CN115086030A - Fingerprint attack protection method and device for HTTPS encrypted traffic, electronic equipment and medium - Google Patents
Fingerprint attack protection method and device for HTTPS encrypted traffic, electronic equipment and medium Download PDFInfo
- Publication number
- CN115086030A CN115086030A CN202210674206.7A CN202210674206A CN115086030A CN 115086030 A CN115086030 A CN 115086030A CN 202210674206 A CN202210674206 A CN 202210674206A CN 115086030 A CN115086030 A CN 115086030A
- Authority
- CN
- China
- Prior art keywords
- https
- attack protection
- browser
- data request
- fingerprint
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44521—Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
- G06F9/44526—Plug-ins; Add-ons
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The disclosure provides a fingerprint attack protection method, a fingerprint attack protection device, electronic equipment and a medium for HTTPS encrypted traffic, wherein the fingerprint attack protection method for the HTTPS encrypted traffic comprises the following steps: acquiring a data request sent by a browser; detecting whether the browser starts HTTPS fingerprint attack protection; checking the setting of the browser which enables HTTPS fingerprint attack protection; modifying the appointed field of the HTTPS header of the data request according to the set checking result so as to adjust the size of the resource corresponding to the received data request; and sending a data request for modifying the HTTPS header to the server side. By the embodiment of the disclosure, the security and reliability of network data interaction are improved.
Description
Technical Field
The disclosure relates to the technical field of networks, and in particular relates to a fingerprint attack protection method and device for HTTPS encrypted traffic, electronic equipment and a medium.
Background
Currently, HTTPS (HyperText Transfer Protocol Security) is a combination of HTTP (HyperText Transfer Protocol) and SSL (Secure Socket Layer)/TSL (Transport Layer Security) protocols, provides encryption, decryption and authentication services, and is a Secure data Transfer Protocol widely used in network applications. Aiming at the fingerprint attack of an HTTPS data packet, the access content and the privacy data of a website user are obtained by collecting HTTPS flow and analyzing the general characteristics, the static element individual characteristics and the inherent law of the website flow of a specific website, namely the fingerprint of the website, so that the security of a user account is seriously threatened.
In the related art, the HTTPS fingerprint attack protection scheme may dynamically change the traffic size by randomly adding dummy data to the data stream.
However, the HTTPS fingerprint attack protection scheme needs to modify the server logic, which may not only cause the server to operate unstably, but also cause poor HTTPS fingerprint attack protection after the virtual data packet is cleaned.
It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the present disclosure, and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
The present disclosure is directed to a fingerprint attack protection method, apparatus, electronic device, and medium for HTTPS encrypted traffic, which overcome, at least to some extent, the problem of poor effect of preventing HTTPS fingerprint attack due to the limitations and disadvantages of the related art.
According to a first aspect of the embodiments of the present disclosure, a fingerprint attack protection method for HTTPS encrypted traffic is provided, including: acquiring a data request sent by a browser; detecting whether the browser enables HTTPS fingerprint attack protection; checking the setting of the browser which enables the HTTPS fingerprint attack protection; modifying a specified field of an HTTPS header of the data request according to the set viewing result so as to adjust the size of the resource corresponding to the received data request; and sending a data request for modifying the HTTPS header to the server side.
In an exemplary embodiment of the present disclosure, modifying a specified field of an HTTPS header of the data request according to the set viewing result includes: if the situation that the JavaScript script is not enabled in the setting of the browser is determined, adding a byte range field in a designated field of an HTTPS head of the data request so as to adjust the size of the resource corresponding to the received data request.
In an exemplary embodiment of the present disclosure, further comprising: if the JavaScript script is enabled in the setting of the browser, adding a random site resource request to the data request, wherein the random site resource request is used for indicating that a resource corresponding to the data request is requested from a pre-stored site resource list in a specified data interaction mode; and sending the data request added with the random site resource request to the server side.
In an exemplary embodiment of the present disclosure, further comprising: and if the browser is determined not to enable the HTTPS fingerprint attack protection, directly sending the acquired data request to the server side.
According to a second aspect of the embodiments of the present disclosure, a fingerprint attack protection method for HTTPS encrypted traffic is provided, including: acquiring data response fed back by a server; determining whether the corresponding browser enables HTTPS fingerprint attack protection or not according to the data response; checking the setting of the browser which enables the HTTPS fingerprint attack protection;
and injecting a JavaScript script into the head label of the data request or requesting the residual resources corresponding to the data response according to the set viewing result.
In an exemplary embodiment of the present disclosure, injecting a JavaScript script into the head tag of the data request or requesting the remaining resources corresponding to the data response according to the set viewing result includes: if the browser is determined not to enable the JavaScript script, the remaining resources are requested; and if the browser is determined to enable the JavaScript script, injecting the JavaScript script into the head tag of the data request.
According to a third aspect of the embodiments of the present disclosure, there is provided a fingerprint attack protection device for HTTPS encrypted traffic, including: the acquisition module is arranged for acquiring a data request sent by the browser; the detection module is used for detecting whether the browser starts HTTPS fingerprint attack protection or not; the checking module is used for checking the setting of the browser which enables the HTTPS fingerprint attack protection; the modification module is set to modify the appointed field of the HTTPS header of the data request according to the set viewing result so as to adjust the size of the resource corresponding to the received data request; and the interaction module is configured to send the data request for modifying the HTTPS header to the server side.
According to a fourth aspect of the embodiments of the present disclosure, there is provided a fingerprint attack protection device for HTTPS encrypted traffic, including: the acquisition module is configured to acquire data response fed back by the server side; the determining module is set to determine whether the corresponding browser enables HTTPS fingerprint attack protection or not according to the data response; the checking module is used for checking the setting of the browser which enables the HTTPS fingerprint attack protection; and the interaction module is set to inject a JavaScript script into the head label of the data request or request the residual resources corresponding to the data response according to the set viewing result.
According to a fifth aspect of the present disclosure, there is provided an electronic apparatus comprising: a memory; and a processor coupled to the memory, the processor configured to perform the method of any of the above based on instructions stored in the memory.
According to a sixth aspect of the present disclosure, there is provided a computer-readable storage medium, on which a program is stored, which when executed by a processor, implements the fingerprint attack protection method for HTTPS encrypted traffic as described in any one of the above.
According to the embodiment of the disclosure, the browser plug-in is developed through a development interface provided by the browser, random resources on a site are requested to the proxy server according to the protection setting and the script setting of a user, or the length of response data is limited, the reliability of HTTPS fingerprint attack protection can be improved without modifying the interaction logic of the server, and the safety and the reliability of network data interaction are improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure. It is to be understood that the drawings in the following description are merely exemplary of the disclosure, and that other drawings may be derived from those drawings by one of ordinary skill in the art without the exercise of inventive faculty.
Fig. 1 shows a schematic diagram of an exemplary system architecture of a fingerprint attack protection scheme for HTTPS encrypted traffic to which an embodiment of the invention may be applied;
FIG. 2 is a flowchart of a fingerprint attack protection method for HTTPS encrypted traffic in an exemplary embodiment of the disclosure;
FIG. 3 is a flowchart of another method for protecting against fingerprint attacks on HTTPS encrypted traffic in an exemplary embodiment of the disclosure;
FIG. 4 is a flowchart of another method for defending against fingerprint attacks on HTTPS encrypted traffic in an exemplary embodiment of the disclosure;
FIG. 5 is a flowchart of another method for defending against fingerprint attacks on HTTPS encrypted traffic in an exemplary embodiment of the disclosure;
FIG. 6 is a flowchart of another method for defending against fingerprint attacks on HTTPS encrypted traffic in an exemplary embodiment of the disclosure;
FIG. 7 is a flowchart of another method for defending against fingerprint attacks on HTTPS encrypted traffic in an exemplary embodiment of the disclosure;
FIG. 8 is a flowchart of another method for defending against fingerprint attacks on HTTPS encrypted traffic in an exemplary embodiment of the disclosure;
FIG. 9 is a flowchart of another method for defending against fingerprint attacks on HTTPS encrypted traffic in an exemplary embodiment of the disclosure;
FIG. 10 is a block diagram of a fingerprint attack prevention device for HTTPS encrypted traffic in an exemplary embodiment of the disclosure;
FIG. 11 is a block diagram of another fingerprint attack prevention device for HTTPS encrypted traffic in an exemplary embodiment of the disclosure;
fig. 12 is a block diagram of an electronic device in an exemplary embodiment of the disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the embodiments of the present disclosure can be practiced without one or more of the specific details, or with other methods, components, devices, steps, etc. In other instances, well-known technical solutions have not been shown or described in detail to avoid obscuring aspects of the present disclosure.
Further, the drawings are merely schematic illustrations of the present disclosure, in which the same reference numerals denote the same or similar parts, and thus, a repetitive description thereof will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
Fig. 1 shows a schematic diagram of an exemplary system architecture of a fingerprint attack protection scheme for HTTPS encrypted traffic to which an embodiment of the present invention may be applied.
As shown in fig. 1, the system architecture 100 may include one or more of terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation. For example, server 105 may be a server cluster comprised of multiple servers, or the like.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may be various electronic devices having a display screen, including but not limited to smart phones, tablet computers, portable computers, desktop computers, and the like.
In some embodiments, the fingerprint attack protection method for HTTPS encrypted traffic provided by the embodiment of the present invention is generally executed by the terminal 105, and accordingly, the fingerprint attack protection apparatus for HTTPS encrypted traffic is generally disposed in the terminal device 103 (or the terminal device 101 or 102). In other embodiments, some servers may have similar functionality as the terminal device to perform the method. Therefore, the fingerprint attack protection method for the HTTPS encrypted traffic provided by the embodiment of the present invention is not limited to be executed by the terminal device.
The following detailed description of exemplary embodiments of the disclosure refers to the accompanying drawings.
Fig. 2 is a flowchart of a fingerprint attack protection method for HTTPS encrypted traffic in an exemplary embodiment of the present disclosure.
Referring to fig. 2, the fingerprint attack protection method for HTTPS encrypted traffic may include:
step S202, a data request sent by the browser is acquired.
And step S204, detecting whether the browser enables HTTPS fingerprint attack protection.
And step S206, checking the setting of the browser which enables the HTTPS fingerprint attack protection.
And step S208, modifying the appointed field of the HTTPS header of the data request according to the set checking result so as to adjust the size of the resource corresponding to the received data request.
Step S210, sending the data request for modifying the HTTPS header to the server.
According to the method and the device, the browser plug-in is developed through a development interface provided by the browser, random resources on a site are requested to the proxy server according to protection setting and script setting of a user, or the length of response data is limited, namely the load size is changed on the content level of an application layer, the flow is difficult to clean, HTTPS fingerprint identification attack based on a deep neural network can be resisted, the reliability of HTTPS fingerprint attack protection can be improved without modifying interaction logic of the server, and the safety and the reliability of network data interaction are improved.
Next, each step of the fingerprint attack protection method for HTTPS encrypted traffic will be described in detail.
In an exemplary embodiment of the present disclosure, as shown in fig. 3, modifying a specified field of an HTTPS header of the data request according to the set viewing result includes:
step S302, if the situation that the JavaScript script is not enabled in the setting of the browser is determined, adding a byte range field in a specified field of an HTTPS head of the data request so as to adjust the size of the resource corresponding to the received data request.
In an exemplary embodiment of the present disclosure, as shown in fig. 4, further includes:
step S402, if the JavaScript script is enabled in the setting of the browser, adding a random site resource request to the data request, wherein the random site resource request is used for indicating that a resource corresponding to the data request is requested from a pre-stored site resource list in a specified data interaction mode.
Step S404, sending the data request added with the random site resource request to the server side.
In an exemplary embodiment of the present disclosure, as shown in fig. 5, further includes:
step S502, if the browser is determined not to enable the HTTPS fingerprint attack protection, directly sending the acquired data request to the server side.
In an exemplary embodiment of the disclosure, a development interface provided by a browser develops a relevant browser plug-in, requests a proxy server for random resources on a site according to protection setting and script setting of a user, or limits the length of response data, and finally realizes protection of access content and privacy data of a site user.
As shown in fig. 6, the steps performed by the request processing module between the browser 602 and the proxy server 604 include:
and triggering a request processing module when the browser initiates a resource request event to the protected site.
Step 1, checking user security settings, judging whether HTTPS fingerprint attack protection is started or not, if the HTTPS fingerprint attack protection is not started, not processing data, and turning to step 6. And if the HTTPS fingerprint attack protection is started, turning to the step 2.
And 2, judging whether the browser starts a JavaScript script or not.
And 3, if the JavaScript script is not started, turning to the step 4, and if the JavaScript script is started, turning to the step 5.
And 4, changing the size of the received resource in a mode of modifying the byte-range field in the HTTP header, and turning to the step 6.
And 5, randomly requesting a resource from a pre-stored site resource list by using Ajax (data interaction mode) (the site resource list comprises URL links of site resources with different sizes), and turning to the step 6.
And 6, sending the request message to a server.
In an exemplary embodiment of the present disclosure, as shown in fig. 7, further includes:
step S702, data response fed back by the server side is obtained.
And step S704, determining whether the corresponding browser enables HTTPS fingerprint attack protection or not according to the data response.
Step S706, checking the setting of the browser which enables the HTTPS fingerprint attack protection.
Step S708, according to the set viewing result, injecting a JavaScript script into the head tag of the data request or requesting a remaining resource corresponding to the data response.
In an exemplary embodiment of the present disclosure, as shown in fig. 8, injecting a JavaScript script into the head tag of the data request or requesting the remaining resources corresponding to the data response according to the set viewing result includes:
step S802, if the JavaScript script is not enabled in the browser setting, the residual resources are requested.
Step S804, if the JavaScript script is enabled by the browser, the JavaScript script is injected into the head label of the data request.
In the above embodiments, the tag injection scripting technique means that if the code is intended to be executed as part of a rendered page and it is not present in the method, the code is typically moved to where it is used or in the bottom part of the body (after all html).
In an exemplary embodiment of the present disclosure, as shown in fig. 9, the step of executing the response processing module between the browser 902 and the proxy server 904 includes:
step 1, when receiving response data of a protected site, the browser triggers a response processing module to judge whether HTTPS fingerprint attack protection is started.
Step 2, if the HTTPS fingerprint attack protection is started, turning to step 3; and if the HTTPS fingerprint attack protection is not started, not processing the data and turning to the step 6.
And step 3, continuously checking the safety setting of the browser user, and if the JavaScript script is not started, turning to step 4. If JavaScript is enabled, go to step 5.
And 4, continuing to request the residual resources, and turning to the step 6.
Step 5, modify the relevant tag of the page, i.e. inject the script on the < head > tag, go to step 6.
And 6, sending the response data to the browser.
Corresponding to the method embodiment, the disclosure also provides a fingerprint attack protection device for HTTPS encrypted traffic, which may be used to implement the method embodiment.
Fig. 10 is a block diagram of a fingerprint attack protection device for HTTPS encrypted traffic in an exemplary embodiment of the disclosure.
Referring to fig. 10, a fingerprint attack prevention device 1000 for HTTPS encrypted traffic may include:
the obtaining module 1002 is configured to obtain a data request sent by a browser.
The detection module 1004 is configured to detect whether the browser enables HTTPS fingerprint attack protection.
A viewing module 1006, configured to view a setting of a browser enabling the HTTPS fingerprint attack protection.
A modifying module 1008 configured to modify a specified field of the HTTPS header of the data request according to the set viewing result, so as to adjust the size of the resource corresponding to the received data request.
And the interaction module 1010 is configured to send a data request for modifying the HTTPS header to the server side.
In an exemplary embodiment of the disclosure, the modification module 1008 is further configured to: if the situation that the JavaScript script is not enabled in the setting of the browser is determined, adding a byte range field in a designated field of an HTTPS head of the data request so as to adjust the size of the resource corresponding to the received data request.
In an exemplary embodiment of the disclosure, the interaction module 1010 is further configured to: if the JavaScript script is enabled in the setting of the browser, adding a random site resource request to the data request, wherein the random site resource request is used for indicating that a resource corresponding to the data request is requested from a pre-stored site resource list in a specified data interaction mode; and sending the data request added with the random site resource request to the server side.
In an exemplary embodiment of the disclosure, the interaction module 1010 is further configured to: and if the browser is determined not to enable the HTTPS fingerprint attack protection, directly sending the acquired data request to the server side.
Fig. 11 is a block diagram of a fingerprint attack protection device for HTTPS encrypted traffic in an exemplary embodiment of the disclosure.
Referring to fig. 11, a fingerprint attack guard 1100 for HTTPS encrypted traffic may include:
the obtaining module 1102 is configured to obtain a data response fed back by the server.
And the determining module 1104 is configured to determine whether the corresponding browser enables HTTPS fingerprint attack protection according to the data response.
A viewing module 1106 configured to view the settings of the browser enabling the HTTPS fingerprint attack protection.
The interaction module 1108 is configured to inject a JavaScript script into the head tag of the data request according to the set viewing result or request the remaining resources corresponding to the data response.
In an exemplary embodiment of the disclosure, the interaction module 1108 is further configured to: if the JavaScript script is not enabled in the browser setting, the residual resources are requested; and if the JavaScript script is determined to be enabled by the browser, injecting the JavaScript script into the head tag of the data request.
Since the functions of the HTTPS encrypted traffic fingerprint attack protection device 1000 and the HTTPS encrypted traffic fingerprint attack protection device 1100 have been described in detail in the corresponding method embodiments, the details of the disclosure are not repeated herein.
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
In an exemplary embodiment of the present disclosure, an electronic device capable of implementing the above method is also provided.
As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or program product. Thus, various aspects of the invention may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
An electronic device 1200 according to this embodiment of the invention is described below with reference to fig. 12. The electronic device 1200 shown in fig. 12 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 12, the electronic device 1200 is embodied in the form of a general purpose computing device. The components of the electronic device 1200 may include, but are not limited to: the at least one processing unit 1210, the at least one memory unit 1220, and a bus 1230 connecting the various system components including the memory unit 1220 and the processing unit 1210.
Wherein the memory unit stores program code that is executable by the processing unit 1210 such that the processing unit 1210 performs steps according to various exemplary embodiments of the present invention as described in the above section "exemplary methods" of the present specification. For example, the processing unit 1210 may perform a method as shown in embodiments of the present disclosure.
The storage unit 1220 may include a readable medium in the form of a volatile memory unit, such as a random access memory unit (RAM)12201 and/or a cache memory unit 12202, and may further include a read only memory unit (ROM) 12203.
Bus 1230 may be one or more of several types of bus structures, including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 1200 can also communicate with one or more external devices 1240 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 1200, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 1200 to communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interfaces 1250. Also, the electronic device 1200 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via the network adapter 1260. As shown, the network adapter 1260 communicates with the other modules of the electronic device 1200 via the bus 1230. It should be appreciated that although not shown, other hardware and/or software modules may be used in conjunction with the electronic device 1200, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, and may also be implemented by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a terminal device, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
In an exemplary embodiment of the present disclosure, there is also provided a computer-readable storage medium having stored thereon a program product capable of implementing the above-described method of the present specification. In some possible embodiments, aspects of the invention may also be implemented in the form of a program product comprising program code means for causing a terminal device to carry out the steps according to various exemplary embodiments of the invention described in the above section "exemplary methods" of the present description, when said program product is run on the terminal device.
The program product for implementing the above method according to an embodiment of the present invention may employ a portable compact disc read only memory (CD-ROM) and include program codes, and may be run on a terminal device, such as a personal computer. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A computer readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
Furthermore, the above-described figures are merely schematic illustrations of processes involved in methods according to exemplary embodiments of the invention, and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
Claims (10)
1. A fingerprint attack protection method for HTTPS encrypted traffic is characterized by comprising the following steps:
acquiring a data request sent by a browser;
detecting whether the browser enables HTTPS fingerprint attack protection;
checking the setting of the browser which enables the HTTPS fingerprint attack protection;
modifying a designated field of an HTTPS header of the data request according to the set viewing result so as to adjust the size of the resource corresponding to the received data request;
and sending a data request for modifying the HTTPS header to the server side.
2. The method of claim 1, wherein modifying a specified field of an HTTPS header of the data request according to the set view result comprises:
if the situation that the JavaScript script is not enabled in the setting of the browser is determined, adding a byte range field in a designated field of an HTTPS head of the data request so as to adjust the size of the resource corresponding to the received data request.
3. The method of fingerprint attack protection of HTTPS encrypted traffic according to claim 1 or 2, further comprising:
if the JavaScript script is enabled in the setting of the browser, adding a random site resource request to the data request, wherein the random site resource request is used for indicating that a resource corresponding to the data request is requested from a pre-stored site resource list in a specified data interaction mode;
and sending the data request added with the random site resource request to the server side.
4. The method of fingerprint attack protection of HTTPS encrypted traffic according to claim 1 or 2, further comprising:
and if the browser is determined not to enable the HTTPS fingerprint attack protection, directly sending the acquired data request to the server side.
5. A fingerprint attack protection method for HTTPS encrypted traffic is characterized by further comprising the following steps:
acquiring data response fed back by a server;
determining whether the corresponding browser enables HTTPS fingerprint attack protection or not according to the data response;
checking the setting of a browser which enables the HTTPS fingerprint attack protection;
and injecting a JavaScript script into the head label of the data request or requesting the residual resources corresponding to the data response according to the set viewing result.
6. The fingerprint attack protection method for HTTPS encrypted traffic according to claim 5, wherein injecting a JavaScript script to the head tag of the data request or requesting the remaining resources corresponding to the data response according to the set viewing result includes:
if the JavaScript script is not enabled in the browser setting, the residual resources are requested;
and if the JavaScript script is determined to be enabled by the browser, injecting the JavaScript script into the head tag of the data request.
7. A fingerprint attack protection device for HTTPS encrypted traffic, comprising:
the acquisition module is configured to acquire data response fed back by the server side;
the determining module is set to determine whether the corresponding browser enables HTTPS fingerprint attack protection or not according to the data response;
the checking module is used for checking the setting of the browser which enables the HTTPS fingerprint attack protection;
and the interaction module is used for injecting a JavaScript script into the head label of the data request or requesting the residual resources corresponding to the data response according to the set viewing result.
8. A fingerprint attack protection device for HTTPS encrypted traffic, comprising:
the acquisition module is arranged for acquiring a data request sent by the browser;
the detection module is used for detecting whether the browser starts HTTPS fingerprint attack protection or not;
the checking module is used for checking the setting of the browser which enables the HTTPS fingerprint attack protection;
the modification module is set to modify the appointed field of the HTTPS header of the data request according to the set viewing result so as to adjust the size of the resource corresponding to the received data request;
and the interaction module is configured to send the data request for modifying the HTTPS header to the server side.
9. An electronic device, comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the method of fingerprint attack protection of HTTPS encrypted traffic according to any of claims 1 to 7 based on instructions stored in the memory.
10. A computer-readable storage medium on which a program is stored, which when executed by a processor implements a method of fingerprint attack protection of HTTPS encrypted traffic according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210674206.7A CN115086030A (en) | 2022-06-14 | 2022-06-14 | Fingerprint attack protection method and device for HTTPS encrypted traffic, electronic equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210674206.7A CN115086030A (en) | 2022-06-14 | 2022-06-14 | Fingerprint attack protection method and device for HTTPS encrypted traffic, electronic equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115086030A true CN115086030A (en) | 2022-09-20 |
Family
ID=83251735
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210674206.7A Pending CN115086030A (en) | 2022-06-14 | 2022-06-14 | Fingerprint attack protection method and device for HTTPS encrypted traffic, electronic equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115086030A (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015104567A1 (en) * | 2014-01-13 | 2015-07-16 | Balazs István József | Secure communication between a server and a client web browser |
| CN110290188A (en) * | 2019-06-13 | 2019-09-27 | 四川大学 | A kind of HTTPS stream service online identification method suitable for large-scale network environment |
| CN112836232A (en) * | 2019-11-22 | 2021-05-25 | 南京理工大学 | Dynamic webpage privacy protection method based on k anonymity under webpage fingerprint identification background |
| CN113132373A (en) * | 2021-04-14 | 2021-07-16 | 北京计算机技术及应用研究所 | Web attack defense method of active interference strategy |
| CN113242215A (en) * | 2021-04-21 | 2021-08-10 | 华南理工大学 | Defense method, system, device and medium for SDN fingerprint attack |
| CN113347156A (en) * | 2021-05-11 | 2021-09-03 | 江苏大学 | Intelligent flow confusion method and system for website fingerprint defense and computer storage medium |
| CN113904872A (en) * | 2021-11-22 | 2022-01-07 | 江苏大学 | Feature extraction method and system for anonymous service website fingerprint attack |
| CN114398977A (en) * | 2022-01-13 | 2022-04-26 | 中国电子科技集团公司第五十四研究所 | Network deception traffic generation method based on countermeasure sample |
| CN114826649A (en) * | 2022-03-07 | 2022-07-29 | 中国人民解放军战略支援部队信息工程大学 | Website fingerprint confusion method based on countercheck patch |
-
2022
- 2022-06-14 CN CN202210674206.7A patent/CN115086030A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015104567A1 (en) * | 2014-01-13 | 2015-07-16 | Balazs István József | Secure communication between a server and a client web browser |
| CN110290188A (en) * | 2019-06-13 | 2019-09-27 | 四川大学 | A kind of HTTPS stream service online identification method suitable for large-scale network environment |
| CN112836232A (en) * | 2019-11-22 | 2021-05-25 | 南京理工大学 | Dynamic webpage privacy protection method based on k anonymity under webpage fingerprint identification background |
| CN113132373A (en) * | 2021-04-14 | 2021-07-16 | 北京计算机技术及应用研究所 | Web attack defense method of active interference strategy |
| CN113242215A (en) * | 2021-04-21 | 2021-08-10 | 华南理工大学 | Defense method, system, device and medium for SDN fingerprint attack |
| CN113347156A (en) * | 2021-05-11 | 2021-09-03 | 江苏大学 | Intelligent flow confusion method and system for website fingerprint defense and computer storage medium |
| CN113904872A (en) * | 2021-11-22 | 2022-01-07 | 江苏大学 | Feature extraction method and system for anonymous service website fingerprint attack |
| CN114398977A (en) * | 2022-01-13 | 2022-04-26 | 中国电子科技集团公司第五十四研究所 | Network deception traffic generation method based on countermeasure sample |
| CN114826649A (en) * | 2022-03-07 | 2022-07-29 | 中国人民解放军战略支援部队信息工程大学 | Website fingerprint confusion method based on countercheck patch |
Non-Patent Citations (2)
| Title |
|---|
| GIOVANNI CHERUBIN ET AL.: "Website Fingerprinting Defenses at the Application Layer", PROCEEDINGS ON PRIVACY ENHANCING TECHNOLOGIES, pages 3 - 4 * |
| 吴家顺: "Websites指纹识别攻击与防护技术研究", 中国优秀硕士学位论文全文数据库(基础科学辑), no. 07, pages 4 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109543454B (en) | Anti-crawler method and related equipment | |
| CN106412024B (en) | A kind of page acquisition methods and device | |
| CN111163095B (en) | Network attack analysis method, network attack analysis device, computing device, and medium | |
| TW201730806A (en) | Login failure sequence for detecting phishing | |
| US8893270B1 (en) | Detection of cross-site request forgery attacks | |
| US9104838B2 (en) | Client token storage for cross-site request forgery protection | |
| US20190222587A1 (en) | System and method for detection of attacks in a computer network using deception elements | |
| CN111193725B (en) | Configuration-based combined login method and device and computer equipment | |
| US20080060062A1 (en) | Methods and systems for preventing information theft | |
| CN111163094A (en) | Network attack detection method, network attack detection device, electronic device, and medium | |
| CN109150790B (en) | Web page crawler identification method and device | |
| CN110875899A (en) | Data processing method, system and network system | |
| CN113312577B (en) | Webpage resource processing method and device, electronic equipment and storage medium | |
| CN112202813B (en) | Network access method and device | |
| CN110177096B (en) | Client authentication method, device, medium and computing equipment | |
| CN114978934B (en) | Information desensitizing method and device, electronic equipment and computer readable storage medium | |
| CN115086030A (en) | Fingerprint attack protection method and device for HTTPS encrypted traffic, electronic equipment and medium | |
| CN109462604B (en) | Data transmission method, device, equipment and storage medium | |
| CN111770168A (en) | Webpage redirection protection method and device and electronic equipment | |
| CN112003833A (en) | Abnormal behavior detection method and device | |
| CN111737624B (en) | Page redirection protection method and device and electronic equipment | |
| KR20160047760A (en) | Web site verification apparatus using two channel certification and method thereof | |
| CN113114698B (en) | Network data request method, system, device, equipment and storage medium | |
| CN114221816B (en) | Flow detection method, device, equipment and storage medium | |
| CN114598524B (en) | Method, device, equipment and storage medium for detecting agent tool |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |