CN114363022A - Attack tracing method and device, electronic equipment and storage medium - Google Patents
Attack tracing method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN114363022A CN114363022A CN202111577925.9A CN202111577925A CN114363022A CN 114363022 A CN114363022 A CN 114363022A CN 202111577925 A CN202111577925 A CN 202111577925A CN 114363022 A CN114363022 A CN 114363022A
- Authority
- CN
- China
- Prior art keywords
- attack
- tracing
- instruction
- server
- page
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 230000006399 behavior Effects 0.000 claims description 48
- 230000006870 function Effects 0.000 claims description 15
- 238000006243 chemical reaction Methods 0.000 claims description 6
- 238000001914 filtration Methods 0.000 claims description 6
- 238000010586 diagram Methods 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 235000014510 cooky Nutrition 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/146—Tracing the source of attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The disclosure provides an attack tracing method, an attack tracing device, electronic equipment and a storage medium, and relates to the technical field of network security. The specific technical scheme is as follows: if the attack behavior of an attacker on user equipment is detected, sending indication information to a server, wherein the indication information is used for indicating the attack behavior; receiving an attack tracing instruction sent by the server; and tracing the source of the attack behavior of the attacker according to the attack tracing instruction. The present disclosure is directed to improving security of a network environment.
Description
Technical Field
The present disclosure relates to the field of network security technologies, and in particular, to an attack tracing method and apparatus, an electronic device, and a storage medium.
Background
The browser is used as a portal for the user to access the internet, and the security of the browser is very important. Any inadvertent click of the user in the browser may cause information leakage. An attacker utilizes some bugs of the browser, when a user opens the browser and accesses a webpage through the browser, a light person can steal cookie, namely identity information, of the user, and privacy such as browser records of the user is obtained; the serious person causes the files on the user computer to be stolen and tampered, and even a back door is installed on the user computer to steal user information. Therefore, the attack behavior of the attacker needs to be traced to ensure the security of the network environment.
Disclosure of Invention
The embodiment of the disclosure provides an attack tracing method, an attack tracing device, electronic equipment and a storage medium, so as to provide an attack tracing technical scheme. The technical scheme is as follows:
according to a first aspect of the embodiments of the present disclosure, an attack tracing method is provided, which is applied to a browser, and includes:
if the attack behavior of an attacker on user equipment is detected, sending indication information to a server, wherein the indication information is used for indicating the attack behavior;
receiving an attack tracing instruction sent by the server;
and tracing the source of the attack behavior of the attacker according to the attack tracing instruction.
According to the attack tracing method provided by the embodiment of the disclosure, if an attacker is detected to have an attack behavior on user equipment, indication information is sent to a server, and the indication information is used for indicating the attack behavior; receiving an attack tracing instruction sent by the server; the attack behavior of the attacker is traced according to the attack tracing instruction, so that the attack behavior can be traced when the attack behavior of the attacker on the user equipment is detected, and the safety of the network environment is effectively improved.
In one embodiment, the tracing the attacker according to the attack tracing instruction includes:
generating a first page according to the attack tracing instruction and displaying the first page on the user equipment, wherein the first page is used for indicating to update Flash;
receiving a Flash updating instruction input by a user on the first page;
acquiring the permission of the Flash application to access a camera and a microphone of the user equipment according to the Flash updating instruction;
after the use permission of the camera and the microphone is obtained, a target flash application is generated;
starting the camera and the microphone through the target flash application, and acquiring photo information of an attacker through the camera and acquiring sound information of the attacker through the microphone;
and sending the photo information and the sound information to the server.
In one embodiment, the tracing the attacker according to the attack tracing instruction includes:
sending an opposite end connection request to a target device according to the attack tracing instruction;
receiving an SDP (service description protocol) packet body responded by the target equipment according to the end-to-end connection request;
obtaining the IP address of the user equipment by regularly filtering an SDP inclusion;
and sending the IP address of the user equipment to the server.
In one embodiment, the tracing the attacker according to the attack tracing instruction includes:
acquiring characteristic information of the browser according to the attack tracing instruction;
performing hash conversion on the characteristic information to generate an ID of the user equipment;
and sending the ID of the user equipment to the server.
In one embodiment, the tracing the attacker according to the attack tracing instruction includes:
polling each IP in the network segment of the local area network of the user equipment according to the attack tracing instruction to obtain the use state of each IP in the network segment of the local area network and the number of the IPs in the network segment of the local area network;
and sending the IP number and the use state of each IP to a server.
In one embodiment, the tracing the attacker according to the attack tracing instruction includes:
generating a target Iframe page according to the attack tracing instruction and displaying the target Iframe page on the user equipment, wherein the target Iframe page is a login page of a target website;
filling an account password which is pre-stored by the browser and used for logging in the target website into a page of the target Iframe;
inquiring a DOM element corresponding to the page of the target Iframe, and acquiring the account password;
and sending the account password to the server.
In one embodiment, the tracing the attacker according to the attack tracing instruction includes:
generating a second page according to the attack tracing instruction, wherein an execution function is added in a title of the second page;
executing the execution function, and acquiring user information pre-stored in the browser, wherein the user information comprises an account password and information of a user bookmark favorite;
and sending the user information to the server.
According to a second aspect of the embodiments of the present disclosure, there is provided an attack tracing apparatus, applied to a browser, including:
the system comprises an indication information sending module, a server and a processing module, wherein the indication information sending module is used for sending indication information to the server if the attacker is detected to have an attack behavior on user equipment, and the indication information is used for indicating the attack behavior;
the attack tracing instruction receiving module is used for receiving an attack tracing instruction sent by the server;
and the attack behavior tracing module is used for tracing the source of the attack behavior of the attacker according to the attack tracing instruction.
In one embodiment, the attack behavior tracing module is configured to:
generating a first page according to the attack tracing instruction and displaying the first page on the user equipment, wherein the first page is used for indicating to update Flash;
receiving a Flash updating instruction input by a user on the first page;
acquiring the permission of the Flash application to access a camera and a microphone of the user equipment according to the Flash updating instruction;
after the use permission of the camera and the microphone is obtained, a target flash application is generated;
starting the camera and the microphone through the target flash application, and acquiring photo information of an attacker through the camera and acquiring sound information of the attacker through the microphone;
and sending the photo information and the sound information to the server.
In one embodiment, the attack behavior tracing module is configured to:
sending an opposite end connection request to a target device according to the attack tracing instruction;
receiving an SDP (service description protocol) packet body responded by the target equipment according to the end-to-end connection request;
obtaining the IP address of the user equipment by regularly filtering an SDP inclusion;
and sending the IP address of the user equipment to the server.
In one embodiment, the attack behavior tracing module is configured to:
acquiring characteristic information of the browser according to the attack tracing instruction;
performing hash conversion on the characteristic information to generate an ID of the user equipment;
and sending the ID of the user equipment to the server.
In one embodiment, the attack behavior tracing module is configured to:
polling each IP in the network segment of the local area network of the user equipment according to the attack tracing instruction to obtain the use state of each IP in the network segment of the local area network and the number of the IPs in the network segment of the local area network;
and sending the IP number and the use state of each IP to the server.
In one embodiment, the attack behavior tracing module is configured to:
generating a target Iframe page according to the attack tracing instruction and displaying the target Iframe page on the user equipment, wherein the target Iframe page is a login page of a target website;
filling an account password which is pre-stored by the browser and used for logging in the target website into a page of the target Iframe;
inquiring a DOM element corresponding to the page of the target Iframe, and acquiring the account password;
and sending the account password to the server.
In one embodiment, the attack behavior tracing module is configured to:
generating a second page according to the attack tracing instruction, wherein an execution function is added in a title of the second page;
executing the execution function, and acquiring user information pre-stored in the browser, wherein the user information comprises an account password and information of a user bookmark favorite;
and sending the user information to the server.
According to a third aspect of the embodiments of the present disclosure, an electronic device is provided, where the electronic device includes a processor and a memory, where the memory stores at least one computer instruction, and the instruction is loaded and executed by the processor to implement the steps performed in the attack tracing method according to any one of the first aspect.
According to a fourth aspect of the embodiments of the present disclosure, there is provided a computer-readable storage medium, in which at least one computer instruction is stored, where the instruction is loaded and executed by a processor to implement the steps performed in the attack tracing method according to any one of the first aspect.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
Fig. 1 is a flowchart of an attack tracing method provided by an embodiment of the present disclosure;
fig. 2 is a structural diagram of an attack tracing apparatus provided in the embodiment of the present disclosure;
fig. 3 is a block diagram of an electronic device provided in an embodiment of the present disclosure.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
Fig. 1 is a flowchart of an attack tracing method provided by an embodiment of the present disclosure. As shown in fig. 1, the method includes:
s101, if the attack behavior of an attacker on user equipment is detected, sending indication information to a server, wherein the indication information is used for indicating the attack behavior.
Illustratively, the attack behavior of an attacker on a user device may be monitored by a firewall, security guard, or like application.
S102, receiving an attack tracing instruction sent by the server;
further, after receiving the indication information sent by the browser, the server sends an attack tracing instruction to the browser.
S103, tracing the attack behavior of the attacker according to the attack tracing instruction.
How to trace the source of the attack behavior of the attacker according to the attack tracing instruction is described below.
In one embodiment, the tracing the attacker according to the attack tracing instruction includes:
generating a first page according to the attack tracing instruction and displaying the first page on the user equipment, wherein the first page is used for indicating to update Flash;
receiving a Flash updating instruction input by a user on the first page;
acquiring the permission of the Flash application to access a camera and a microphone of the user equipment according to the Flash updating instruction;
after the use permission of the camera and the microphone is obtained, a target flash application is generated;
starting the camera and the microphone through the target flash application, and acquiring photo information of an attacker through the camera and acquiring sound information of the attacker through the microphone;
and sending the photo information and the sound information to the server.
Illustratively, in this embodiment, the size of the target flash application is smaller than or equal to the preset pixel value, so that the target flash application is not easily perceived by an attacker. For example, the target flash application may be a flash application of 1 px.
In one embodiment, the tracing the attacker according to the attack tracing instruction includes:
sending an opposite end connection request to a target device according to the attack tracing instruction;
receiving a Session Description Protocol (SDP) packet body responded by the target device according to the end-to-end connection request;
obtaining an Internet Protocol (IP) address of the user equipment by regularly filtering an SDP inclusion;
and sending the IP address of the user equipment to the server.
Illustratively, the peer-to-peer P2P connection with the target device may be created by determining the browser model and invoking the webRTC function of the browser itself. For example, the webRTC function of the google browser is webkittcpeerconnection, and the webRTC function of the firefox browser is mozRTCPeerConnection.
In this embodiment, the browser is a google browser, and the target device is a google server stun: stun.l.google.com: 19302. A Google browser on user equipment establishes a P2P connection between the Google server stun and the stun server stun 19302 by calling webkitTCPeerconnection, sends a P2P connection request to the Google server stun and receives a packet SDP responded by the Google server stun and the stun server stun according to the P2P connection request, wherein the P2P connection is between the Google server stun and the stun server com 19302; and obtaining the IP address of the user equipment by regularly filtering the SDP inclusion content.
In one embodiment, the tracing the attacker according to the attack tracing instruction includes:
acquiring characteristic information of the browser according to the attack tracing instruction;
performing hash conversion on the characteristic information to generate an ID of the user equipment;
and sending the ID of the user equipment to the server.
The characteristic information of the browser is a User Agent (UA) of the browser. According to the method, information such as browser default language, device color width and color depth values, memory values allocated by the browser, Central Processing Unit (CPU) core number, screen resolution, display information, CPU model, operating system, whether the browser starts privacy protection, browser plug-in information, font library, audio fingerprint and the like is obtained by the browser UA, and then hash conversion is carried out to generate unique identification Information (ID) of the user equipment.
In one embodiment, the tracing the attacker according to the attack tracing instruction includes:
polling each IP in the network segment of the local area network of the user equipment according to the attack tracing instruction to obtain the use state of each IP in the network segment of the local area network and the number of the IPs in the network segment of the local area network;
and sending the IP number and the use state of each IP to a server.
Illustratively, the Asynchronous polling request is generated by a timer with Asynchronous Javascript And XML (Extensible Markup Language), ajax). Polling each IP in a network segment of a local area network of user equipment after generating an asynchronous polling request; and acquiring the use state of each IP in the network segment of the local area network and the number of the IPs in the network segment of the local area network. For example, the asynchronous polling request is sent to each IP in the network segment of the local area network, so that each IP in the network segment of the local area network is polled. And after the asynchronous polling request is sent to each IP in the network segment of the local area network, receiving a state code returned by each IP in the network segment of the local area network, determining the use state of each IP in the network segment of the local area network and the IP number in the network segment of the local area network according to each state code, and sending the use state of each IP in the network segment of the local area network and the IP number in the network segment of the local area network to a server. And after receiving the use state of each IP in the network segment of the local area network and the IP number in the network segment of the local area network, the server positions the network environment of the attacker according to the use state of each IP in the network segment of the local area network and the IP number in the network segment of the local area network.
In one embodiment, the tracing the attacker according to the attack tracing instruction includes:
generating a target Iframe page according to the attack tracing instruction and displaying the target Iframe page on the user equipment, wherein the target Iframe page is a login page of a target website;
filling an account password which is pre-stored by the browser and used for logging in the target website into a page of the target Iframe;
inquiring a DOM element corresponding to the page of the target Iframe, and acquiring the account password;
and sending the account password to the server.
Illustratively, in the present embodiment, the size of the target Iframe page is less than or equal to the predetermined pixel value, so that the target Iframe page is not easily perceived by an attacker. For example, the target Iframe page may be a 1px Iframe page. If the account password for automatically filling and logging in the target website is opened by the attacker browser, the account password for logging in the target website, which is stored in advance, is automatically filled into the page of the Iframe by the browser. Inquiring a DOM element corresponding to the page of the target Iframe to obtain the account password; and sending the account password to the server. After receiving the account password, the server monitors whether the account password is stolen or whether the account password is an attack initiated by the account password.
In one embodiment, the tracing the attacker according to the attack tracing instruction includes:
generating a second page according to the attack tracing instruction, wherein an execution function is added in a title of the second page;
executing the execution function, and acquiring user information pre-stored in the browser, wherein the user information comprises an account password and information of a user bookmark favorite;
and sending the user information to the server.
Illustratively, if an extension program calling the title is installed on the user equipment, an execution function is triggered, user information pre-stored in the browser is obtained by executing the execution function, the user information comprises an account password and information of a user bookmark favorite, the user information is sent to the server, and after the server receives the user information, the server analyzes specific information of an attacker according to the user information.
According to the attack tracing method provided by the embodiment of the disclosure, if an attacker is detected to have an attack behavior on user equipment, indication information is sent to a server, and the indication information is used for indicating the attack behavior; receiving an attack tracing instruction sent by the server; the attack behavior of the attacker is traced according to the attack tracing instruction, so that the attack behavior can be traced when the attack behavior of the attacker on the user equipment is detected, and the safety of the network environment is effectively improved.
Fig. 2 is a structural diagram of an attack tracing apparatus according to an embodiment of the present disclosure. The apparatus 20 is applied to a browser. As shown in fig. 2, the apparatus 20 includes:
an indication information sending module 201, configured to send indication information to a server if it is detected that an attacker has an attack behavior on a user device, where the indication information is used to indicate that the attack behavior occurs;
an attack tracing instruction receiving module 202, configured to receive an attack tracing instruction sent by a server;
and the attack behavior tracing module 203 is configured to trace the source of the attack behavior of the attacker according to the attack tracing instruction.
In one embodiment, the attack behavior tracing module 203 is configured to:
generating a first page according to the attack tracing instruction and displaying the first page on the user equipment, wherein the first page is used for indicating to update Flash;
receiving a Flash updating instruction input by a user on the first page;
acquiring the permission of the Flash application to access a camera and a microphone of the user equipment according to the Flash updating instruction;
after the use permission of the camera and the microphone is obtained, a target flash application is generated;
starting the camera and the microphone through the target flash application, and acquiring photo information of an attacker through the camera and acquiring sound information of the attacker through the microphone;
and sending the photo information and the sound information to the server.
In one embodiment, the attack behavior tracing module 203 is configured to:
sending an opposite end connection request to a target device according to the attack tracing instruction;
receiving an SDP (service description protocol) packet body responded by the target equipment according to the end-to-end connection request;
obtaining the IP address of the user equipment by regularly filtering an SDP inclusion;
and sending the IP address of the user equipment to the server.
In one embodiment, the attack behavior tracing module 203 is configured to:
acquiring characteristic information of the browser according to the attack tracing instruction;
performing hash conversion on the characteristic information to generate an ID of the user equipment;
and sending the ID of the user equipment to the server.
In one embodiment, the attack behavior tracing module 203 is configured to:
polling each IP in the network segment of the local area network of the user equipment according to the attack tracing instruction to obtain the use state of each IP in the network segment of the local area network and the number of the IPs in the network segment of the local area network;
and sending the IP number and the use state of each IP to the server.
In one embodiment, the attack behavior tracing module 203 is configured to:
generating a target Iframe page according to the attack tracing instruction and displaying the target Iframe page on the user equipment, wherein the target Iframe page is a login page of a target website;
filling an account password which is pre-stored by the browser and used for logging in the target website into a page of the target Iframe;
inquiring a DOM element corresponding to the page of the target Iframe, and acquiring the account password;
and sending the account password to the server.
In one embodiment, the attack behavior tracing module 203 is configured to:
generating a second page according to the attack tracing instruction, wherein an execution function is added in a title of the second page;
executing the execution function, and acquiring user information pre-stored in the browser, wherein the user information comprises an account password and information of a user bookmark favorite;
and sending the user information to the server.
The implementation process and technical effects of the attack behavior tracing apparatus provided by the embodiment of the present disclosure can be seen in the embodiment of fig. 1, and are not described herein again.
Fig. 3 is a block diagram of an electronic device according to an embodiment of the disclosure. As shown in fig. 3, the electronic device 30 includes:
a processor 301 and a memory 302, wherein the memory 302 stores at least one computer instruction, and the instruction is loaded and executed by the processor 301 to implement the attack tracing method described in the above method embodiment.
Based on the attack behavior tracing method described in the embodiment corresponding to fig. 1, an embodiment of the present disclosure further provides a computer-readable storage medium, for example, the non-transitory computer-readable storage medium may be a Read Only Memory (ROM), a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like. The storage medium stores computer instructions for executing the attack tracing method described in the embodiment corresponding to fig. 1, which is not described herein again.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
Claims (10)
1. An attack tracing method is applied to a browser and comprises the following steps:
if the attack behavior of an attacker on user equipment is detected, sending indication information to a server, wherein the indication information is used for indicating the attack behavior;
receiving an attack tracing instruction sent by the server;
and tracing the source of the attack behavior of the attacker according to the attack tracing instruction.
2. The method of claim 1, wherein tracing the attacker according to the attack tracing instruction comprises:
generating a first page according to the attack tracing instruction and displaying the first page on the user equipment, wherein the first page is used for indicating to update Flash;
receiving a Flash updating instruction input by a user on the first page;
acquiring the permission of the Flash application to access a camera and a microphone of the user equipment according to the Flash updating instruction;
after the use permission of the camera and the microphone is obtained, a target flash application is generated;
starting the camera and the microphone through the target flash application, and acquiring photo information of an attacker through the camera and acquiring sound information of the attacker through the microphone;
and sending the photo information and the sound information to the server.
3. The method of claim 1, wherein tracing the attacker according to the attack tracing instruction comprises:
sending an opposite end connection request to a target device according to the attack tracing instruction;
receiving an SDP (service description protocol) packet body responded by the target equipment according to the end-to-end connection request;
obtaining the IP address of the user equipment by regularly filtering an SDP inclusion;
and sending the IP address of the user equipment to the server.
4. The method of claim 1, wherein tracing the attacker according to the attack tracing instruction comprises:
acquiring characteristic information of the browser according to the attack tracing instruction;
performing hash conversion on the characteristic information to generate an ID of the user equipment;
and sending the ID of the user equipment to the server.
5. The method of claim 1, wherein tracing the attacker according to the attack tracing instruction comprises:
polling each IP in the network segment of the local area network of the user equipment according to the attack tracing instruction to obtain the use state of each IP in the network segment of the local area network and the number of the IPs in the network segment of the local area network;
and sending the IP number and the use state of each IP to the server.
6. The method of claim 1, wherein tracing the attacker according to the attack tracing instruction comprises:
generating a target Iframe page according to the attack tracing instruction and displaying the target Iframe page on the user equipment, wherein the target Iframe page is a login page of a target website;
filling an account password which is pre-stored by the browser and used for logging in the target website into a page of the target Iframe;
inquiring a DOM element corresponding to the page of the target Iframe, and acquiring the account password;
and sending the account password to the server.
7. The method of claim 1, wherein tracing the attacker according to the attack tracing instruction comprises:
generating a second page according to the attack tracing instruction, wherein an execution function is added in a title of the second page;
executing the execution function, and acquiring user information pre-stored in the browser, wherein the user information comprises an account password and information of a user bookmark favorite;
and sending the user information to the server.
8. An attack tracing apparatus, applied to a browser, includes:
the system comprises an indication information sending module, a server and a processing module, wherein the indication information sending module is used for sending indication information to the server if the attacker is detected to have an attack behavior on user equipment, and the indication information is used for indicating the attack behavior;
the attack tracing instruction receiving module is used for receiving an attack tracing instruction sent by the server;
and the attack behavior tracing module is used for tracing the source of the attack behavior of the attacker according to the attack tracing instruction.
9. An electronic device, comprising a processor and a memory, wherein the memory stores at least one computer instruction, and the instruction is loaded and executed by the processor to implement the steps executed in the attack tracing method according to any one of claims 1 to 7.
10. A computer-readable storage medium, wherein at least one computer instruction is stored in the storage medium, and the instruction is loaded and executed by a processor to implement the steps executed in the attack tracing method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111577925.9A CN114363022B (en) | 2021-12-22 | 2021-12-22 | Attack tracing method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111577925.9A CN114363022B (en) | 2021-12-22 | 2021-12-22 | Attack tracing method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114363022A true CN114363022A (en) | 2022-04-15 |
| CN114363022B CN114363022B (en) | 2024-05-24 |
Family
ID=81101395
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111577925.9A Active CN114363022B (en) | 2021-12-22 | 2021-12-22 | Attack tracing method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114363022B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105471883A (en) * | 2015-12-10 | 2016-04-06 | 中国电子科技集团公司第三十研究所 | Tor network tracing system and tracing method based on web injection |
| US20170237773A1 (en) * | 2016-02-16 | 2017-08-17 | Cylance, Inc. | Endpoint-based man in the middle attack detection using machine learning models |
| CN107341375A (en) * | 2016-12-09 | 2017-11-10 | 北京安天网络安全技术有限公司 | A kind of method and system for the attacker that traced to the source based on Web page picture secret mark |
| CN108616538A (en) * | 2018-04-28 | 2018-10-02 | 北京网思科平科技有限公司 | Attacker's formation gathering method, system, terminal, server and its storage medium |
| CN111898128A (en) * | 2020-08-04 | 2020-11-06 | 北京丁牛科技有限公司 | Defense method and device for cross-site scripting attack |
| CN113676485A (en) * | 2021-08-27 | 2021-11-19 | 中国电信股份有限公司 | Virtual reality interaction method and device, storage medium and electronic equipment |
-
2021
- 2021-12-22 CN CN202111577925.9A patent/CN114363022B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105471883A (en) * | 2015-12-10 | 2016-04-06 | 中国电子科技集团公司第三十研究所 | Tor network tracing system and tracing method based on web injection |
| US20170237773A1 (en) * | 2016-02-16 | 2017-08-17 | Cylance, Inc. | Endpoint-based man in the middle attack detection using machine learning models |
| CN107341375A (en) * | 2016-12-09 | 2017-11-10 | 北京安天网络安全技术有限公司 | A kind of method and system for the attacker that traced to the source based on Web page picture secret mark |
| CN108616538A (en) * | 2018-04-28 | 2018-10-02 | 北京网思科平科技有限公司 | Attacker's formation gathering method, system, terminal, server and its storage medium |
| CN111898128A (en) * | 2020-08-04 | 2020-11-06 | 北京丁牛科技有限公司 | Defense method and device for cross-site scripting attack |
| CN113676485A (en) * | 2021-08-27 | 2021-11-19 | 中国电信股份有限公司 | Virtual reality interaction method and device, storage medium and electronic equipment |
Non-Patent Citations (1)
| Title |
|---|
| 李晓云: "基于浏览器脚本注入的追踪溯源技术研究", 中国优秀硕士学位论文全文数据库, 15 August 2019 (2019-08-15), pages 18 - 42 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114363022B (en) | 2024-05-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11886619B2 (en) | Apparatus and method for securing web application server source code | |
| JP4395178B2 (en) | Content processing system, method and program | |
| US20180241774A1 (en) | Detecting man-in-the-browser attacks | |
| CN104767775B (en) | Web application information push method and system | |
| EP3136656B1 (en) | Information sharing method and device | |
| JP2014203464A (en) | Client based local malware detection method | |
| EP3830726B1 (en) | Content policy based notification of application users about malicious browser plugins | |
| CN113645253B (en) | Attack information acquisition method, device, equipment and storage medium | |
| CN103207863A (en) | Page cross-domain interacting method and terminal | |
| US8904492B2 (en) | Method of controlling information processing system, computer-readable recording medium storing program for controlling apparatus | |
| CN109672658B (en) | JSON hijacking vulnerability detection method, device, equipment and storage medium | |
| US20190222587A1 (en) | System and method for detection of attacks in a computer network using deception elements | |
| Shamsi et al. | Clicksafe: Providing security against clickjacking attacks | |
| CN109446801B (en) | Method, device, server and storage medium for detecting simulator access | |
| Kaur et al. | Browser fingerprinting as user tracking technology | |
| CN114157568B (en) | Browser secure access method, device, equipment and storage medium | |
| EP2973192A1 (en) | Online privacy management | |
| US11115462B2 (en) | Distributed system | |
| CN114363022B (en) | Attack tracing method and device, electronic equipment and storage medium | |
| CN110334301B (en) | Page restoration method and device | |
| CN108509229B (en) | Window cross-domain control method, terminal equipment and computer readable storage medium | |
| US20190347407A1 (en) | Detecting client-side exploits in web applications | |
| CN114254218A (en) | External link access acceleration method and device and computer storage medium | |
| CN112351009A (en) | Network security protection method and device, electronic equipment and readable storage medium | |
| KR101731838B1 (en) | Apparatus and Method for Scanning Vulnerability of Web Site Based Java Script |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |