CN114531257A - Network attack handling method and device - Google Patents
Network attack handling method and device Download PDFInfo
- Publication number
- CN114531257A CN114531257A CN202011225305.4A CN202011225305A CN114531257A CN 114531257 A CN114531257 A CN 114531257A CN 202011225305 A CN202011225305 A CN 202011225305A CN 114531257 A CN114531257 A CN 114531257A
- Authority
- CN
- China
- Prior art keywords
- attack
- abnormal data
- network
- timer
- received
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 230000002159 abnormal effect Effects 0.000 claims abstract description 42
- 230000005540 biological transmission Effects 0.000 claims abstract description 16
- 230000015654 memory Effects 0.000 claims description 17
- 238000012545 processing Methods 0.000 claims description 17
- 238000004590 computer program Methods 0.000 claims description 13
- 230000002547 anomalous effect Effects 0.000 claims 1
- 230000000903 blocking effect Effects 0.000 abstract description 6
- 238000010586 diagram Methods 0.000 description 7
- 238000012544 monitoring process Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000001960 triggered effect Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012806 monitoring device Methods 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 230000002035 prolonged effect Effects 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
- H04L43/106—Active monitoring, e.g. heartbeat, ping or trace-route using time related information in packets, e.g. by adding timestamps
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/16—Threshold monitoring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
Abstract
The embodiment of the disclosure provides a network attack handling method and device, relates to the technical field of network security, and can realize timely blocking of abnormal attacks and automation. The specific scheme comprises the following steps: under the condition that the abnormal data exist in the network and the resource capacity occupied by the abnormal data is larger than a threshold value, the transmission of the abnormal data is forbidden, and a timer is started; and if the attack warning information is received at the first moment before the timer reaches the preset time length, setting the timer to count again, and still forbidding the transmission of the abnormal data until the time length of the timer reaches the preset time length and the attack warning information is not received within the preset time length.
Description
Technical Field
The present disclosure relates to the field of network security technologies, and in particular, to a method and an apparatus for handling network attacks.
Background
In order to avoid data leakage caused by hacking, most enterprises have a relatively perfect Distributed Denial of Service (DDoS) attack protection product.
At present, after receiving alarm information, existing DDoS attack protection products generally adopt modes such as mails and short messages to prompt that potential safety hazards exist in a user network. The user can complete subsequent protection operation according to the prompt so as to improve the safety of data. However, if the user does not check the prompt in time or does not complete the subsequent protection operation in time, the security of the data may be threatened, and thus, the security cannot be effectively guaranteed.
Disclosure of Invention
The disclosure provides a network attack handling method and device, which at least solve the problem that the security of data in the related technology cannot be guaranteed.
In order to achieve the purpose, the technical scheme is as follows:
in a first aspect, the present disclosure provides a network attack handling method, including: under the condition that the abnormal data exist in the network and the resource capacity occupied by the abnormal data is larger than a threshold value, the transmission of the abnormal data is forbidden, and a timer is started; and if the attack warning information is received at the first moment before the timer reaches the preset duration, controlling the timer to count again, and still forbidding the transmission of the abnormal data until the duration of the timer reaches the preset duration and the attack warning information is not received within the preset duration.
The disclosure provides a network attack handling method, which triggers blocking when determining that abnormal data exists and the occupied resource capacity of the abnormal data is greater than a threshold value. And after the attack is received again within the preset plugging duration, the timer is restarted until the attack warning information is not received. And after receiving the alarm, determining whether to trigger the alarm and block according to a preset judgment mode. When triggered, starting a corresponding protection task; frequent and intermittent attacks can be effectively protected based on the set protection rules, the protection task is prevented from being started frequently, time and resources are wasted, manual participation is not needed, and the timeliness and the reliability of protection are greatly improved.
In a second aspect, the present disclosure provides a network attack handling apparatus, which includes a determining module and a processing module; specifically, the determining module is configured to, when it is determined that abnormal data exists in the network and the resource capacity occupied by the abnormal data is greater than a threshold, prohibit transmission of the abnormal data, and start a timer; and the processing module is used for controlling the timer to count again and still forbid the transmission of abnormal data if the attack warning information is received at the first moment before the timer reaches the preset duration, until the duration of the timer reaches the preset duration and the attack warning information is not received within the preset duration.
In a third aspect, the present disclosure provides a computer-readable storage medium having a computer program stored thereon, wherein the computer program is arranged to perform the steps of any of the above method embodiments when executed.
In a fourth aspect, the present disclosure provides an electronic device comprising a memory and a processor, wherein the memory stores a computer program, and the processor is configured to execute the computer program to perform the steps in any of the above method embodiments.
Reference may be made to the detailed description of the implementations of the first aspect; moreover, the beneficial effects of the second aspect to the fourth aspect and various implementation manners thereof may refer to the beneficial effect analysis in the implementation manner of the first aspect, and are not described herein again.
These and other aspects of the disclosure will be more readily apparent from the following description.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present disclosure, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present disclosure, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a block diagram of a network attack handling apparatus according to an embodiment of the present disclosure;
FIG. 2 is a flow chart of a network attack handling method according to an embodiment of the present disclosure;
FIG. 3 is a schematic diagram of a network attack handling method according to an embodiment of the present disclosure;
FIG. 4 is a block diagram of a network attack handling apparatus according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of an alternative electronic device according to an embodiment of the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of the embodiments of the present disclosure, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
The terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present disclosure, "a plurality" means two or more unless otherwise specified.
Before describing the network attack handling method provided by the present disclosure in detail, the application scenario and implementation environment related to the present disclosure are briefly described.
First, a brief description is given of an application scenario to which the present disclosure relates.
At present, Distributed Denial of Service (DDoS) is one of the most common network attack modes in the internet, and attacks a target server through a large amount of error traffic to block the network and exhaust the performance of the server, so that the server is crashed, and the access of normal users is influenced.
With the increasing of network traffic, the network attacks on users have increased, and network security has become the focus of various fields. At present, the network security protection market in China has been on an initial scale, and each company has a relatively perfect DDoS attack protection product. After most DDoS attack protection products receive the alarm information, the DDoS attack protection products usually adopt modes of manpower, mails, short messages and the like to inform users, and the users carry out subsequent protection operation; when the user does not view or process the data in time, a problem of data security will occur.
In order to solve the above problem, the present disclosure provides a network attack handling method and apparatus. The method can automatically perform plugging processing when receiving the attack warning, and when the same attack source receives the attack warning again in the plugging time, the plugging duration is prolonged until the attack is not received. Namely, the received attack can be automatically protected, and the timeliness of attack processing is improved.
As shown in fig. 1, which illustrates a schematic diagram of one implementation environment in which the present disclosure is applicable. The implementation environment may include an attack monitoring system 110 and a cyber attack processing device 120, and the attack monitoring system 110 may establish a connection with the cyber attack processing device 120 through a network (a wired network or a wireless network).
The attack monitoring system 110 is a monitoring device, i.e., a network attack monitoring device, configured to receive abnormal and attack traffic from the whole network. Specifically, in the detection network segment, if a huge persistent flow different from the previous day is generated and is likely to suffer from an unknown network attack, the corresponding alarm information is sent to the network attack processing device 120. The attack monitoring system 110 may be a mobile phone, a tablet computer, a notebook computer, a desktop computer, a portable computer, etc., which is not limited in this disclosure.
Wherein, the network attack disposal device 120 receives the abnormality and attack traffic alarm information of the whole network from the attack monitoring system (Genie). The cyber attack processing unit 120 may be a single server, or may be a server cluster including a plurality of servers, which is not limited in the present disclosure.
Fig. 2 is a flowchart illustrating a network attack handling method according to an exemplary embodiment, where the network attack handling method is used in a network attack handling apparatus, as shown in fig. 2, and the method may include steps 220 to 230.
220. And under the condition that the abnormal data exist in the network and the resource capacity occupied by the abnormal data is larger than the threshold value, the transmission of the abnormal data is forbidden, and a timer is started.
In this step, the Network attack processing apparatus 120 receives abnormal information and attack traffic alarm information from the entire Network from the attack monitoring system 110 of the Core Network (CN).
When the alarm information is received, analyzing attack source specific information included in the alarm information, such as: attack type, start time, traffic size, target IP, target port, etc.
The network attack processing device 120 determines whether to perform blocking according to the data of the alarm information and a preset attack determination mode. The determination method includes whether a threshold is exceeded, whether the threshold falls within a numerical range, whether a characteristic factor appears, and the like.
In a specific embodiment, when it is determined that the resource capacity occupied by the abnormal data in the alarm information is greater than the threshold, blocking is performed, and a timer is started. Wherein, the threshold value is that the flow rate of the abnormal data exceeds 50G.
230. And if the attack warning information is received at the first moment before the timer reaches the preset duration, controlling the timer to count again, and still forbidding the transmission of the abnormal data until the duration of the timer reaches the preset duration and the attack warning information is not received within the preset duration. The 50G is set without affecting normal use by other users.
In this step, a preset plugging strategy is executed according to the possible occurrence.
In the process of executing the plugging with the preset time length, alarm information from the same attack source is not received, and the plugging is stopped when the preset plugging time length is reached.
And receiving alarm information from the same attack source in the process of executing the plugging of the preset time. In a specific embodiment, as shown in fig. 3, such as: the occlusion starts from time 0, and the occlusion duration T corresponds to time T2 (where T2 is T) to end the occlusion. However, when the alarm information from the same attack source is received at time T1, the block is extended backward by a preset time T from time T1 when the alarm information is received to time T3 (where T3-T1 is T), and so on; and ending the plugging until no new alarm is received.
Further, still include:
210. and receiving alarm information of the abnormal data.
In this step, the abnormal data alarm information sent from the attack monitoring system 110 is received.
Further, the preset duration is determined according to the average value of the attack event intermittence. Specifically, the preset plugging time is 10 minutes.
Further, the preset plugging time is not more than 30 minutes. In particular, one of the reasons for avoiding too long blocking is to avoid a situation where a traffic surge is determined to be an attack due to normal traffic operation (e.g., synchronous data, etc.).
Illustratively, after the network attack handling apparatus 120 receives the alarm information of the abnormal data; analyzing the size occupied by abnormal data flow, and automatically triggering the blocking processing of the flow when the occupied size exceeds a set threshold value. When the plugging is triggered for the first time, the plugging time is timed for T minutes.
Receiving a new alarm during plugging; extending the plugging time to a time T2 from a time T1 when the alarm is received (T2-T1 ═ T); and ending the plugging until no new alarm is received.
The technical scheme provided by the embodiment at least has the following beneficial effects: and after receiving the attack traffic alarm information, analyzing an attack source attribute value contained in the alarm information. When the attribute value of the attack source exceeds a preset threshold value, triggering an alarm, and executing plugging for a preset time length; and at a certain moment within the preset plugging execution time, receiving the alarm information of the same attack source again, and prolonging the plugging time. And after receiving the alarm, determining whether to trigger the alarm and block according to a judgment mode preset by a client. When triggered, starting a corresponding protection task; when the protection task is finished is automatically judged based on the set protection rule without manual participation, and the timeliness and the reliability of protection are greatly improved.
The foregoing describes a solution provided by an embodiment of the present disclosure, primarily from a method perspective. To implement the above functions, it includes hardware structures and/or software modules for performing the respective functions. Those of skill in the art will readily appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.
Fig. 4 is a block diagram illustrating a network attack handling device that may be used to perform the network attack handling method illustrated in fig. 1, according to an example embodiment. As one implementation, the apparatus may include a determining module 410, a processing module 420, and a receiving module 430.
A determining module 410, configured to, when it is determined that abnormal data exists in the network and the resource capacity occupied by the abnormal data is greater than a threshold, prohibit transmission of the abnormal data, and start a timer; for example, in conjunction with fig. 2, the determining module 410 may be configured to perform S220.
The processing module 420 is configured to, if the attack warning information is received at a first time before the timer reaches the preset time length, set the timer to count again, and still prohibit transmission of the abnormal data until the time length of the timer reaches the preset time length and the attack warning information is not received within the preset time length. For example, in conjunction with fig. 2, the processing module 420 may be configured to perform S230.
Further, still include: the receiving module 430 is configured to receive alarm information of the abnormal data. For example, in conjunction with fig. 2, the receiving module 430 may be configured to perform S230.
Further, the preset duration is determined according to the average value of the attack event intermittence.
Of course, the network attack handling apparatus provided by the embodiments of the present disclosure includes, but is not limited to, the above modules, and may also include, for example, a storage module. The storage module may be configured to store the program code of the network attack handling apparatus, and may also be configured to store data generated, received, and the like during the operation of the network attack handling apparatus.
According to another aspect of the embodiments of the present disclosure, there is also provided an electronic device for implementing the network attack handling method, where the electronic device may be applied in, but not limited to, a server. As shown in fig. 5, the electronic device comprises a memory 510 and a processor 520, wherein the memory 510 stores a computer program, and the processor 520 is configured to perform the steps of any of the above method embodiments by the computer program.
Further, in this embodiment, the electronic device may be located in at least one network device of a plurality of network devices of a computer network.
Further, in the present embodiment, the processor 520 may be configured to execute the steps shown in fig. 1 by a computer program.
Alternatively, it can be understood by those skilled in the art that the structure shown in fig. 5 is only an illustration, and the electronic device may also be a terminal device such as a smart phone (e.g., an Android phone, an iOS phone, etc.), a tablet computer, a palmtop computer, and a Mobile Internet Device (MID), a PAD, and the like. Fig. 5 is a diagram illustrating a structure of the electronic device. For example, the electronic device may also include more or fewer components (e.g., network interfaces, etc.) than shown in FIG. 5, or have a different configuration than shown in FIG. 5.
The memory 510 may be used to store software programs and modules, such as program instructions/modules corresponding to the network attack handling method and apparatus in the embodiments of the present disclosure, and the processor 520 executes various functional applications and data processing by running the software programs and modules stored in the memory 510, that is, implementing the network attack handling method described above. The memory 510 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, memory 510 may further include memory located remotely from processor 520, which may be connected to the terminal over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof. The memory 510 may be, but is not limited to, storing program steps of the network attack handling method. In addition, other module units in the network attack handling apparatus may also be included, but are not limited to these, and are not described in this example again.
Optionally, the transmitting device 540 is used for receiving or sending data via a network. Examples of the network may include a wired network and a wireless network. In one example, the transmission device 540 includes a Network adapter (NIC) that can be connected to a router via a Network cable and other Network devices to communicate with the internet or a local area Network. In one example, the transmission device 540 is a Radio Frequency (RF) module, which is used for communicating with the internet in a wireless manner.
In addition, the electronic device further includes: the display 540 is used for displaying the alarm push of the suspicious account; and a connection bus 550 for connecting the respective module parts in the above-described electronic apparatus.
Optionally, another embodiment of the present disclosure further provides a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are executed on a computer, the instructions cause the computer to perform the steps performed by the network attack handling apparatus in the method flow shown in the foregoing method embodiment.
Optionally, in another embodiment of the present disclosure, a computer program product is further provided, where the computer program product includes instructions that, when executed on a computer, cause the computer to perform the steps performed by the network attack handling apparatus in the method flow shown in the above method embodiment.
Alternatively, in this embodiment, a person skilled in the art may understand that all or part of the steps in the methods of the foregoing embodiments may be implemented by a program instructing hardware associated with the terminal device, where the program may be stored in a computer-readable storage medium, and the storage medium may include: flash disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.
The above-mentioned serial numbers of the embodiments of the present disclosure are merely for description and do not represent the merits of the embodiments.
The integrated unit in the above embodiments, if implemented in the form of a software functional unit and sold or used as a separate product, may be stored in the above computer-readable storage medium. Based on such understanding, the technical solution of the present disclosure may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing one or more computer devices (which may be personal computers, servers, network devices, etc.) to execute all or part of the steps of the methods according to the embodiments of the present disclosure.
In the above embodiments of the present disclosure, the description of each embodiment has its own emphasis, and reference may be made to the related description of other embodiments for parts that are not described in detail in a certain embodiment.
In several embodiments provided in the present disclosure, it should be understood that the disclosed client may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, a division of a unit is merely a division of a logic function, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present disclosure may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The foregoing is merely a preferred embodiment of the present disclosure, and it should be noted that modifications and embellishments could be made by those skilled in the art without departing from the principle of the present disclosure, and these should also be considered as the protection scope of the present disclosure.
Claims (8)
1. A network attack handling method, comprising:
under the condition that the abnormal data exist in the network and the resource capacity occupied by the abnormal data is larger than a threshold value, the transmission of the abnormal data is forbidden, and a timer is started;
and if the attack warning information is received at the first moment before the timer reaches the preset duration, controlling the timer to count again, and still forbidding the transmission of the abnormal data until the duration of the timer reaches the preset duration and the attack warning information is not received within the preset duration.
2. The method of claim 1, wherein prior to the step of determining that anomalous data exists in the network, further comprising: and receiving alarm information of the abnormal data.
3. The method of claim 1, wherein the predetermined duration is determined based on an average of attack event pauses.
4. A network attack handling apparatus, comprising:
the judging module is used for forbidding the transmission of the abnormal data and starting a timer under the condition that the abnormal data exists in the network and the resource capacity occupied by the abnormal data is larger than a threshold value;
and the processing module is used for controlling the timer to count again and still forbidding the transmission of the abnormal data if the attack warning information is received at the first moment before the timer reaches the preset duration, until the duration of the timer reaches the preset duration and the attack warning information is not received within the preset duration.
5. The apparatus of claim 4, further comprising:
and the receiving module is used for receiving the alarm information of the abnormal data.
6. The apparatus of claim 4, wherein the predetermined duration is determined based on an average of attack event pauses.
7. A computer-readable storage medium, in which a computer program is stored, wherein the computer program is configured to carry out the method of any one of claims 1 to 3 when executed.
8. An electronic device comprising a memory and a processor, wherein the memory has stored therein a computer program, and wherein the processor is arranged to execute the computer program to perform the method of any of claims 1 to 3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011225305.4A CN114531257A (en) | 2020-11-05 | 2020-11-05 | Network attack handling method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011225305.4A CN114531257A (en) | 2020-11-05 | 2020-11-05 | Network attack handling method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114531257A true CN114531257A (en) | 2022-05-24 |
Family
ID=81619411
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011225305.4A Pending CN114531257A (en) | 2020-11-05 | 2020-11-05 | Network attack handling method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114531257A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107493282A (en) * | 2017-08-16 | 2017-12-19 | 北京新网数码信息技术有限公司 | A kind of processing method and processing device of Scattered Attack |
| CN107958165A (en) * | 2016-10-18 | 2018-04-24 | 国民技术股份有限公司 | A kind of anti-attack system, method and electronic equipment |
| CN108206814A (en) * | 2016-12-20 | 2018-06-26 | 腾讯科技(深圳)有限公司 | A kind of method, apparatus and system for defending DNS attacks |
| CN108234404A (en) * | 2016-12-15 | 2018-06-29 | 腾讯科技(深圳)有限公司 | A kind of defence method of ddos attack, system and relevant device |
| CN110661819A (en) * | 2019-10-31 | 2020-01-07 | 杭州世导通讯有限公司 | DDOS (distributed denial of service) prevention system |
-
2020
- 2020-11-05 CN CN202011225305.4A patent/CN114531257A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107958165A (en) * | 2016-10-18 | 2018-04-24 | 国民技术股份有限公司 | A kind of anti-attack system, method and electronic equipment |
| CN108234404A (en) * | 2016-12-15 | 2018-06-29 | 腾讯科技(深圳)有限公司 | A kind of defence method of ddos attack, system and relevant device |
| CN108206814A (en) * | 2016-12-20 | 2018-06-26 | 腾讯科技(深圳)有限公司 | A kind of method, apparatus and system for defending DNS attacks |
| CN107493282A (en) * | 2017-08-16 | 2017-12-19 | 北京新网数码信息技术有限公司 | A kind of processing method and processing device of Scattered Attack |
| CN110661819A (en) * | 2019-10-31 | 2020-01-07 | 杭州世导通讯有限公司 | DDOS (distributed denial of service) prevention system |
Non-Patent Citations (3)
| Title |
|---|
| 张兆心: "《SIP代理服务器抗拒绝服务攻击自防御模型》", 通信学报, pages 2 * |
| 王琪强;尚春雷;殷正伟;杨念祖;: "网络攻击行为的自动封堵与压制系统方案简述", 网络安全技术与应用, no. 05 * |
| 陈光石;何全胜;林贵东;: "关于防御暴力破解自动封堵策略部署的探讨", 电信科学, no. 2 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11671402B2 (en) | Service resource scheduling method and apparatus | |
| EP3952423A1 (en) | Method and device for determining terminal behavior analysis | |
| CN105577608B (en) | Network attack behavior detection method and device | |
| CN109617885B (en) | Attack and subsidence host automatic judgment method and device, electronic equipment and storage medium | |
| CN106656989B (en) | Flow monitoring method and terminal | |
| CN104883680B (en) | A kind of data guard method and user terminal | |
| CN107395632B (en) | SYN Flood protection method, device, cleaning equipment and medium | |
| CN107645478B (en) | Network attack defense system, method and device | |
| CN109067571B (en) | Electronic device, network configuration method thereof and storage medium | |
| CN107666473A (en) | The method and controller of a kind of attack detecting | |
| CN112039887A (en) | CC attack defense method and device, computer equipment and storage medium | |
| CN105373891A (en) | Smart grid data management and transmission system | |
| CN113726683A (en) | Access current limiting method, device, equipment, storage medium and computer program product | |
| CN103347031B (en) | A kind of method and apparatus taking precautions against ARP message aggression | |
| CN107483514A (en) | Attack monitoring device and smart machine | |
| CN105516093B (en) | A kind of method and router of anti-loiter network | |
| CN114531257A (en) | Network attack handling method and device | |
| CN112152895A (en) | Intelligent household equipment control method, device, equipment and computer readable medium | |
| CN113765914B (en) | CC attack protection method, system, computer equipment and readable storage medium | |
| CN111866003B (en) | Risk assessment method and device for terminal | |
| US20190281461A1 (en) | Detecting unauthorized access to a wireless network | |
| CN110650135B (en) | Node processing method, related equipment and computer readable storage medium | |
| CN112989323B (en) | Process detection method, device, terminal and storage medium | |
| CN112153036B (en) | Security defense method and system based on proxy server | |
| CN105095702B (en) | A kind of superuser right control method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |