CN114172831A - Brute force cracking method, system, computer and storage medium - Google Patents
Brute force cracking method, system, computer and storage medium Download PDFInfo
- Publication number
- CN114172831A CN114172831A CN202111470950.7A CN202111470950A CN114172831A CN 114172831 A CN114172831 A CN 114172831A CN 202111470950 A CN202111470950 A CN 202111470950A CN 114172831 A CN114172831 A CN 114172831A
- Authority
- CN
- China
- Prior art keywords
- brute force
- time
- force cracking
- attempt
- cracking
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000005336 cracking Methods 0.000 title claims abstract description 142
- 238000000034 method Methods 0.000 title claims abstract description 55
- 238000003860 storage Methods 0.000 title claims abstract description 12
- 238000012544 monitoring process Methods 0.000 claims abstract description 15
- 238000004590 computer program Methods 0.000 claims description 12
- 238000012545 processing Methods 0.000 claims description 7
- 238000004458 analytical method Methods 0.000 claims description 6
- 230000007123 defense Effects 0.000 abstract description 10
- 230000007547 defect Effects 0.000 abstract description 2
- 238000007796 conventional method Methods 0.000 abstract 1
- 238000004891 communication Methods 0.000 description 14
- 238000010586 diagram Methods 0.000 description 11
- 238000005516 engineering process Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 6
- 230000009172 bursting Effects 0.000 description 4
- 238000011161 development Methods 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000002411 adverse Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Environmental & Geological Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Alarm Systems (AREA)
Abstract
The application relates to a brute force cracking method, a system, a computer and a storage medium, wherein the brute force cracking method comprises the following steps: the method comprises the following steps: acquiring input signals of a starting time T, a time window period T and an alarm threshold value N; acquiring the flow from the starting time T to the time T + T and acquiring a message; step two: counting the number N of the messages according to a preset rule and judging whether N is greater than N; if yes, outputting a brute force cracking attempt; meanwhile, monitoring whether the brute force cracking attempt is cracked successfully; step three: and if the cracking is not successful, the output time of the brute force cracking attempt is taken as the starting time, the second step is repeated until the sliding time length reaches the time length of the time window period T, and when the brute force cracking success is monitored, the brute force cracking attempt is settled after the time window period T is expired. By the method and the device, the defects of a comparison mode and the problem of missing report of defense safety in the conventional method for preventing the login information from being violently cracked are solved.
Description
Technical Field
The present application relates to the technical field of network security data, and in particular, to a brute force cracking method, system, computer, and storage medium.
Background
While the economy is rapidly developed, the science and technology are continuously improved, and the network becomes an indispensable important component in the current social production life, so that great convenience is brought to users. Meanwhile, the network system also suffers from certain security threats, which brings adverse effects to normal use of the network system by people. Especially in the big data era, a large amount of important information is stored in the network system, and once the network system has a security problem, great loss is caused. The network security incident refers to the improper action which affects the computer system and the network security, the network security incident generally generates in a short time, and the loss caused is huge, the key points of the network incident are speed and efficiency, and the network security emergency response is to have clear knowledge, estimate and prepare for the network security, so that the network security incident can be orderly dealt with and properly processed once an emergent network security incident occurs.
With the development of networks, the current network security situation is very severe. The weak password and the long-term unchangeable password account number bring great security threat to the information system. The information system should strengthen the management and security awareness of various personal network accounts, change the password into a strong password and maintain the strong password regularly, but the attack and defense always exist. The login authentication mode of the global wide area network service has no uniform standard, and brute force cracking becomes a preferred attack means for most hackers due to the characteristics of simple operation and low cost, so that how to prevent login information from being brute force cracked is more important. The brute force attack means that an attacker systematically combines all possibilities and tries all possibilities, so that sensitive information such as an account name and a password of a user is broken. Although brute force attacks are not very complex attack types, if they cannot be effectively traffic monitored and analyzed, then cracking may be successful. The number of login attempts such as the same IP may exist in the previous window and the next window, and is dispersed in the number of the two windows, so that the brute force cracking condition is not met; and the times of the two windows are overlapped, so that the times of brute force cracking can be met, and at the moment, the report missing can occur. Therefore, the account safety problem cannot be completely solved only by human defense on one hand, and defense and early warning are required to be carried out by some intelligent means.
At present, no effective solution is provided for the technical problem of report omission of brute force cracking defense security in the related technology.
Disclosure of Invention
The embodiment of the application provides a brute force cracking method, a system, a computer and a storage medium, which are used for at least solving the technical problem of report omission of brute force cracking defense safety in the related technology.
In a first aspect, an embodiment of the present application provides a brute force cracking method, including:
acquiring input signals of a starting point time T, a time window period T and an alarm threshold value N set according to a preset rule in the time window period T;
acquiring the flow from the starting time T to the time T + T, and analyzing the flow to acquire a message;
counting the number N of the messages according to the preset rule, and judging whether N is greater than N;
if yes, outputting a brute force cracking attempt and sending a prompt signal;
meanwhile, whether the brute force cracking attempt is cracked successfully is monitored;
if the cracking is not successful, the step of obtaining the flow from the starting time T to the time T + T is repeated by taking the output time of the brute force cracking attempt as the starting time, the flow is analyzed to obtain a message until the sliding time reaches the time of the time window period T, and when the brute force cracking is successful, the brute force cracking attempt is settled after the time window period T is expired.
In some embodiments, after the step of counting the number N of the messages according to the preset rule and determining whether N > N is satisfied, the method further includes:
if N is greater than N and is not true, repeating the steps of obtaining the flow from the starting time T to the time T + T by taking the time T + T as a starting point, analyzing the flow to obtain a message until the sliding time reaches the time of the time window period T, and settling the brute force cracking attempt after the time window period T is expired when the brute force cracking success is monitored.
In some embodiments, after the step of monitoring whether the brute force cracking attempt is successful, the method further comprises:
and if the brute force cracking attempt is monitored to be cracked successfully, the brute force cracking attempt is settled.
In some embodiments, the preset rule refers to messages having the same message characteristics; the message feature of this embodiment refers to the login IP message format.
In some of these embodiments, the traffic includes the number of different login IPs and the number of same IP login.
In a second aspect, an embodiment of the present application provides a brute force cracking system, including:
the device comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring an input signal of a starting point time T, a time window period T and an alarm threshold value N set according to a preset rule in the time window period T;
the analysis module is used for acquiring the flow from the starting time T to the time T + T and analyzing the flow to acquire a message;
the judging module is used for counting the number N of the messages according to the preset rule and judging whether N is greater than N;
an output module: if the judgment result shows that N is more than N, outputting a brute force cracking attempt and sending a prompt signal;
the monitoring module is used for monitoring whether the brute force cracking attempt is cracked successfully or not;
and the first settlement module is used for repeating the steps of obtaining the flow from the starting time T to the time T + T and analyzing the flow to obtain a message by taking the output time of the brute force cracking attempt as the starting time under the condition that cracking is not successful, until the sliding time reaches the time of the time window period T, and when the brute force cracking is monitored to be successful, settling the brute force cracking attempt after the time window period T is expired.
In some of these embodiments, the system further comprises:
a second settlement module: and if the judgment result that N is more than N is false, repeating the steps of obtaining the flow from the starting time T to the time T + T by taking the time T + T as a starting point, analyzing the flow to obtain a message until the sliding time reaches the time of the time window period T, and settling the brute force cracking attempt after the time window period T expires when the brute force cracking success is monitored.
In some of these embodiments, the system further comprises:
a third settlement module: and if the brute force cracking attempt is monitored to be cracked successfully, the settlement is carried out on the brute force cracking attempt.
In a third aspect, an embodiment of the present application provides a computer, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor executes the computer program to implement the brute force cracking method according to the first aspect.
In a fourth aspect, the present application provides a storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the brute force cracking method according to the first aspect.
Compared with the related art, the brute force cracking method, the system, the computer and the storage medium provided by the embodiment of the application monitor brute force cracking attempts based on the sliding window. If brute force cracking exists, whether synchronous monitoring is successful or not is carried out, specifically, when the number N of the messages with the same message characteristics reaches an alarm threshold value N is recorded in a time window, a brute force cracking attempt is immediately output, the time of alarm output is taken as a starting point, brute force cracking detection is continuously carried out, the time window continues to slide, and if brute force cracking is still carried out, the brute force cracking attempt is output only when settlement is carried out after the time window is expired, so that the technical problem of report omission of brute force cracking defense safety in the related technology is solved, and the functional characteristics of visible brute force process, judgment of brute force results, high brute force success and real-time performance and the like in the running of the brute force cracking attempt are realized.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a flowchart of a brute force cracking method according to an embodiment of the present invention;
fig. 2 is a block diagram of a brute force cracking system corresponding to a method according to a second embodiment of the present invention;
fig. 3 is a flowchart of a brute force cracking method according to a third embodiment of the present invention;
fig. 4 is a structural block diagram of a brute force cracking system corresponding to the third method according to the fourth embodiment of the present invention;
fig. 5 is a flowchart of a brute force cracking method according to a fifth embodiment of the present invention;
fig. 6 is a block diagram of a brute force cracking system corresponding to the fifth method according to the sixth embodiment of the present invention;
fig. 7 is a schematic diagram of a hardware structure of a computer according to a seventh embodiment of the present invention.
Description of reference numerals:
10-an acquisition module;
20-an analysis module;
30-a judging module;
40-an output module;
50-a monitoring module;
60-a first settlement module;
70-a second settlement module;
80-a third settlement module;
90-bus; 91-a processor; 92-a memory; 93-communication interface.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be described and illustrated below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments provided in the present application without any inventive step are within the scope of protection of the present application.
It is obvious that the drawings in the following description are only examples or embodiments of the present application, and that it is also possible for a person skilled in the art to apply the present application to other similar contexts on the basis of these drawings without inventive effort. Moreover, it should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the specification. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of ordinary skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments without conflict.
Unless defined otherwise, technical or scientific terms referred to herein shall have the ordinary meaning as understood by those of ordinary skill in the art to which this application belongs. Reference to "a," "an," "the," and similar words throughout this application are not to be construed as limiting in number, and may refer to the singular or the plural. The present application is directed to the use of the terms "including," "comprising," "having," and any variations thereof, which are intended to cover non-exclusive inclusions; for example, a process, method, system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to the listed steps or elements, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. Reference to "connected," "coupled," and the like in this application is not intended to be limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. The term "plurality" as referred to herein means two or more. "and/or" describes an association relationship of associated objects, meaning that three relationships may exist, for example, "A and/or B" may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. Reference herein to the terms "first," "second," "third," and the like, are merely to distinguish similar objects and do not denote a particular ordering for the objects.
The various techniques described herein may be used in various Wireless communication systems, such as 2G, 3G, 4G, 5G communication systems and next generation communication systems, such as Global System for Mobile communications (GSM), Code Division Multiple Access (CDMA), Time Division Multiple Access (TDMA), Wideband Code Division Multiple Access (OFDMA), Frequency Division Multiple Access (WCDMA), Frequency Division Multiple Access (FDMA), Orthogonal Frequency Division Multiple Access (OFDMA), FDMA-System, General Packet Radio Service (GPRS), LTE-5G (Radio System for Long Term Evolution (LTE), abbreviated NR) systems and other such communication systems.
The brute force cracking system provided by this embodiment may be integrated in a base station, a Radio Remote Unit (Radio Remote Unit, abbreviated as RRU), or any other network element device that needs to perform Radio frequency transceiving. A base station in this context may be a device in an access network that communicates over the air-interface, through one or more sectors, with wireless terminals. The base station may be configured to interconvert received air frames with Internet Protocol (IP) packets as a router between the wireless terminal and the rest of the access network, which may include an IP network. The base station may also coordinate management of attributes for the air interface. For example, the Base Station may be a Base Transceiver Station (BTS) in GSM or CDMA, a Base Station (Node B) in WCDMA, an evolved Node B (eNB or e-Node B) in LTE, or a generation Node B (gNB) in 5G NR, and the present application is not limited thereto.
Example one
The embodiment provides a brute force cracking method. Fig. 1 is a flowchart of a brute force cracking method according to an embodiment of the present application, and as shown in fig. 1, the flowchart includes the following steps:
step S101, acquiring an input signal of a starting time T, a time window period T and an alarm threshold value N set according to a preset rule in the time period of the time window period T.
The preset rules refer to messages with the same message characteristics, and the message characteristics refer to login IP message formats.
Step S102, obtaining the flow from the starting time T to the time T + T, and analyzing the flow to obtain the message.
The flow comprises the times of different login IPs and the times of the same login IP.
Step S103, counting the number N of the messages according to the preset rule, and judging whether N is greater than N.
And step S104, if yes, outputting a brute force cracking attempt and sending a prompt signal.
And step S105, simultaneously monitoring whether the brute force cracking attempt is cracked successfully.
And S106, if the cracking is not successful, the step of obtaining the flow from the starting time T to the time T + T and analyzing the flow to obtain a message is repeated by taking the output time of the brute force cracking attempt as the starting time, until the sliding time reaches the time of the time window period T, and when the brute force cracking is successful, the brute force cracking attempt is settled after the time window period T is expired.
Through the steps, on the basis of selecting the time starting point T, the messages in the time period from the time starting point T to the time window period T are collected, the preset rules of the messages with the same message characteristics are made, the number N of the messages in the preset rules is counted, the relation between N and N is compared, when N is larger than N, the fact that cracking attempts exist in the messages in the time period is indicated, meanwhile, the cracking attempts are monitored to be not cracked successfully, the output time of the cracking attempts is taken as the starting time, the step S102 is repeated until the sliding time reaches the duration of the time window period T, and when the cracking attempts are monitored to be successful, the cracking attempts are settled after the time window period T is expired. Therefore, the technical problem of report omission of brute force cracking defense safety in the related technology is solved, and the functional characteristics of visible cracking process, judgment of cracking results, high cracking success and instantaneity and the like in the running of cracking attempts are realized.
Example two
The embodiment provides a structural block diagram of a system corresponding to the method in the first embodiment. Fig. 2 is a block diagram of a brute force cracking system according to an embodiment of the present application, and as shown in fig. 2, the system includes:
the acquisition module 10 is configured to acquire an input signal of a starting time T, a time window period T, and an alarm threshold N set according to a preset rule within the time window period T;
the analysis module 20 is configured to obtain a flow rate from a starting time T to a time T + T, and analyze the flow rate to obtain a message;
the judging module 30 is configured to count the number N of the messages according to the preset rule, and judge whether N is greater than N;
the output module 40: if the judgment result shows that N is more than N, outputting a brute force cracking attempt and sending a prompt signal;
a monitoring module 50 for monitoring whether the brute force cracking attempt is cracked successfully;
and a first settlement module 60, configured to repeat the steps of obtaining the flow from the starting time T to the time T + T and analyzing the flow to obtain a message, with the output time of the brute force cracking attempt as the starting time, if the cracking is not successful, until the sliding duration reaches the duration of the time window period T, and when the brute force cracking is detected to be successful, settle the brute force cracking attempt after the time window period T expires.
The above modules may be functional modules or program modules, and may be implemented by software or hardware. For a module implemented by hardware, the modules may be located in the same processor; or the modules can be respectively positioned in different processors in any combination.
EXAMPLE III
The implementation provides a brute force cracking method. Fig. 3 is a flowchart of another brute force cracking method according to an embodiment of the present application, and as shown in fig. 3, the flowchart includes the following steps:
step S201, obtaining an input signal of a starting time T, a time window period T and an alarm threshold value N set according to a preset rule in the time period of the time window period T.
Step S202, obtaining the flow from the starting time T to the time T + T, and analyzing the flow to obtain the message.
Step S203, counting the number N of the messages according to the preset rule, and judging whether N is greater than N.
And S204, if not, repeating the steps of obtaining the flow from the starting time T to the time T + T by taking the time T + T as the starting point, analyzing the flow to obtain a message until the sliding time reaches the time of the time window period T, and when the brute force cracking is successfully monitored, settling the brute force cracking attempt after the time window period T is expired.
Through the steps, on the basis of selecting the time starting point T, the messages in the time period from the time starting point T to the time window period T are collected, the preset rules of the messages with the same message characteristics are made, the number N of the messages in the preset rules is counted, the relation between N and N is compared, when N is not larger than N, the fact that cracking attempts do not exist in the messages in the time period is indicated, the time T + T is taken as the starting time, the step S202 is repeated until the sliding duration reaches the duration of the time window period T, and when the cracking success of the brute force is monitored, the cracking attempts are settled after the time window period T is expired. Therefore, the technical problem of report omission of brute force cracking defense safety in the related technology is solved, and the functional characteristics of visible cracking process, judgment of cracking results, high cracking success and instantaneity and the like in the running of cracking attempts are realized.
Example four
This embodiment provides a block diagram of a system corresponding to the method described in the third embodiment. Fig. 4 is a block diagram of a brute force cracking system according to an embodiment of the present application, and as shown in fig. 4, the system includes:
the acquisition module 10 is configured to acquire an input signal of a starting time T, a time window period T, and an alarm threshold N set according to a preset rule within the time window period T;
the analysis module 20 is configured to obtain a flow rate from a starting time T to a time T + T, and analyze the flow rate to obtain a message;
the judging module 30 is configured to count the number N of the messages according to the preset rule, and judge whether N is greater than N;
the second settlement module 70: and if the judgment result that N is more than N is false, repeating the steps of obtaining the flow from the starting time T to the time T + T by taking the time T + T as a starting point, analyzing the flow to obtain a message until the sliding time reaches the time of the time window period T, and settling the brute force cracking attempt after the time window period T expires when the brute force cracking success is monitored.
The above modules may be functional modules or program modules, and may be implemented by software or hardware. For a module implemented by hardware, the modules may be located in the same processor; or the modules can be respectively positioned in different processors in any combination.
EXAMPLE five
The implementation provides a brute force cracking method. Fig. 5 is a flowchart of another brute force breaking method according to an embodiment of the present application, and as shown in fig. 5, the flowchart includes the following steps:
step S301, acquiring an input signal of a starting time T, a time window period T and an alarm threshold value N set according to a preset rule in the time period of the time window period T;
step S302, obtaining the flow from the starting time T to the time T + T, and analyzing the flow to obtain a message;
step S303, counting the number N of the messages according to the preset rule, and judging whether N is greater than N;
step S304, if yes, outputting a brute force cracking attempt and sending a prompt signal;
step S305, monitoring whether the brute force cracking attempt is cracked successfully or not;
and step S306, if yes, settling the brute force cracking attempt.
Through the steps, on the basis of selecting the time starting point T, the messages in the time period from the time starting point T to the time window period T are collected, the number N of the messages in the preset rule is counted by formulating the preset rule of the messages with the same message characteristics, and by comparing the relation between N and N, when N is greater than N, the cracking attempt exists in the messages in the time period, and meanwhile, the cracking attempt is monitored to be successfully cracked, and the violent cracking attempt is settled. Therefore, the method solves the technical problems that the method for preventing the login information from being violently cracked in the related technology has the defects of a comparison mode and the report omission of defense safety, and realizes the functional characteristics of visible bursting process, judgment of bursting results, high bursting success and real-time performance and the like in the operation of bursting attempts.
EXAMPLE six
This embodiment provides a block diagram of a system corresponding to the method described in the fifth embodiment. Fig. 6 is a block diagram of a brute force cracking system according to an embodiment of the present application, and as shown in fig. 6, the system includes:
the acquisition module 10 is configured to acquire an input signal of a starting time T, a time window period T, and an alarm threshold N set according to a preset rule within the time window period T;
the analysis module 20 is configured to obtain a flow rate from a starting time T to a time T + T, and analyze the flow rate to obtain a message;
the judging module 30 is configured to count the number N of the messages according to the preset rule, and judge whether N is greater than N;
the output module 40: if the judgment result shows that N is more than N, outputting a brute force cracking attempt and sending a prompt signal;
a monitoring module 50 for monitoring whether the brute force cracking attempt is cracked successfully;
the third calculation module 80: and if the brute force cracking attempt is monitored to be cracked successfully, the settlement is carried out on the brute force cracking attempt.
The above modules may be functional modules or program modules, and may be implemented by software or hardware. For a module implemented by hardware, the modules may be located in the same processor; or the modules can be respectively positioned in different processors in any combination.
EXAMPLE seven
The brute force breaking method of the embodiment of the present application described in conjunction with fig. 1, 3, and 5 can be implemented by a computer device. Fig. 7 is a hardware structure diagram of a computer device according to an embodiment of the present application.
The computer device may comprise a processor 91 and a memory 92 in which computer program instructions are stored.
Specifically, the processor 91 may include a Central Processing Unit (CPU), or A Specific Integrated Circuit (ASIC), or may be configured to implement one or more Integrated circuits of the embodiments of the present Application.
The memory 92 may be used to store or cache various data files that need to be processed and/or used for communication, as well as possible computer program instructions executed by the processor 91.
The processor 91 implements any of the brute force methods in the above embodiments by reading and executing computer program instructions stored in the memory 92.
In some of these embodiments, the computer device may also include a communication interface 93 and a bus 90. As shown in fig. 7, the processor 91, the memory 92, and the communication interface 93 are connected to each other via the bus 90 to complete communication therebetween.
The communication interface 93 is used for implementing communication between modules, apparatuses, units and/or devices in the embodiments of the present application. The communication interface 93 may also enable communication with other components such as: the data communication is carried out among external equipment, image/data acquisition equipment, a database, external storage, an image/data processing workstation and the like.
The bus 90 comprises hardware, software, or both coupling the components of the computer device to each other. Bus 90 includes, but is not limited to, at least one of the following: data Bus (Data Bus), Address Bus (Address Bus), Control Bus (Control Bus), Expansion Bus (Expansion Bus), and Local Bus (Local Bus). By way of example, and not limitation, Bus 90 may include an Accelerated Graphics Port (AGP) or other Graphics Bus, an Enhanced Industry Standard Architecture (EISA) Bus, a Front-Side Bus (FSB), a Hyper Transport (HT) Interconnect, an ISA (ISA) Bus, an InfiniBand (InfiniBand) Interconnect, a Low Pin Count (LPC) Bus, a memory Bus, a microchannel Architecture (MCA) Bus, a PCI (Peripheral Component Interconnect) Bus, a PCI-Express (PCI-X) Bus, a Serial Advanced Technology Attachment (SATA) Bus, a Video Electronics Bus (audio Electronics Association), abbreviated VLB) bus or other suitable bus or a combination of two or more of these. Bus 90 may include one or more buses, where appropriate. Although specific buses are described and shown in the embodiments of the application, any suitable buses or interconnects are contemplated by the application.
The computer device can execute the brute force cracking method in the embodiment of the present application based on the acquired brute force cracking system, thereby implementing the brute force cracking method described with reference to fig. 1, 3, and 5.
In addition, in combination with the brute force cracking method in the above embodiments, the embodiments of the present application may be implemented by providing a storage medium. The storage medium having stored thereon computer program instructions; the computer program instructions, when executed by a processor, implement any one of the brute force cracking methods of the first, third, and fifth embodiments.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A brute force cracking method is characterized by comprising the following steps:
acquiring input signals of a starting point time T, a time window period T and an alarm threshold value N set according to a preset rule in the time window period T;
acquiring the flow from the starting time T to the time T + T, and analyzing the flow to acquire a message;
counting the number N of the messages according to the preset rule, and judging whether N is greater than N;
if yes, outputting a brute force cracking attempt and sending a prompt signal;
meanwhile, whether the brute force cracking attempt is cracked successfully is monitored;
if the cracking is not successful, the step of obtaining the flow from the starting time T to the time T + T is repeated by taking the output time of the brute force cracking attempt as the starting time, the flow is analyzed to obtain a message until the sliding time reaches the time of the time window period T, and when the brute force cracking is successful, the brute force cracking attempt is settled after the time window period T is expired.
2. The brute force cracking method according to claim 1, wherein after the step of counting the number N of the messages according to the preset rule and determining whether N > N is true, the method further comprises:
if N is greater than N and is not true, repeating the steps of obtaining the flow from the starting time T to the time T + T by taking the time T + T as a starting point, analyzing the flow to obtain a message until the sliding time reaches the time of the time window period T, and settling the brute force cracking attempt after the time window period T is expired when the brute force cracking success is monitored.
3. The brute force cracking method of claim 1, wherein after the step of simultaneously monitoring whether the brute force cracking attempt was successful, the method further comprises:
and if the brute force cracking attempt is monitored to be cracked successfully, the brute force cracking attempt is settled.
4. The brute force cracking method according to claim 1, wherein the preset rules refer to messages with the same message characteristics.
5. The brute force cracking method according to claim 1, wherein the traffic comprises the number of different login IPs and the number of login IPs.
6. A brute force system, comprising:
the device comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring an input signal of a starting point time T, a time window period T and an alarm threshold value N set according to a preset rule in the time window period T;
the analysis module is used for acquiring the flow from the starting time T to the time T + T and analyzing the flow to acquire a message;
the judging module is used for counting the number N of the messages according to the preset rule and judging whether N is greater than N;
an output module: if the judgment result shows that N is more than N, outputting a brute force cracking attempt and sending a prompt signal;
the monitoring module is used for monitoring whether the brute force cracking attempt is cracked successfully or not;
and the first settlement module is used for repeating the steps of obtaining the flow from the starting time T to the time T + T and analyzing the flow to obtain a message by taking the output time of the brute force cracking attempt as the starting time under the condition that cracking is not successful, until the sliding time reaches the time of the time window period T, and when the brute force cracking is monitored to be successful, settling the brute force cracking attempt after the time window period T is expired.
7. The brute force breaking system of claim 6, further comprising:
a second settlement module: and if the judgment result that N is more than N is false, repeating the steps of obtaining the flow from the starting time T to the time T + T by taking the time T + T as a starting point, analyzing the flow to obtain a message until the sliding time reaches the time of the time window period T, and settling the brute force cracking attempt after the time window period T expires when the brute force cracking success is monitored.
8. The brute force breaking system of claim 6, further comprising:
a third settlement module: and if the brute force cracking attempt is monitored to be cracked successfully, the settlement is carried out on the brute force cracking attempt.
9. A computer comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the computer program when executed by the processor implements the brute force methodology of any of claims 1-5.
10. A storage medium on which a computer program is stored which, when being executed by a processor, carries out the brute force breaking method according to any one of claims 1 to 5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111470950.7A CN114172831B (en) | 2021-12-03 | 2021-12-03 | Brute force cracking method, system, computer and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111470950.7A CN114172831B (en) | 2021-12-03 | 2021-12-03 | Brute force cracking method, system, computer and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114172831A true CN114172831A (en) | 2022-03-11 |
CN114172831B CN114172831B (en) | 2024-05-28 |
Family
ID=80482960
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111470950.7A Active CN114172831B (en) | 2021-12-03 | 2021-12-03 | Brute force cracking method, system, computer and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114172831B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115208789A (en) * | 2022-07-14 | 2022-10-18 | 上海斗象信息科技有限公司 | Method and device for determining directory blasting behavior, electronic equipment and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090260065A1 (en) * | 2008-04-09 | 2009-10-15 | Safechannel Inc. | Cumulative Login Credit |
WO2016045347A1 (en) * | 2014-09-25 | 2016-03-31 | 中兴通讯股份有限公司 | Malicious attack detection method, terminal, and computer storage medium |
CN108494735A (en) * | 2018-02-13 | 2018-09-04 | 北京明朝万达科技股份有限公司 | It is a kind of illegally to crack login analysis alarm method and device |
CN109743325A (en) * | 2019-01-11 | 2019-05-10 | 北京中睿天下信息技术有限公司 | A kind of Brute Force attack detection method, system, equipment and storage medium |
CN112688930A (en) * | 2020-12-18 | 2021-04-20 | 深圳前海微众银行股份有限公司 | Brute force cracking detection method, system, equipment and medium |
-
2021
- 2021-12-03 CN CN202111470950.7A patent/CN114172831B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090260065A1 (en) * | 2008-04-09 | 2009-10-15 | Safechannel Inc. | Cumulative Login Credit |
WO2016045347A1 (en) * | 2014-09-25 | 2016-03-31 | 中兴通讯股份有限公司 | Malicious attack detection method, terminal, and computer storage medium |
CN108494735A (en) * | 2018-02-13 | 2018-09-04 | 北京明朝万达科技股份有限公司 | It is a kind of illegally to crack login analysis alarm method and device |
CN109743325A (en) * | 2019-01-11 | 2019-05-10 | 北京中睿天下信息技术有限公司 | A kind of Brute Force attack detection method, system, equipment and storage medium |
CN112688930A (en) * | 2020-12-18 | 2021-04-20 | 深圳前海微众银行股份有限公司 | Brute force cracking detection method, system, equipment and medium |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115208789A (en) * | 2022-07-14 | 2022-10-18 | 上海斗象信息科技有限公司 | Method and device for determining directory blasting behavior, electronic equipment and storage medium |
CN115208789B (en) * | 2022-07-14 | 2023-06-09 | 上海斗象信息科技有限公司 | Method and device for determining directory blasting behavior, electronic equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN114172831B (en) | 2024-05-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11671402B2 (en) | Service resource scheduling method and apparatus | |
CN109831461B (en) | Distributed denial of service (DDoS) attack defense method and device | |
CN108429651B (en) | Flow data detection method and device, electronic equipment and computer readable medium | |
EP2959707B1 (en) | Network security system and method | |
CN105142146B (en) | Authentication method, device and system for WIFI hotspot access | |
CN101707601B (en) | Invasion defence detection method and device and gateway equipment | |
WO2015018303A1 (en) | Method and device for detecting distributed denial of service attack | |
CN112261007B (en) | Https malicious encryption traffic detection method and system based on machine learning and storage medium | |
CN110417717B (en) | Login behavior identification method and device | |
CN111314328A (en) | Network attack protection method and device, storage medium and electronic equipment | |
CN104009870A (en) | WLAN wireless intrusion alarm aggregation method | |
Sou et al. | Random packet inspection scheme for network intrusion prevention in LTE core networks | |
EP4293550A1 (en) | Traffic processing method and protection system | |
CN114172831A (en) | Brute force cracking method, system, computer and storage medium | |
CN110022319B (en) | Attack data security isolation method and device, computer equipment and storage equipment | |
CN110958245B (en) | Attack detection method, device, equipment and storage medium | |
EP3382978A1 (en) | Distributed denial of service analysis | |
Lovinger et al. | Detection of wireless fake access points | |
CN115412265A (en) | Domain name hijacking monitoring method, device, equipment and computer readable storage medium | |
CN110881016B (en) | Network security threat assessment method and device | |
CN113660260B (en) | Message detection method, system, computer equipment and readable storage medium | |
CN115633359A (en) | PFCP session security detection method, device, electronic equipment and storage medium | |
CN107196916A (en) | A kind of method, network side equipment and the terminal of virus document detection | |
US20200228567A1 (en) | Detecting Shrew Attacks Using Spectral Analysis and Clustering | |
Chen et al. | A wireless intrusion Alerts Clustering Method for mobile internet |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |