CN114172831A - Brute force cracking method, system, computer and storage medium - Google Patents

Brute force cracking method, system, computer and storage medium Download PDF

Info

Publication number
CN114172831A
CN114172831A CN202111470950.7A CN202111470950A CN114172831A CN 114172831 A CN114172831 A CN 114172831A CN 202111470950 A CN202111470950 A CN 202111470950A CN 114172831 A CN114172831 A CN 114172831A
Authority
CN
China
Prior art keywords
brute force
time
force cracking
attempt
cracking
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111470950.7A
Other languages
Chinese (zh)
Other versions
CN114172831B (en
Inventor
孟师文
范渊
刘博�
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
DBAPPSecurity Co Ltd
Original Assignee
DBAPPSecurity Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by DBAPPSecurity Co Ltd filed Critical DBAPPSecurity Co Ltd
Priority to CN202111470950.7A priority Critical patent/CN114172831B/en
Publication of CN114172831A publication Critical patent/CN114172831A/en
Application granted granted Critical
Publication of CN114172831B publication Critical patent/CN114172831B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0876Network utilisation, e.g. volume of load or congestion level
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Environmental & Geological Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Alarm Systems (AREA)

Abstract

The application relates to a brute force cracking method, a system, a computer and a storage medium, wherein the brute force cracking method comprises the following steps: the method comprises the following steps: acquiring input signals of a starting time T, a time window period T and an alarm threshold value N; acquiring the flow from the starting time T to the time T + T and acquiring a message; step two: counting the number N of the messages according to a preset rule and judging whether N is greater than N; if yes, outputting a brute force cracking attempt; meanwhile, monitoring whether the brute force cracking attempt is cracked successfully; step three: and if the cracking is not successful, the output time of the brute force cracking attempt is taken as the starting time, the second step is repeated until the sliding time length reaches the time length of the time window period T, and when the brute force cracking success is monitored, the brute force cracking attempt is settled after the time window period T is expired. By the method and the device, the defects of a comparison mode and the problem of missing report of defense safety in the conventional method for preventing the login information from being violently cracked are solved.

Description

Brute force cracking method, system, computer and storage medium
Technical Field
The present application relates to the technical field of network security data, and in particular, to a brute force cracking method, system, computer, and storage medium.
Background
While the economy is rapidly developed, the science and technology are continuously improved, and the network becomes an indispensable important component in the current social production life, so that great convenience is brought to users. Meanwhile, the network system also suffers from certain security threats, which brings adverse effects to normal use of the network system by people. Especially in the big data era, a large amount of important information is stored in the network system, and once the network system has a security problem, great loss is caused. The network security incident refers to the improper action which affects the computer system and the network security, the network security incident generally generates in a short time, and the loss caused is huge, the key points of the network incident are speed and efficiency, and the network security emergency response is to have clear knowledge, estimate and prepare for the network security, so that the network security incident can be orderly dealt with and properly processed once an emergent network security incident occurs.
With the development of networks, the current network security situation is very severe. The weak password and the long-term unchangeable password account number bring great security threat to the information system. The information system should strengthen the management and security awareness of various personal network accounts, change the password into a strong password and maintain the strong password regularly, but the attack and defense always exist. The login authentication mode of the global wide area network service has no uniform standard, and brute force cracking becomes a preferred attack means for most hackers due to the characteristics of simple operation and low cost, so that how to prevent login information from being brute force cracked is more important. The brute force attack means that an attacker systematically combines all possibilities and tries all possibilities, so that sensitive information such as an account name and a password of a user is broken. Although brute force attacks are not very complex attack types, if they cannot be effectively traffic monitored and analyzed, then cracking may be successful. The number of login attempts such as the same IP may exist in the previous window and the next window, and is dispersed in the number of the two windows, so that the brute force cracking condition is not met; and the times of the two windows are overlapped, so that the times of brute force cracking can be met, and at the moment, the report missing can occur. Therefore, the account safety problem cannot be completely solved only by human defense on one hand, and defense and early warning are required to be carried out by some intelligent means.
At present, no effective solution is provided for the technical problem of report omission of brute force cracking defense security in the related technology.
Disclosure of Invention
The embodiment of the application provides a brute force cracking method, a system, a computer and a storage medium, which are used for at least solving the technical problem of report omission of brute force cracking defense safety in the related technology.
In a first aspect, an embodiment of the present application provides a brute force cracking method, including:
acquiring input signals of a starting point time T, a time window period T and an alarm threshold value N set according to a preset rule in the time window period T;
acquiring the flow from the starting time T to the time T + T, and analyzing the flow to acquire a message;
counting the number N of the messages according to the preset rule, and judging whether N is greater than N;
if yes, outputting a brute force cracking attempt and sending a prompt signal;
meanwhile, whether the brute force cracking attempt is cracked successfully is monitored;
if the cracking is not successful, the step of obtaining the flow from the starting time T to the time T + T is repeated by taking the output time of the brute force cracking attempt as the starting time, the flow is analyzed to obtain a message until the sliding time reaches the time of the time window period T, and when the brute force cracking is successful, the brute force cracking attempt is settled after the time window period T is expired.
In some embodiments, after the step of counting the number N of the messages according to the preset rule and determining whether N > N is satisfied, the method further includes:
if N is greater than N and is not true, repeating the steps of obtaining the flow from the starting time T to the time T + T by taking the time T + T as a starting point, analyzing the flow to obtain a message until the sliding time reaches the time of the time window period T, and settling the brute force cracking attempt after the time window period T is expired when the brute force cracking success is monitored.
In some embodiments, after the step of monitoring whether the brute force cracking attempt is successful, the method further comprises:
and if the brute force cracking attempt is monitored to be cracked successfully, the brute force cracking attempt is settled.
In some embodiments, the preset rule refers to messages having the same message characteristics; the message feature of this embodiment refers to the login IP message format.
In some of these embodiments, the traffic includes the number of different login IPs and the number of same IP login.
In a second aspect, an embodiment of the present application provides a brute force cracking system, including:
the device comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring an input signal of a starting point time T, a time window period T and an alarm threshold value N set according to a preset rule in the time window period T;
the analysis module is used for acquiring the flow from the starting time T to the time T + T and analyzing the flow to acquire a message;
the judging module is used for counting the number N of the messages according to the preset rule and judging whether N is greater than N;
an output module: if the judgment result shows that N is more than N, outputting a brute force cracking attempt and sending a prompt signal;
the monitoring module is used for monitoring whether the brute force cracking attempt is cracked successfully or not;
and the first settlement module is used for repeating the steps of obtaining the flow from the starting time T to the time T + T and analyzing the flow to obtain a message by taking the output time of the brute force cracking attempt as the starting time under the condition that cracking is not successful, until the sliding time reaches the time of the time window period T, and when the brute force cracking is monitored to be successful, settling the brute force cracking attempt after the time window period T is expired.
In some of these embodiments, the system further comprises:
a second settlement module: and if the judgment result that N is more than N is false, repeating the steps of obtaining the flow from the starting time T to the time T + T by taking the time T + T as a starting point, analyzing the flow to obtain a message until the sliding time reaches the time of the time window period T, and settling the brute force cracking attempt after the time window period T expires when the brute force cracking success is monitored.
In some of these embodiments, the system further comprises:
a third settlement module: and if the brute force cracking attempt is monitored to be cracked successfully, the settlement is carried out on the brute force cracking attempt.
In a third aspect, an embodiment of the present application provides a computer, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor executes the computer program to implement the brute force cracking method according to the first aspect.
In a fourth aspect, the present application provides a storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the brute force cracking method according to the first aspect.
Compared with the related art, the brute force cracking method, the system, the computer and the storage medium provided by the embodiment of the application monitor brute force cracking attempts based on the sliding window. If brute force cracking exists, whether synchronous monitoring is successful or not is carried out, specifically, when the number N of the messages with the same message characteristics reaches an alarm threshold value N is recorded in a time window, a brute force cracking attempt is immediately output, the time of alarm output is taken as a starting point, brute force cracking detection is continuously carried out, the time window continues to slide, and if brute force cracking is still carried out, the brute force cracking attempt is output only when settlement is carried out after the time window is expired, so that the technical problem of report omission of brute force cracking defense safety in the related technology is solved, and the functional characteristics of visible brute force process, judgment of brute force results, high brute force success and real-time performance and the like in the running of the brute force cracking attempt are realized.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a flowchart of a brute force cracking method according to an embodiment of the present invention;
fig. 2 is a block diagram of a brute force cracking system corresponding to a method according to a second embodiment of the present invention;
fig. 3 is a flowchart of a brute force cracking method according to a third embodiment of the present invention;
fig. 4 is a structural block diagram of a brute force cracking system corresponding to the third method according to the fourth embodiment of the present invention;
fig. 5 is a flowchart of a brute force cracking method according to a fifth embodiment of the present invention;
fig. 6 is a block diagram of a brute force cracking system corresponding to the fifth method according to the sixth embodiment of the present invention;
fig. 7 is a schematic diagram of a hardware structure of a computer according to a seventh embodiment of the present invention.
Description of reference numerals:
10-an acquisition module;
20-an analysis module;
30-a judging module;
40-an output module;
50-a monitoring module;
60-a first settlement module;
70-a second settlement module;
80-a third settlement module;
90-bus; 91-a processor; 92-a memory; 93-communication interface.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be described and illustrated below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments provided in the present application without any inventive step are within the scope of protection of the present application.
It is obvious that the drawings in the following description are only examples or embodiments of the present application, and that it is also possible for a person skilled in the art to apply the present application to other similar contexts on the basis of these drawings without inventive effort. Moreover, it should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the specification. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of ordinary skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments without conflict.
Unless defined otherwise, technical or scientific terms referred to herein shall have the ordinary meaning as understood by those of ordinary skill in the art to which this application belongs. Reference to "a," "an," "the," and similar words throughout this application are not to be construed as limiting in number, and may refer to the singular or the plural. The present application is directed to the use of the terms "including," "comprising," "having," and any variations thereof, which are intended to cover non-exclusive inclusions; for example, a process, method, system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to the listed steps or elements, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. Reference to "connected," "coupled," and the like in this application is not intended to be limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. The term "plurality" as referred to herein means two or more. "and/or" describes an association relationship of associated objects, meaning that three relationships may exist, for example, "A and/or B" may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. Reference herein to the terms "first," "second," "third," and the like, are merely to distinguish similar objects and do not denote a particular ordering for the objects.
The various techniques described herein may be used in various Wireless communication systems, such as 2G, 3G, 4G, 5G communication systems and next generation communication systems, such as Global System for Mobile communications (GSM), Code Division Multiple Access (CDMA), Time Division Multiple Access (TDMA), Wideband Code Division Multiple Access (OFDMA), Frequency Division Multiple Access (WCDMA), Frequency Division Multiple Access (FDMA), Orthogonal Frequency Division Multiple Access (OFDMA), FDMA-System, General Packet Radio Service (GPRS), LTE-5G (Radio System for Long Term Evolution (LTE), abbreviated NR) systems and other such communication systems.
The brute force cracking system provided by this embodiment may be integrated in a base station, a Radio Remote Unit (Radio Remote Unit, abbreviated as RRU), or any other network element device that needs to perform Radio frequency transceiving. A base station in this context may be a device in an access network that communicates over the air-interface, through one or more sectors, with wireless terminals. The base station may be configured to interconvert received air frames with Internet Protocol (IP) packets as a router between the wireless terminal and the rest of the access network, which may include an IP network. The base station may also coordinate management of attributes for the air interface. For example, the Base Station may be a Base Transceiver Station (BTS) in GSM or CDMA, a Base Station (Node B) in WCDMA, an evolved Node B (eNB or e-Node B) in LTE, or a generation Node B (gNB) in 5G NR, and the present application is not limited thereto.
Example one
The embodiment provides a brute force cracking method. Fig. 1 is a flowchart of a brute force cracking method according to an embodiment of the present application, and as shown in fig. 1, the flowchart includes the following steps:
step S101, acquiring an input signal of a starting time T, a time window period T and an alarm threshold value N set according to a preset rule in the time period of the time window period T.
The preset rules refer to messages with the same message characteristics, and the message characteristics refer to login IP message formats.
Step S102, obtaining the flow from the starting time T to the time T + T, and analyzing the flow to obtain the message.
The flow comprises the times of different login IPs and the times of the same login IP.
Step S103, counting the number N of the messages according to the preset rule, and judging whether N is greater than N.
And step S104, if yes, outputting a brute force cracking attempt and sending a prompt signal.
And step S105, simultaneously monitoring whether the brute force cracking attempt is cracked successfully.
And S106, if the cracking is not successful, the step of obtaining the flow from the starting time T to the time T + T and analyzing the flow to obtain a message is repeated by taking the output time of the brute force cracking attempt as the starting time, until the sliding time reaches the time of the time window period T, and when the brute force cracking is successful, the brute force cracking attempt is settled after the time window period T is expired.
Through the steps, on the basis of selecting the time starting point T, the messages in the time period from the time starting point T to the time window period T are collected, the preset rules of the messages with the same message characteristics are made, the number N of the messages in the preset rules is counted, the relation between N and N is compared, when N is larger than N, the fact that cracking attempts exist in the messages in the time period is indicated, meanwhile, the cracking attempts are monitored to be not cracked successfully, the output time of the cracking attempts is taken as the starting time, the step S102 is repeated until the sliding time reaches the duration of the time window period T, and when the cracking attempts are monitored to be successful, the cracking attempts are settled after the time window period T is expired. Therefore, the technical problem of report omission of brute force cracking defense safety in the related technology is solved, and the functional characteristics of visible cracking process, judgment of cracking results, high cracking success and instantaneity and the like in the running of cracking attempts are realized.
Example two
The embodiment provides a structural block diagram of a system corresponding to the method in the first embodiment. Fig. 2 is a block diagram of a brute force cracking system according to an embodiment of the present application, and as shown in fig. 2, the system includes:
the acquisition module 10 is configured to acquire an input signal of a starting time T, a time window period T, and an alarm threshold N set according to a preset rule within the time window period T;
the analysis module 20 is configured to obtain a flow rate from a starting time T to a time T + T, and analyze the flow rate to obtain a message;
the judging module 30 is configured to count the number N of the messages according to the preset rule, and judge whether N is greater than N;
the output module 40: if the judgment result shows that N is more than N, outputting a brute force cracking attempt and sending a prompt signal;
a monitoring module 50 for monitoring whether the brute force cracking attempt is cracked successfully;
and a first settlement module 60, configured to repeat the steps of obtaining the flow from the starting time T to the time T + T and analyzing the flow to obtain a message, with the output time of the brute force cracking attempt as the starting time, if the cracking is not successful, until the sliding duration reaches the duration of the time window period T, and when the brute force cracking is detected to be successful, settle the brute force cracking attempt after the time window period T expires.
The above modules may be functional modules or program modules, and may be implemented by software or hardware. For a module implemented by hardware, the modules may be located in the same processor; or the modules can be respectively positioned in different processors in any combination.
EXAMPLE III
The implementation provides a brute force cracking method. Fig. 3 is a flowchart of another brute force cracking method according to an embodiment of the present application, and as shown in fig. 3, the flowchart includes the following steps:
step S201, obtaining an input signal of a starting time T, a time window period T and an alarm threshold value N set according to a preset rule in the time period of the time window period T.
Step S202, obtaining the flow from the starting time T to the time T + T, and analyzing the flow to obtain the message.
Step S203, counting the number N of the messages according to the preset rule, and judging whether N is greater than N.
And S204, if not, repeating the steps of obtaining the flow from the starting time T to the time T + T by taking the time T + T as the starting point, analyzing the flow to obtain a message until the sliding time reaches the time of the time window period T, and when the brute force cracking is successfully monitored, settling the brute force cracking attempt after the time window period T is expired.
Through the steps, on the basis of selecting the time starting point T, the messages in the time period from the time starting point T to the time window period T are collected, the preset rules of the messages with the same message characteristics are made, the number N of the messages in the preset rules is counted, the relation between N and N is compared, when N is not larger than N, the fact that cracking attempts do not exist in the messages in the time period is indicated, the time T + T is taken as the starting time, the step S202 is repeated until the sliding duration reaches the duration of the time window period T, and when the cracking success of the brute force is monitored, the cracking attempts are settled after the time window period T is expired. Therefore, the technical problem of report omission of brute force cracking defense safety in the related technology is solved, and the functional characteristics of visible cracking process, judgment of cracking results, high cracking success and instantaneity and the like in the running of cracking attempts are realized.
Example four
This embodiment provides a block diagram of a system corresponding to the method described in the third embodiment. Fig. 4 is a block diagram of a brute force cracking system according to an embodiment of the present application, and as shown in fig. 4, the system includes:
the acquisition module 10 is configured to acquire an input signal of a starting time T, a time window period T, and an alarm threshold N set according to a preset rule within the time window period T;
the analysis module 20 is configured to obtain a flow rate from a starting time T to a time T + T, and analyze the flow rate to obtain a message;
the judging module 30 is configured to count the number N of the messages according to the preset rule, and judge whether N is greater than N;
the second settlement module 70: and if the judgment result that N is more than N is false, repeating the steps of obtaining the flow from the starting time T to the time T + T by taking the time T + T as a starting point, analyzing the flow to obtain a message until the sliding time reaches the time of the time window period T, and settling the brute force cracking attempt after the time window period T expires when the brute force cracking success is monitored.
The above modules may be functional modules or program modules, and may be implemented by software or hardware. For a module implemented by hardware, the modules may be located in the same processor; or the modules can be respectively positioned in different processors in any combination.
EXAMPLE five
The implementation provides a brute force cracking method. Fig. 5 is a flowchart of another brute force breaking method according to an embodiment of the present application, and as shown in fig. 5, the flowchart includes the following steps:
step S301, acquiring an input signal of a starting time T, a time window period T and an alarm threshold value N set according to a preset rule in the time period of the time window period T;
step S302, obtaining the flow from the starting time T to the time T + T, and analyzing the flow to obtain a message;
step S303, counting the number N of the messages according to the preset rule, and judging whether N is greater than N;
step S304, if yes, outputting a brute force cracking attempt and sending a prompt signal;
step S305, monitoring whether the brute force cracking attempt is cracked successfully or not;
and step S306, if yes, settling the brute force cracking attempt.
Through the steps, on the basis of selecting the time starting point T, the messages in the time period from the time starting point T to the time window period T are collected, the number N of the messages in the preset rule is counted by formulating the preset rule of the messages with the same message characteristics, and by comparing the relation between N and N, when N is greater than N, the cracking attempt exists in the messages in the time period, and meanwhile, the cracking attempt is monitored to be successfully cracked, and the violent cracking attempt is settled. Therefore, the method solves the technical problems that the method for preventing the login information from being violently cracked in the related technology has the defects of a comparison mode and the report omission of defense safety, and realizes the functional characteristics of visible bursting process, judgment of bursting results, high bursting success and real-time performance and the like in the operation of bursting attempts.
EXAMPLE six
This embodiment provides a block diagram of a system corresponding to the method described in the fifth embodiment. Fig. 6 is a block diagram of a brute force cracking system according to an embodiment of the present application, and as shown in fig. 6, the system includes:
the acquisition module 10 is configured to acquire an input signal of a starting time T, a time window period T, and an alarm threshold N set according to a preset rule within the time window period T;
the analysis module 20 is configured to obtain a flow rate from a starting time T to a time T + T, and analyze the flow rate to obtain a message;
the judging module 30 is configured to count the number N of the messages according to the preset rule, and judge whether N is greater than N;
the output module 40: if the judgment result shows that N is more than N, outputting a brute force cracking attempt and sending a prompt signal;
a monitoring module 50 for monitoring whether the brute force cracking attempt is cracked successfully;
the third calculation module 80: and if the brute force cracking attempt is monitored to be cracked successfully, the settlement is carried out on the brute force cracking attempt.
The above modules may be functional modules or program modules, and may be implemented by software or hardware. For a module implemented by hardware, the modules may be located in the same processor; or the modules can be respectively positioned in different processors in any combination.
EXAMPLE seven
The brute force breaking method of the embodiment of the present application described in conjunction with fig. 1, 3, and 5 can be implemented by a computer device. Fig. 7 is a hardware structure diagram of a computer device according to an embodiment of the present application.
The computer device may comprise a processor 91 and a memory 92 in which computer program instructions are stored.
Specifically, the processor 91 may include a Central Processing Unit (CPU), or A Specific Integrated Circuit (ASIC), or may be configured to implement one or more Integrated circuits of the embodiments of the present Application.
Memory 92 may include, among other things, mass storage for data or instructions. By way of example, and not limitation, memory 92 may include a Hard Disk Drive (Hard Disk Drive, abbreviated to HDD), a floppy Disk Drive, a Solid State Drive (SSD), flash memory, an optical Disk, a magneto-optical Disk, tape, or a Universal Serial Bus (USB) Drive or a combination of two or more of these. Memory 92 may include removable or non-removable (or fixed) media, where appropriate. The memory 92 may be internal or external to the data processing apparatus, where appropriate. In a particular embodiment, the memory 92 is a Non-Volatile (Non-Volatile) memory. In particular embodiments, Memory 92 includes Read-Only Memory (ROM) and Random Access Memory (RAM). The ROM may be mask-programmed ROM, Programmable ROM (PROM), Erasable PROM (EPROM), Electrically Erasable PROM (EEPROM), Electrically rewritable ROM (EAROM), or FLASH Memory (FLASH), or a combination of two or more of these, where appropriate. The RAM may be a Static Random-Access Memory (SRAM) or a Dynamic Random-Access Memory (DRAM), where the DRAM may be a Fast Page Mode Dynamic Random-Access Memory (FPMDRAM), an Extended data output Dynamic Random-Access Memory (EDODRAM), a Synchronous Dynamic Random-Access Memory (SDRAM), and the like.
The memory 92 may be used to store or cache various data files that need to be processed and/or used for communication, as well as possible computer program instructions executed by the processor 91.
The processor 91 implements any of the brute force methods in the above embodiments by reading and executing computer program instructions stored in the memory 92.
In some of these embodiments, the computer device may also include a communication interface 93 and a bus 90. As shown in fig. 7, the processor 91, the memory 92, and the communication interface 93 are connected to each other via the bus 90 to complete communication therebetween.
The communication interface 93 is used for implementing communication between modules, apparatuses, units and/or devices in the embodiments of the present application. The communication interface 93 may also enable communication with other components such as: the data communication is carried out among external equipment, image/data acquisition equipment, a database, external storage, an image/data processing workstation and the like.
The bus 90 comprises hardware, software, or both coupling the components of the computer device to each other. Bus 90 includes, but is not limited to, at least one of the following: data Bus (Data Bus), Address Bus (Address Bus), Control Bus (Control Bus), Expansion Bus (Expansion Bus), and Local Bus (Local Bus). By way of example, and not limitation, Bus 90 may include an Accelerated Graphics Port (AGP) or other Graphics Bus, an Enhanced Industry Standard Architecture (EISA) Bus, a Front-Side Bus (FSB), a Hyper Transport (HT) Interconnect, an ISA (ISA) Bus, an InfiniBand (InfiniBand) Interconnect, a Low Pin Count (LPC) Bus, a memory Bus, a microchannel Architecture (MCA) Bus, a PCI (Peripheral Component Interconnect) Bus, a PCI-Express (PCI-X) Bus, a Serial Advanced Technology Attachment (SATA) Bus, a Video Electronics Bus (audio Electronics Association), abbreviated VLB) bus or other suitable bus or a combination of two or more of these. Bus 90 may include one or more buses, where appropriate. Although specific buses are described and shown in the embodiments of the application, any suitable buses or interconnects are contemplated by the application.
The computer device can execute the brute force cracking method in the embodiment of the present application based on the acquired brute force cracking system, thereby implementing the brute force cracking method described with reference to fig. 1, 3, and 5.
In addition, in combination with the brute force cracking method in the above embodiments, the embodiments of the present application may be implemented by providing a storage medium. The storage medium having stored thereon computer program instructions; the computer program instructions, when executed by a processor, implement any one of the brute force cracking methods of the first, third, and fifth embodiments.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. A brute force cracking method is characterized by comprising the following steps:
acquiring input signals of a starting point time T, a time window period T and an alarm threshold value N set according to a preset rule in the time window period T;
acquiring the flow from the starting time T to the time T + T, and analyzing the flow to acquire a message;
counting the number N of the messages according to the preset rule, and judging whether N is greater than N;
if yes, outputting a brute force cracking attempt and sending a prompt signal;
meanwhile, whether the brute force cracking attempt is cracked successfully is monitored;
if the cracking is not successful, the step of obtaining the flow from the starting time T to the time T + T is repeated by taking the output time of the brute force cracking attempt as the starting time, the flow is analyzed to obtain a message until the sliding time reaches the time of the time window period T, and when the brute force cracking is successful, the brute force cracking attempt is settled after the time window period T is expired.
2. The brute force cracking method according to claim 1, wherein after the step of counting the number N of the messages according to the preset rule and determining whether N > N is true, the method further comprises:
if N is greater than N and is not true, repeating the steps of obtaining the flow from the starting time T to the time T + T by taking the time T + T as a starting point, analyzing the flow to obtain a message until the sliding time reaches the time of the time window period T, and settling the brute force cracking attempt after the time window period T is expired when the brute force cracking success is monitored.
3. The brute force cracking method of claim 1, wherein after the step of simultaneously monitoring whether the brute force cracking attempt was successful, the method further comprises:
and if the brute force cracking attempt is monitored to be cracked successfully, the brute force cracking attempt is settled.
4. The brute force cracking method according to claim 1, wherein the preset rules refer to messages with the same message characteristics.
5. The brute force cracking method according to claim 1, wherein the traffic comprises the number of different login IPs and the number of login IPs.
6. A brute force system, comprising:
the device comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring an input signal of a starting point time T, a time window period T and an alarm threshold value N set according to a preset rule in the time window period T;
the analysis module is used for acquiring the flow from the starting time T to the time T + T and analyzing the flow to acquire a message;
the judging module is used for counting the number N of the messages according to the preset rule and judging whether N is greater than N;
an output module: if the judgment result shows that N is more than N, outputting a brute force cracking attempt and sending a prompt signal;
the monitoring module is used for monitoring whether the brute force cracking attempt is cracked successfully or not;
and the first settlement module is used for repeating the steps of obtaining the flow from the starting time T to the time T + T and analyzing the flow to obtain a message by taking the output time of the brute force cracking attempt as the starting time under the condition that cracking is not successful, until the sliding time reaches the time of the time window period T, and when the brute force cracking is monitored to be successful, settling the brute force cracking attempt after the time window period T is expired.
7. The brute force breaking system of claim 6, further comprising:
a second settlement module: and if the judgment result that N is more than N is false, repeating the steps of obtaining the flow from the starting time T to the time T + T by taking the time T + T as a starting point, analyzing the flow to obtain a message until the sliding time reaches the time of the time window period T, and settling the brute force cracking attempt after the time window period T expires when the brute force cracking success is monitored.
8. The brute force breaking system of claim 6, further comprising:
a third settlement module: and if the brute force cracking attempt is monitored to be cracked successfully, the settlement is carried out on the brute force cracking attempt.
9. A computer comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the computer program when executed by the processor implements the brute force methodology of any of claims 1-5.
10. A storage medium on which a computer program is stored which, when being executed by a processor, carries out the brute force breaking method according to any one of claims 1 to 5.
CN202111470950.7A 2021-12-03 2021-12-03 Brute force cracking method, system, computer and storage medium Active CN114172831B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111470950.7A CN114172831B (en) 2021-12-03 2021-12-03 Brute force cracking method, system, computer and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111470950.7A CN114172831B (en) 2021-12-03 2021-12-03 Brute force cracking method, system, computer and storage medium

Publications (2)

Publication Number Publication Date
CN114172831A true CN114172831A (en) 2022-03-11
CN114172831B CN114172831B (en) 2024-05-28

Family

ID=80482960

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111470950.7A Active CN114172831B (en) 2021-12-03 2021-12-03 Brute force cracking method, system, computer and storage medium

Country Status (1)

Country Link
CN (1) CN114172831B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115208789A (en) * 2022-07-14 2022-10-18 上海斗象信息科技有限公司 Method and device for determining directory blasting behavior, electronic equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090260065A1 (en) * 2008-04-09 2009-10-15 Safechannel Inc. Cumulative Login Credit
WO2016045347A1 (en) * 2014-09-25 2016-03-31 中兴通讯股份有限公司 Malicious attack detection method, terminal, and computer storage medium
CN108494735A (en) * 2018-02-13 2018-09-04 北京明朝万达科技股份有限公司 It is a kind of illegally to crack login analysis alarm method and device
CN109743325A (en) * 2019-01-11 2019-05-10 北京中睿天下信息技术有限公司 A kind of Brute Force attack detection method, system, equipment and storage medium
CN112688930A (en) * 2020-12-18 2021-04-20 深圳前海微众银行股份有限公司 Brute force cracking detection method, system, equipment and medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090260065A1 (en) * 2008-04-09 2009-10-15 Safechannel Inc. Cumulative Login Credit
WO2016045347A1 (en) * 2014-09-25 2016-03-31 中兴通讯股份有限公司 Malicious attack detection method, terminal, and computer storage medium
CN108494735A (en) * 2018-02-13 2018-09-04 北京明朝万达科技股份有限公司 It is a kind of illegally to crack login analysis alarm method and device
CN109743325A (en) * 2019-01-11 2019-05-10 北京中睿天下信息技术有限公司 A kind of Brute Force attack detection method, system, equipment and storage medium
CN112688930A (en) * 2020-12-18 2021-04-20 深圳前海微众银行股份有限公司 Brute force cracking detection method, system, equipment and medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115208789A (en) * 2022-07-14 2022-10-18 上海斗象信息科技有限公司 Method and device for determining directory blasting behavior, electronic equipment and storage medium
CN115208789B (en) * 2022-07-14 2023-06-09 上海斗象信息科技有限公司 Method and device for determining directory blasting behavior, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN114172831B (en) 2024-05-28

Similar Documents

Publication Publication Date Title
US11671402B2 (en) Service resource scheduling method and apparatus
CN109831461B (en) Distributed denial of service (DDoS) attack defense method and device
CN108429651B (en) Flow data detection method and device, electronic equipment and computer readable medium
EP2959707B1 (en) Network security system and method
CN105142146B (en) Authentication method, device and system for WIFI hotspot access
CN101707601B (en) Invasion defence detection method and device and gateway equipment
WO2015018303A1 (en) Method and device for detecting distributed denial of service attack
CN112261007B (en) Https malicious encryption traffic detection method and system based on machine learning and storage medium
CN110417717B (en) Login behavior identification method and device
CN111314328A (en) Network attack protection method and device, storage medium and electronic equipment
CN104009870A (en) WLAN wireless intrusion alarm aggregation method
Sou et al. Random packet inspection scheme for network intrusion prevention in LTE core networks
EP4293550A1 (en) Traffic processing method and protection system
CN114172831A (en) Brute force cracking method, system, computer and storage medium
CN110022319B (en) Attack data security isolation method and device, computer equipment and storage equipment
CN110958245B (en) Attack detection method, device, equipment and storage medium
EP3382978A1 (en) Distributed denial of service analysis
Lovinger et al. Detection of wireless fake access points
CN115412265A (en) Domain name hijacking monitoring method, device, equipment and computer readable storage medium
CN110881016B (en) Network security threat assessment method and device
CN113660260B (en) Message detection method, system, computer equipment and readable storage medium
CN115633359A (en) PFCP session security detection method, device, electronic equipment and storage medium
CN107196916A (en) A kind of method, network side equipment and the terminal of virus document detection
US20200228567A1 (en) Detecting Shrew Attacks Using Spectral Analysis and Clustering
Chen et al. A wireless intrusion Alerts Clustering Method for mobile internet

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant