current URL exceeds the standard access duration of the current URL, if so, determining that the time blind annotation is successful.
Preferably, the obtaining access traffic of the service site to be detected in each time period within the preset historical time in advance includes:
obtaining the access flow of the service site to be detected in each time period within the preset historical time length in a bypass mode in advance;
acquiring the current access flow of the service site to be detected, including:
and acquiring the current access flow of the service site to be detected in a bypass mode.
Preferably, the obtaining access traffic of the service site to be detected in each time period within the preset historical time in advance includes:
acquiring the access flow of the service site to be detected in each time period within the preset historical time length in a mirroring mode in advance;
acquiring the current access flow of the service site to be detected, including:
and acquiring the current access flow of the service site to be detected in a mirror image mode.
Preferably, after determining the standard visit duration of the current URL from the standard visit durations of the URLs, the method further includes:
setting a corresponding tolerance value for the current URL;
judging whether the access duration of the current URL exceeds the standard access duration of the current URL, including:
and judging whether the access time length of the current URL exceeds the sum of the standard access time length of the current URL and the corresponding tolerance value.
Preferably, after the determination is time blind injection and the blind injection succeeds, the method further comprises:
and sending out a prompt.
A temporal blind note detection device comprising:
the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring access flow of a service site to be detected in each time period within a preset historical time length in advance, and acquiring URLs and the historical access time lengths of the URLs according to the access flow in each time period;
the determining module is used for correspondingly determining the standard access duration of each URL according to the historical access duration of each URL;
the second acquisition module is used for acquiring the current access flow of the service site to be detected, acquiring a current URL and the access duration of the current URL according to the current access flow, and determining the standard access duration of the current URL from the standard access duration of each URL;
and the judging module is used for judging whether the access time length of the current URL exceeds the standard access time length of the current URL or not, and if so, determining that the time blind annotation is successful.
Preferably, the first obtaining module includes:
a first obtaining unit, configured to obtain, in advance, an access traffic of the to-be-detected service site in each time period within the preset historical duration in a bypass manner;
the second acquisition module includes:
and the second obtaining unit is used for obtaining the current access flow of the service site to be detected in a bypass mode.
Preferably, the first obtaining module includes:
a third obtaining unit, configured to obtain, in advance in a mirror image manner, an access flow of the to-be-detected service site in each time period within the preset historical time;
the second acquisition module includes:
and the fourth obtaining unit is used for obtaining the current access flow of the service site to be detected in a mirror image mode.
A temporal blind note detection device comprising:
a memory for storing a computer program;
a processor for implementing the steps of the time blind note detection method according to any one of the above when executing the computer program.
A readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method of temporal blind bet detection according to any one of the preceding claims.
The application provides a time blind comment detection method, a device, equipment and a readable storage medium, wherein the method comprises the following steps: the method comprises the steps of obtaining access flow of a service site to be detected in each time period within preset historical time in advance, and obtaining URLs and historical access time of the URLs according to the access flow in each time period; correspondingly determining the standard access duration of each URL according to the historical access duration of each URL; acquiring current access flow of a service site to be detected, acquiring a current URL and access duration of the current URL according to the current access flow, and determining standard access duration of the current URL from standard access duration of each URL; and judging whether the access time length of the current URL exceeds the standard access time length of the current URL, if so, determining that the time blind annotation is successful.
According to the technical scheme, the URLs corresponding to the service site to be detected and the historical visit duration of each URL are obtained based on the visit flow of the service site to be detected in each time period in the preset historical visit duration, and the standard visit duration of each URL is correspondingly determined based on the historical visit duration of each URL, so that the standard visit duration of each URL is determined based on the historical visit condition of the service site. When the service site to be detected is actually detected, the current access flow of the service site to be detected is obtained, the current URL and the access duration of the current URL are obtained from the current access flow, whether the access duration of the current URL exceeds the standard access duration corresponding to the current URL obtained from the standard access durations of all URLs determined based on historical access flow is judged, if yes, time blind injection is determined and the blind injection is considered to be successful, the deviation can be reduced by the method of obtaining the standard access duration based on the historical real access condition of the service site, the accuracy of obtaining the standard access duration is improved, and therefore when time blind injection detection is conducted based on the obtained standard access duration and the access duration obtained from the current access flow, the accuracy of detection can be improved, and the probability of missing report and false report is reduced.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a time blind annotation detection method according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a time blind annotation detection device according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a time blind annotation detection device according to an embodiment of the present application.
Detailed Description
The time blind note is also called delay blind note, and is a method for SQL injection by using time difference. The blind note is usually imperceptible, no data is returned, and usually only a small difference in each execution time is used for judgment. However, in the conventional time blind note detection, the detection is usually performed based on analog data, but the accuracy of the time blind note detection is relatively low due to deviation between the analog data and the actual situation, and the detection is realized by using the analog data after the analog data is obtained in the conventional mode of performing detection by using the analog data without considering the influence of actual environmental factors, so that the detection accuracy is relatively low.
Therefore, the application provides a time blind note detection method, a device, equipment and a readable storage medium, which are used for improving the accuracy of time blind note detection.
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, which shows a flowchart of a time blind comment detection method provided in an embodiment of the present application, a time blind comment detection method provided in an embodiment of the present application may include:
s11: the method comprises the steps of obtaining access flow of a service site to be detected in each time period in a preset historical time period in advance, and obtaining URLs and historical access time periods of the URLs according to the access flow in each time period.
In the present application, first, site information of a service site to be detected may be obtained, where the site information includes, but is not limited to, an IP address and a port. Then, the access flow of the service site to be detected in each time period within the preset historical time length can be obtained in advance according to the site information of the service site to be detected. The preset historical duration refers to a preset time length in a historical time period, and the preset historical duration includes a plurality of time periods, so as to obtain more access traffic, and thus, accuracy of determining the standard access duration is improved based on more access traffic. In addition, it should be noted that the preset historical time mentioned in the present application may specifically be obtained by taking the current time as a node, pushing the preset time length forward, and taking the preset time length as the preset historical time length, for example, assuming that the preset historical time length is 1 year, pushing forward one year from the current time at this time, and taking the year as the preset historical time length. Of course, the selection time of the preset historical duration may also be adjusted according to actual needs, which is not limited in this application.
After the access traffic of the service site to be detected in each time period within the preset historical time duration is obtained, the access traffic in each time period may be analyzed respectively, so as to obtain all URLs (Uniform Resource locators, also called web addresses) included in the time periods and all historical access time durations corresponding to each URL. In addition, a corresponding source IP (IP of access source) may also be acquired from the access traffic.
S12: and correspondingly determining the standard access time length of each URL according to the historical access time length of each URL.
Based on step S11, the standard visit duration of each URL may be correspondingly determined according to all the historical visit durations corresponding to each URL included in all the periods within the acquired preset historical duration. Specifically, for each URL, the standard visit duration of the URL may be calculated by unbiased estimation according to all historical visit durations corresponding to the URL, where the unbiased estimation is that the mean value of the estimators is equal to the true value. That is, for each URL, the average operation may be performed on all the historical access durations corresponding to the URL to obtain the standard access duration corresponding to the URL.
It should be noted that, the steps S11 to S12 are steps of obtaining the standard visit duration of each URL of the service site to be detected in advance, and may be performed only once when the service site to be detected is subjected to the time blind comment detection, so that the standard visit duration obtained in the steps S11 to S12 may be directly used to implement the time blind comment detection of the service site to be detected each time in the following step, so as to improve the efficiency of the time blind comment detection of the service site to be detected. Of course, the steps S11-S12 may be performed each time the time blind-annotation detection is performed on the service site to be detected, so that a new time period may be added to the determination of the standard time length of each URL each time when the preset historical time length is calculated by taking the current time as the node, thereby facilitating to improve the accuracy of the determination of the standard access time length of each URL.
S13: the method comprises the steps of obtaining the current access flow of a service site to be detected, obtaining the current URL and the access duration of the current URL according to the current access flow, and determining the standard access duration of the current URL from the standard access durations of all URLs.
When time blind annotation detection is to be performed on the service site to be detected currently, the current access flow of the service site to be detected can be obtained, and the obtained current access flow is analyzed, so that the current URL and the access duration of the current URL are obtained.
After analyzing the current access traffic to obtain the current URL, the standard access time length of the current URL may be determined from the standard access time lengths of the URLs determined in step S12.
It should be noted that, if a plurality of current URLs exist in the current access traffic, each current URL and the access duration of each current URL are respectively obtained, and the standard access duration of each current URL is determined.
S14: judging whether the access duration of the current URL exceeds the standard access duration of the current URL; if yes, go to step S15; if not, determining that the access is normal.
S15: the determination is a time blind bet and the blind bet succeeds.
And on the basis of the step S13, determining whether the access duration of the current URL exceeds the standard access duration of the current URL, determining that the time blind annotation and the blind annotation success are determined if the access duration of the current URL exceeds the standard access duration of the current URL, and determining that the access is normal if the access duration of the current URL does not exceed the standard access duration of the current URL.
Through the process, the standard access time of each URL is determined based on the historical real access flow of the service site to be detected, so that the determination of the standard access time of each URL is more fit with the real situation, the deviation is reduced, and the accuracy and precision of time blind comment detection can be improved when the detection is carried out according to the current access flow and the standard access time of each URL.
According to the technical scheme, the URLs corresponding to the service site to be detected and the historical visit duration of each URL are obtained based on the visit flow of the service site to be detected in each time period in the preset historical visit duration, and the standard visit duration of each URL is correspondingly determined based on the historical visit duration of each URL, so that the standard visit duration of each URL is determined based on the historical visit condition of the service site. When the service site to be detected is actually detected, the current access flow of the service site to be detected is obtained, the current URL and the access duration of the current URL are obtained from the current access flow, whether the access duration of the current URL exceeds the standard access duration corresponding to the current URL obtained from the standard access durations of all URLs determined based on historical access flow is judged, if yes, time blind injection is determined and the blind injection is considered to be successful, the deviation can be reduced by the method of obtaining the standard access duration based on the historical real access condition of the service site, the accuracy of obtaining the standard access duration is improved, and therefore when time blind injection detection is conducted based on the obtained standard access duration and the access duration obtained from the current access flow, the accuracy of detection can be improved, and the probability of missing report and false report is reduced.
The time blind comment detection method provided by the embodiment of the application, which is used for acquiring access flow of a service site to be detected in each time period within a preset historical time in advance, may include:
the method comprises the steps that access flow of a service site to be detected in each time period within a preset historical duration is obtained in advance in a bypass mode;
obtaining the current access flow of the service site to be detected may include:
and acquiring the current access flow of the service site to be detected in a bypass mode.
In the application, when the access traffic of the service site to be detected in each time period within the preset historical duration is obtained in advance, the access traffic of the service site to be detected in each time period within the preset historical duration may be specifically obtained in a bypass manner (that is, not in a direct connection manner, similar to a parallel connection manner), and when the current access traffic of the service site to be detected is obtained, the access traffic may also be obtained in a bypass manner, so as to avoid influencing the continuity of the service site to be detected.
The time blind comment detection method provided by the embodiment of the application, which is used for acquiring access flow of a service site to be detected in each time period within a preset historical time in advance, may include:
acquiring access flow of a service site to be detected in each time period within a preset historical time length in a mirroring mode in advance;
obtaining the current access flow of the service site to be detected may include:
and acquiring the current access flow of the service site to be detected in a mirror image mode.
In the application, the access flow of the service site to be detected in each time period within the preset historical duration is obtained in advance, specifically, the access flow of the service site to be detected in each time period within the preset historical duration may be obtained in advance in a mirroring manner (that is, in a duplicate manner), and when the current access flow of the service site to be detected is obtained, the current access flow of the service site to be detected may also be obtained in a mirroring manner, so as to avoid affecting the service of the service site to be detected.
After determining the standard visit duration of the current URL from the standard visit durations of the URLs, the time blind comment detection method provided by the embodiment of the application may further include:
setting a corresponding tolerance value for the current URL;
judging whether the access duration of the current URL exceeds the standard access duration of the current URL may include:
and judging whether the access time length of the current URL exceeds the sum of the standard access time length of the current URL and the corresponding tolerance value.
In the application, after the standard visit duration of the current URL is determined from the standard visit durations of the URLs, a corresponding tolerance value can be set for the current URL according to the current URL, wherein different current URLs can be set with different tolerance values, and the tolerance value can be specifically set according to the types and the like of the URLs during setting, or can be set by related personnel according to experience.
On the basis, when judging whether the access duration of the current URL exceeds the standard access duration of the current URL, judging whether the access duration of the current URL exceeds the sum of the standard access duration of the current URL and the corresponding tolerance value, if so, determining that the time blind comment is successful, and if not, determining that the access is normal.
Sample error consideration in steps S11 and S12 is achieved by setting a tolerance value for the standard visit duration of the current URL, thereby facilitating improved accuracy of time-blind bet detection.
The time blind note detection method provided by the embodiment of the application, after determining that the time blind note is the time blind note and the blind note succeeds, may further include:
and sending out a prompt.
In the method and the device, after the time blind annotation is determined and the blind annotation succeeds, a prompt can be sent, wherein the prompt can include a source IP obtained through access flow analysis, and the prompt can be sent specifically through at least one of alarming, voice playing, mail sending and short message sending, so that related personnel can know that the blind annotation of the service site to be detected succeeds, and therefore the related personnel can take corresponding measures in time.
An embodiment of the present application further provides a time blind comment detection apparatus, refer to fig. 2, which shows a schematic structural diagram of the time blind comment detection apparatus provided in the embodiment of the present application, and the time blind comment detection apparatus may include:
the first obtaining module 21 is configured to obtain access traffic of the service site to be detected in each time period within a preset historical time period in advance, and obtain URLs and historical access time periods of the URLs according to the access traffic in each time period;
the determining module 22 is configured to correspondingly determine a standard access duration of each URL according to the historical access duration of each URL;
the second obtaining module 23 is configured to obtain a current access flow of the service site to be detected, obtain a current URL and an access duration of the current URL according to the current access flow, and determine a standard access duration of the current URL from standard access durations of the URLs;
and the judging module 24 is configured to judge whether the access duration of the current URL exceeds a standard access duration of the current URL, and if so, determine that the time blind annotation is successful.
In the apparatus for detecting a time blind comment provided in the embodiment of the present application, the first obtaining module 21 may include:
the first acquisition unit is used for acquiring the access flow of the service site to be detected in each time period within the preset historical duration in a bypass mode in advance;
the second obtaining module 23 may include:
and the second acquisition unit is used for acquiring the current access flow of the service site to be detected in a bypass mode.
In the apparatus for detecting a time blind comment provided in the embodiment of the present application, the first obtaining module 21 may include:
the third acquiring unit is used for acquiring the access flow of the service site to be detected in each time period within the preset historical duration in a mirroring mode in advance;
the second obtaining module 23 may include:
and the fourth obtaining unit is used for obtaining the current access flow of the service site to be detected in a mirror image mode.
The time blind note detection device provided by the embodiment of the application can further comprise:
the setting module is used for setting a corresponding tolerance value for the current URL after the standard access duration of the current URL is determined from the standard access durations of all URLs;
the judging module 24 may include:
and the judging unit is used for judging whether the access time length of the current URL exceeds the sum of the standard access time length of the current URL and the corresponding tolerance value.
The time blind note detection device provided by the embodiment of the application can further comprise:
and the prompting module is used for sending out a prompt after the blind note is determined to be the time blind note and the blind note is successful.
An embodiment of the present application further provides a time blind comment detection device, refer to fig. 3, which shows a schematic structural diagram of the time blind comment detection device provided in the embodiment of the present application, and the time blind comment detection device may include:
a memory 31 for storing a computer program;
the processor 32, when executing the computer program stored in the memory 31, may implement the following steps:
the method comprises the steps of obtaining access flow of a service site to be detected in each time period within preset historical time in advance, and obtaining URLs and historical access time of the URLs according to the access flow in each time period; correspondingly determining the standard access duration of each URL according to the historical access duration of each URL; acquiring current access flow of a service site to be detected, acquiring a current URL and access duration of the current URL according to the current access flow, and determining standard access duration of the current URL from standard access duration of each URL; and judging whether the access time length of the current URL exceeds the standard access time length of the current URL, if so, determining that the time blind annotation is successful.
An embodiment of the present application further provides a readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the following steps may be implemented:
the method comprises the steps of obtaining access flow of a service site to be detected in each time period within preset historical time in advance, and obtaining URLs and historical access time of the URLs according to the access flow in each time period; correspondingly determining the standard access duration of each URL according to the historical access duration of each URL; acquiring current access flow of a service site to be detected, acquiring a current URL and access duration of the current URL according to the current access flow, and determining standard access duration of the current URL from standard access duration of each URL; and judging whether the access time length of the current URL exceeds the standard access time length of the current URL, if so, determining that the time blind annotation is successful.
The readable storage medium may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
For a description of a relevant part in a time blind note detection device, a device and a readable storage medium provided by the present application, reference may be made to a detailed description of a corresponding part in a time blind note detection method provided by the present application, and details are not repeated herein.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Furthermore, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include elements inherent in the list. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element. In addition, parts of the above technical solutions provided in the embodiments of the present application, which are consistent with the implementation principles of corresponding technical solutions in the prior art, are not described in detail so as to avoid redundant description.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A time blind comment detection method is characterized by comprising the following steps:
the method comprises the steps of obtaining access flow of a service site to be detected in each time period within preset historical time in advance, and obtaining URLs and historical access time of the URLs according to the access flow in each time period;
correspondingly determining the standard access duration of each URL according to the historical access duration of each URL;
acquiring the current access flow of the service site to be detected, acquiring a current URL and the access duration of the current URL according to the current access flow, and determining the standard access duration of the current URL from the standard access durations of the URLs;
and judging whether the access duration of the current URL exceeds the standard access duration of the current URL, if so, determining that the time blind annotation is successful.
2. The method for detecting the time blind comment according to claim 1, wherein the step of obtaining in advance the access traffic of the service station to be detected in each time period within a preset historical time duration comprises:
obtaining the access flow of the service site to be detected in each time period within the preset historical time length in a bypass mode in advance;
acquiring the current access flow of the service site to be detected, including:
and acquiring the current access flow of the service site to be detected in a bypass mode.
3. The method for detecting the time blind comment according to claim 1, wherein the step of obtaining in advance the access traffic of the service station to be detected in each time period within a preset historical time duration comprises:
acquiring the access flow of the service site to be detected in each time period within the preset historical time length in a mirroring mode in advance;
acquiring the current access flow of the service site to be detected, including:
and acquiring the current access flow of the service site to be detected in a mirror image mode.
4. The method according to any one of claims 1 to 3, wherein after determining the standard visit duration of the current URL from the standard visit durations of the URLs, the method further comprises:
setting a corresponding tolerance value for the current URL;
judging whether the access duration of the current URL exceeds the standard access duration of the current URL, including:
and judging whether the access time length of the current URL exceeds the sum of the standard access time length of the current URL and the corresponding tolerance value.
5. The method of time blind note detection according to claim 4, further comprising, after determining that the time blind note is a time blind note and the blind note is successful:
and sending out a prompt.
6. A temporal blind note detection device, comprising:
the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring access flow of a service site to be detected in each time period within a preset historical time length in advance, and acquiring URLs and the historical access time lengths of the URLs according to the access flow in each time period;
the determining module is used for correspondingly determining the standard access duration of each URL according to the historical access duration of each URL;
the second acquisition module is used for acquiring the current access flow of the service site to be detected, acquiring a current URL and the access duration of the current URL according to the current access flow, and determining the standard access duration of the current URL from the standard access duration of each URL;
and the judging module is used for judging whether the access time length of the current URL exceeds the standard access time length of the current URL or not, and if so, determining that the time blind annotation is successful.
7. The temporal blind note detection device according to claim 6, wherein the first acquisition module comprises:
a first obtaining unit, configured to obtain, in advance, an access traffic of the to-be-detected service site in each time period within the preset historical duration in a bypass manner;
the second acquisition module includes:
and the second obtaining unit is used for obtaining the current access flow of the service site to be detected in a bypass mode.
8. The temporal blind note detection device according to claim 6, wherein the first acquisition module comprises:
a third obtaining unit, configured to obtain, in advance in a mirror image manner, an access flow of the to-be-detected service site in each time period within the preset historical time;
the second acquisition module includes:
and the fourth obtaining unit is used for obtaining the current access flow of the service site to be detected in a mirror image mode.
9. A temporal blind note detection device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the method of temporal blind spot detection according to any one of claims 1 to 5 when executing the computer program.
10. A readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method for temporal blind bet detection according to any one of claims 1 to 5.
CN202111470655.1A 2021-12-03 2021-12-03 Time blind comment detection method, device, equipment and readable storage medium Pending CN114154087A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111470655.1A CN114154087A (en) 2021-12-03 2021-12-03 Time blind comment detection method, device, equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111470655.1A CN114154087A (en) 2021-12-03 2021-12-03 Time blind comment detection method, device, equipment and readable storage medium

Publications (1)

Publication Number Publication Date
CN114154087A true CN114154087A (en) 2022-03-08

Family

ID=80452930

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111470655.1A Pending CN114154087A (en) 2021-12-03 2021-12-03 Time blind comment detection method, device, equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN114154087A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115314255A (en) * 2022-07-11 2022-11-08 深信服科技股份有限公司 Attack result detection method and device, computer equipment and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115314255A (en) * 2022-07-11 2022-11-08 深信服科技股份有限公司 Attack result detection method and device, computer equipment and storage medium
CN115314255B (en) * 2022-07-11 2023-12-29 深信服科技股份有限公司 Attack result detection method, device, computer equipment and storage medium

Similar Documents

Publication Publication Date Title
CN110324311B (en) Vulnerability detection method and device, computer equipment and storage medium
CN110602029B (en) Method and system for identifying network attack
CN109344046B (en) Data processing method, device, medium and electronic equipment
CN107085549B (en) Method and device for generating fault information
CN113992340B (en) User abnormal behavior identification method, device, equipment and storage medium
CN111078447A (en) Method, device, equipment and medium for positioning abnormity in micro-service architecture
CN114154087A (en) Time blind comment detection method, device, equipment and readable storage medium
CN110891071A (en) Network traffic information acquisition method, device and related equipment
CN111506496A (en) Test data acquisition method and device, electronic equipment and storage medium
CN110955544A (en) Method, device and system for detecting usability of web system
CN109005181B (en) Detection method, system and related components for DNS amplification attack
CN114465926B (en) Recursive server monitoring method, device, equipment and storage medium
CN112787883B (en) Method, device and equipment for detecting NAT (network Address translation) fault of equipment
CN114363010A (en) APT attack detection method, device and system of server and storage medium
CN110868422B (en) Http site detection method, apparatus, device, and medium
CN111800409B (en) Interface attack detection method and device
CN112395619A (en) Vulnerability scanning method and device
CN112988776A (en) Method, device and equipment for updating text parsing rule and readable storage medium
CN112738221A (en) Auditing method and device for object storage flow
CN111737158A (en) Abnormal assertion processing method and device, electronic equipment and storage medium
CN111752802A (en) System management method and device based on error codes
CN110795262A (en) Program fault repairing method, device, equipment and computer storage medium
CN114090973A (en) Data processing method and device
JP4454080B2 (en) Information filtering apparatus, information filtering method, and medium storing information filtering program
CN113360949A (en) Query risk identification method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination