CN115208593B - Security monitoring method, terminal and computer readable storage medium - Google Patents
Security monitoring method, terminal and computer readable storage medium Download PDFInfo
- Publication number
- CN115208593B CN115208593B CN202110328649.6A CN202110328649A CN115208593B CN 115208593 B CN115208593 B CN 115208593B CN 202110328649 A CN202110328649 A CN 202110328649A CN 115208593 B CN115208593 B CN 115208593B
- Authority
- CN
- China
- Prior art keywords
- request packet
- judging
- address
- application program
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
A security monitoring method, the method comprising: monitoring a request packet of an application program in real time; analyzing the request packet and acquiring the IP address of the sending source end of the request packet; judging whether the IP address is in a preset white list or not; judging the legitimacy of the request packet through a first preset rule when the IP address is in a preset white list; and when the request packet is legal, forwarding the request packet to a controller of the network. The invention also provides a terminal and a computer readable storage medium. The invention can monitor and count the operation of the application program by carrying out security monitoring between the application layer and the controller layer, ensures the security and reliability of the access of the application program in the whole network on the premise of not wasting huge time and resources and not affecting the bandwidth, and improves the stability of the whole network.
Description
Technical Field
The embodiment of the invention relates to a security monitoring technology, in particular to a security monitoring method, a terminal and a computer readable storage medium.
Background
With the rapid expansion of network scale and the continuous development of service types, the structure and function of the internet are more complex, and the traditional network architecture based on routers as a core is more challenged in aspects of flexibility, expandability, safety, variability and the like. In this case, a software defined network (Software Defined Networ, SDN) is created, which can decouple the control plane from the data plane, support centralized network state control, and implement transparency of the underlying network infrastructure to the upper applications.
The novel network is greatly affected by the network behavior in the early development stage due to the great evolution and behavior hiding property of malicious programs, the characteristic of centralized management of a control plane in an SDN network and the uncertainty of multiple evolution of a northbound interface. In particular, as distributed denial of service (Distributed Denial of Service, DDOS) attacks are no longer limited to the protocol bottom layer, a trend towards the application layer arises, which may pose a greater hazard to SDN networks where control rights are highly concentrated. HTTP-Flood is a generic term for application-layer-based DDoS attacks, where request flooding attacks are through a large, high-frequency, legal request that occupies the bandwidth of the target controller. The invention aims to solve the potential safety hazard.
Disclosure of Invention
In view of the foregoing, it is necessary to provide a security monitoring method, a terminal, and a computer readable storage medium, which can perform security monitoring between an application layer and a controller layer to monitor and count an operation of an application program, and ensure security and reliability of access of the application program in an entire network without wasting huge time and resources and affecting bandwidth, thereby improving stability of the entire network.
The embodiment of the invention provides a security monitoring method which is applied to a server and comprises the following steps: monitoring a request packet of an application program in real time; analyzing the request packet and acquiring the IP address of the sending source end of the request packet; judging whether the IP address is in a preset white list or not; judging the legitimacy of the request packet through a first preset rule when the IP address is in a preset white list; and when the request packet is legal, forwarding the request packet to a controller of the network.
Optionally, the method further comprises: and discarding the packet when the IP address is not in the preset white list.
Optionally, the determining, by a first preset rule, validity of the request packet includes: judging the legitimacy of the request packet according to a second preset rule; monitoring request parameters of the request packet when the request packet is judged to be legal according to a second preset rule; when the request parameter is greater than a certain threshold, the application program sequence accessed by the request packet is a suspicious application program; and carrying out validity verification on the request packet again through a K-means algorithm.
Optionally, the verifying the validity of the request packet through the K-means algorithm includes: extracting access log records of the suspicious application program; processing the access log record through a script to generate a set to be detected; the to-be-detected set is subjected to K-means algorithm to generate a clustering result; comparing the clustering result with a normal behavior model, and judging whether the distance between the clustering centers is abnormal or not; when the distance between the clustering centers is abnormal, judging that the to-be-detected set is abnormal; and when the distance between the clustering centers is normal, judging that the set to be detected is normal.
Optionally, when the to-be-detected set is judged to be abnormal, the application program is confirmed to be attacked.
Optionally, when the set to be detected is judged to be normal, confirming that the application program is not in contact with the attack.
The embodiment of the invention also provides a server, which comprises a memory, a processor and a safety monitoring program stored on the memory and capable of running on the processor, wherein the safety monitoring program realizes the following steps when being executed by the processor: monitoring a request packet of an application program in real time; analyzing the request packet and acquiring the IP address of the sending source end of the request packet; judging whether the IP address is in a preset white list or not; judging the legitimacy of the request packet through a first preset rule when the IP address is in a preset white list; and when the request packet is legal, forwarding the request packet to a controller of the network.
Optionally, the determining, by a first preset rule, validity of the request packet includes: judging the legitimacy of the request packet according to a second preset rule; monitoring request parameters of the request packet when the request packet is judged to be legal according to a second preset rule; when the request parameter is greater than a certain threshold, the application program sequence accessed by the request packet is a suspicious application program; and carrying out validity verification on the request packet again through a K-means algorithm.
Optionally, the verifying the validity of the request packet through the K-means algorithm includes: extracting access log records of the suspicious application program; processing the access log record through a script to generate a set to be detected; the to-be-detected set is subjected to K-means algorithm to generate a clustering result; comparing the clustering result with a normal behavior model, and judging whether the distance between the clustering centers is abnormal or not; when the distance between the clustering centers is abnormal, judging that the to-be-detected set is abnormal; and when the distance between the clustering centers is normal, judging that the set to be detected is normal.
Embodiments of the present invention also provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the security monitoring method as described above.
Compared with the prior art, the security monitoring method, the security monitoring device and the computer readable storage medium can monitor the security between the application layer and the controller layer to monitor and count the operation of the application program, ensure the security and the reliability of the access of the application program in the whole network on the premise of not wasting huge time and resources and not influencing the bandwidth, and promote the stability of the whole network.
Drawings
FIG. 1 is a diagram of the operating environment of a security monitoring system in accordance with a preferred embodiment of the present invention.
FIG. 2 is a block diagram of a security monitoring system according to a preferred embodiment of the present invention.
FIG. 3 is a flow chart of a security monitoring method according to a preferred embodiment of the present invention.
Description of the main reference signs
| Server device | 1 |
| Safety monitoring system | 10 |
| Memory device | 20 |
| Processor and method for controlling the same | 30 |
| Monitoring module | 101 |
| Analysis module | 102 |
| Judgment module | 103 |
| Control module | 104 |
| Step (a) | S300~S310 |
Detailed Description
Referring to FIG. 1, a diagram of an operating environment of a preferred embodiment of a security monitoring system according to an embodiment of the present invention is shown. The security monitoring system 10 operates in the server 1. The server 1 further includes a memory 20, a processor 30, and the like.
The memory 20 includes at least one type of readable storage medium including flash memory, hard disk, multimedia card, card memory (e.g., SD or DX memory, etc.), random Access Memory (RAM), static Random Access Memory (SRAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), programmable Read Only Memory (PROM), magnetic memory, magnetic disk, optical disk, etc. The processor 30 may be a central processing unit (Central Processing Unit, CPU), controller, microcontroller, microprocessor, or other data processing chip, or the like.
Referring to FIG. 2, a block diagram of a preferred embodiment of the security monitoring system 10 of the present invention is shown.
The safety monitoring system 10 includes a monitoring module 101, an analysis module 102, a judgment module 103, and a control module 104. The modules are configured to be executed by one or more processors (one processor 30 in this embodiment) to carry out the invention. The modules referred to herein are computer program segments that perform a particular instruction. The memory 20 is used for storing data such as program codes of the security monitoring system 10. The processor 30 is arranged to execute program code stored in the memory 20.
The monitoring module 101 is configured to monitor a request packet of an application program in real time.
In this embodiment, the source end sends a request packet to request access to the application.
The parsing module 102 is configured to parse the request packet and obtain an IP address of a sending source of the request packet.
When receiving an access request of an application program from a source end, the parsing module 102 parses the IP address of the source end of the request packet, so that the determining module 103 determines whether the IP address is legal, and when the IP address is illegal, discards the request packet and does not respond.
A judging module 103, configured to judge whether the IP address is in a preset whitelist.
In this embodiment, a white list of IP addresses is preset in the server 1, and when the IP addresses are in the white list, the determining module 103 determines that the IP addresses are legal, and the determining module 103 further determines the validity of the request packet according to a preset rule.
When the IP address is not in the white list, the determining module 103 determines that the IP address is illegal, and the determining module 103 discards the packet.
The control module 104 is configured to forward the request packet to a controller of the network when the request packet is legal.
In this embodiment, the judging module 103 judges the validity of the request packet according to the following first preset rule:
first, the judging module 103 judges the validity of the request packet according to a second preset rule.
Specifically, the second preset rule is: and judging whether the interface IP address of the request packet is accurate or whether the URL of the request packet is complete. And judging that the request packet is legal when the interface IP address of the request packet is accurate or the URL of the request packet is complete.
And secondly, when the request packet is judged to be legal according to a second preset rule, monitoring the request parameter of the request packet.
Specifically, the request parameters include the number of requests, the frequency of requests, or the type of requests. Request types include, but are not limited to, get, modify, delete, etc. For example, when the number of times of deleting or modifying the configuration reaches several hundred times, it may be suspected that an attack is made.
Thirdly, when the request parameter is larger than a certain threshold, the application program sequence accessed by the request packet is the suspicious application program.
Fourth, further carrying out validity verification on the request packet through a K-means algorithm.
In a preferred embodiment, in order to make the result more accurate, when the judging module 103 judges the validity of the request packet according to the first preset rule, after verifying the validity of the request packet again by the K-means algorithm, the method may further include the steps of: the validity of the request packet can be judged again according to the second preset rule.
In this embodiment, the judging module 103 performs the validity verification on the request packet again through the K-means algorithm by the following manner:
first, the judgment module 103 extracts the log record of access of the suspicious application;
secondly, the log record of the access is processed by a script to generate a set to be detected;
then, the to-be-detected set passes through a K-means algorithm to generate a clustering result;
next, comparing the clustering result with a normal behavior model, and judging whether the distance of the clustering center is abnormal or not;
finally, when the distance between the clustering centers is abnormal, judging that the set to be detected is abnormal; and when the distance between the clustering centers is normal, judging that the set to be detected is normal.
In this embodiment, when the judging module 103 judges that the set to be detected is abnormal, it is confirmed that the application is attacked.
In this embodiment, when the judging module 103 judges that the set to be detected is normal, it is confirmed that the application program is not in contact with the attack.
In this embodiment, security monitoring can be performed between the application layer and the controller layer to monitor and count the operation of the application program, so that the security and reliability of the application program access in the whole network are ensured without wasting huge time and resources and affecting the bandwidth, and the stability of the whole network is improved.
Referring to FIG. 3, a flow chart of a security monitoring method according to a preferred embodiment of the invention is shown. The security monitoring method is applied to the server 1 and can be implemented by the processor 30 executing the modules 101 to 104 shown in fig. 2.
Step S300, request packets of the application program are monitored in real time.
In this embodiment, the source end sends a request packet to request access to the application.
Step S302, the request packet is parsed and the IP address of the sending source end of the request packet is obtained.
When receiving an access request of an application program from a source end, the server 1 analyzes the IP address of the sending source end of the request packet so as to judge whether the IP address is legal, and when the IP address is illegal, the request packet is discarded and is not responded.
Step S304, judging whether the IP address is in a preset white list. The IP address is in a preset white list, step S306 is performed, otherwise step S308 is performed.
Step S306, judging the validity of the request packet according to a first preset rule. When the request packet is legal, step S310 is executed, otherwise step S308 is executed.
In this embodiment, a white list of IP addresses is preset in the server 1, and when the IP addresses are in the white list, the server 1 determines that the IP addresses are legal, and further determines the validity of the request packet according to a first preset rule.
Step S308, discard the packet.
When the IP address is not in the white list or the server 1 determines that the request packet is illegal through the first preset rule, the server 1 determines that the IP address is illegal and discards the packet.
In step S310, when the request packet is legal, the request packet is forwarded to a controller of the network.
In this embodiment, in step S306, the validity of the request packet is determined according to the following first preset rule:
first, the validity of the request packet is judged according to a second preset rule.
Specifically, the second preset rule is: and judging whether the interface IP address of the request packet is accurate or whether the URL of the request packet is complete. And judging that the request packet is legal when the interface IP address of the request packet is accurate or the URL of the request packet is complete.
And secondly, when the request packet is judged to be legal according to a second preset rule, monitoring the request parameter of the request packet.
Specifically, the request parameters include the number of requests, the frequency of requests, or the type of requests. Request types include, but are not limited to, get, modify, delete, etc. For example, when the number of times of deleting or modifying the configuration reaches several hundred times, it may be suspected that an attack is made.
Thirdly, when the request parameter is larger than a certain threshold, the application program sequence accessed by the request packet is the suspicious application program.
Fourth, further carrying out validity verification on the request packet through a K-means algorithm.
In a preferred embodiment, in order to make the result more accurate, when judging the validity of the request packet according to the first preset rule, after verifying the validity of the request packet again by the K-means algorithm, the method may further include the steps of: the validity of the request packet can be judged again according to the second preset rule.
In this embodiment, the verification of validity of the request packet by the K-means algorithm is implemented in the following manner:
first, the judgment module 103 extracts the log record of access of the suspicious application;
secondly, the log record of the access is processed by a script to generate a set to be detected;
then, the to-be-detected set passes through a K-means algorithm to generate a clustering result;
next, comparing the clustering result with a normal behavior model, and judging whether the distance of the clustering center is abnormal or not;
finally, when the distance between the clustering centers is abnormal, judging that the set to be detected is abnormal; and when the distance between the clustering centers is normal, judging that the set to be detected is normal.
In this embodiment, the normal behavior model is pre-established according to the history data, which belongs to a more mature technology and is not described here again.
In this embodiment, when the server 1 determines that the set to be detected is abnormal, it is confirmed that the application is attacked.
In this embodiment, when the server 1 determines that the set to be detected is normal, it is determined that the application program is not exposed to the attack.
By applying the method to the system, safety monitoring can be carried out between the application layer and the controller layer to monitor and count the operation of the application program, the safety and reliability of application program access in the whole network are ensured on the premise of not wasting huge time and resources and not affecting bandwidth, and the stability of the whole network is improved.
It should be noted that the above embodiments are only for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that the technical solution of the present invention may be modified or substituted without departing from the spirit and scope of the technical solution of the present invention.
Claims (8)
1. A security monitoring method, the method comprising:
monitoring a request packet of an application program in real time;
analyzing the request packet and acquiring the IP address of the sending source end of the request packet;
judging whether the IP address is in a preset white list or not;
judging the legitimacy of the request packet through a first preset rule when the IP address is in a preset white list;
when the request packet is legal, forwarding the request packet to a controller of a network;
wherein, the judging the validity of the request packet through the first preset rule includes:
judging the validity of the request packet according to a second preset rule, wherein the second preset rule is as follows: judging whether the interface IP address of the request packet is accurate or whether the URL of the request packet is complete, and judging that the request packet is legal when the interface IP address of the request packet is accurate or the URL of the request packet is complete;
monitoring request parameters of the request packet when the request packet is judged to be legal according to a second preset rule;
when the request parameter is greater than a certain threshold, the application program sequence accessed by the request packet is a suspicious application program;
and carrying out validity verification on the request packet again through a K-means algorithm.
2. The security monitoring method of claim 1, wherein the method further comprises:
and discarding the packet when the IP address is not in the preset white list.
3. The security monitoring method of claim 1, wherein the verifying the validity of the request packet again by the K-means algorithm comprises:
extracting access log records of the suspicious application program;
processing the access log record through a script to generate a set to be detected;
the to-be-detected set is subjected to K-means algorithm to generate a clustering result;
comparing the clustering result with a normal behavior model, and judging whether the distance between the clustering centers is abnormal or not;
when the distance between the clustering centers is abnormal, judging that the to-be-detected set is abnormal;
and when the distance between the clustering centers is normal, judging that the set to be detected is normal.
4. A security monitoring method according to claim 3, wherein the application is confirmed as being attacked when the anomaly of the set to be detected is determined.
5. A security monitoring method according to claim 3, wherein the application is confirmed as not being exposed to an attack when the set to be detected is judged to be normal.
6. A terminal comprising a memory, a processor, and a security monitoring program stored on the memory and executable on the processor, the security monitoring program when executed by the processor implementing the steps of:
monitoring a request packet of an application program in real time;
analyzing the request packet and acquiring the IP address of the sending source end of the request packet;
judging whether the IP address is in a preset white list or not;
judging the legitimacy of the request packet through a first preset rule when the IP address is in a preset white list;
when the request packet is legal, forwarding the request packet to a controller of a network;
wherein, the judging the validity of the request packet through the first preset rule includes:
judging the validity of the request packet according to a second preset rule, wherein the second preset rule is as follows: judging whether the interface IP address of the request packet is accurate or whether the URL of the request packet is complete, and judging that the request packet is legal when the interface IP address of the request packet is accurate or the URL of the request packet is complete;
monitoring request parameters of the request packet when the request packet is judged to be legal according to a second preset rule;
when the request parameter is greater than a certain threshold, the application program sequence accessed by the request packet is a suspicious application program;
and carrying out validity verification on the request packet again through a K-means algorithm.
7. The terminal of claim 6 wherein said re-verifying the validity of the request packet by the K-means algorithm comprises:
extracting access log records of the suspicious application program;
processing the access log record through a script to generate a set to be detected;
the to-be-detected set is subjected to K-means algorithm to generate a clustering result;
comparing the clustering result with a normal behavior model, and judging whether the distance between the clustering centers is abnormal or not;
when the distance between the clustering centers is abnormal, judging that the to-be-detected set is abnormal;
and when the distance between the clustering centers is normal, judging that the set to be detected is normal.
8. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the security monitoring method according to any of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110328649.6A CN115208593B (en) | 2021-03-26 | 2021-03-26 | Security monitoring method, terminal and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110328649.6A CN115208593B (en) | 2021-03-26 | 2021-03-26 | Security monitoring method, terminal and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115208593A CN115208593A (en) | 2022-10-18 |
| CN115208593B true CN115208593B (en) | 2023-08-18 |
Family
ID=83570873
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110328649.6A Active CN115208593B (en) | 2021-03-26 | 2021-03-26 | Security monitoring method, terminal and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115208593B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102790778A (en) * | 2012-08-22 | 2012-11-21 | 常州大学 | DDos (distributed denial of service) attack defensive system based on network trap |
| KR101455167B1 (en) * | 2013-09-03 | 2014-10-27 | 한국전자통신연구원 | Network switch based on whitelist |
| CN105577705A (en) * | 2016-03-22 | 2016-05-11 | 英赛克科技(北京)有限公司 | Safety protection method and system for IEC60870-5-104 protocol |
| CN105847251A (en) * | 2016-03-22 | 2016-08-10 | 英赛克科技(北京)有限公司 | Security protection method and system for industrial control system using S7 protocol |
| CN107046544A (en) * | 2017-05-02 | 2017-08-15 | 深圳乐信软件技术有限公司 | A kind of method and apparatus of the unauthorized access request recognized to website |
| CN107241456A (en) * | 2017-05-12 | 2017-10-10 | 北京星网锐捷网络技术有限公司 | The method and server of a kind of terminal Access Control |
| CN107612895A (en) * | 2017-09-05 | 2018-01-19 | 网宿科技股份有限公司 | A kind of internet anti-attack method and certificate server |
| CN109600377A (en) * | 2018-12-13 | 2019-04-09 | 平安科技(深圳)有限公司 | Anti- go beyond one's commission method, apparatus, computer equipment and storage medium |
| WO2020042856A1 (en) * | 2018-08-27 | 2020-03-05 | 北京智芯微电子科技有限公司 | Security auditing system and method |
-
2021
- 2021-03-26 CN CN202110328649.6A patent/CN115208593B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102790778A (en) * | 2012-08-22 | 2012-11-21 | 常州大学 | DDos (distributed denial of service) attack defensive system based on network trap |
| KR101455167B1 (en) * | 2013-09-03 | 2014-10-27 | 한국전자통신연구원 | Network switch based on whitelist |
| CN105577705A (en) * | 2016-03-22 | 2016-05-11 | 英赛克科技(北京)有限公司 | Safety protection method and system for IEC60870-5-104 protocol |
| CN105847251A (en) * | 2016-03-22 | 2016-08-10 | 英赛克科技(北京)有限公司 | Security protection method and system for industrial control system using S7 protocol |
| CN107046544A (en) * | 2017-05-02 | 2017-08-15 | 深圳乐信软件技术有限公司 | A kind of method and apparatus of the unauthorized access request recognized to website |
| CN107241456A (en) * | 2017-05-12 | 2017-10-10 | 北京星网锐捷网络技术有限公司 | The method and server of a kind of terminal Access Control |
| CN107612895A (en) * | 2017-09-05 | 2018-01-19 | 网宿科技股份有限公司 | A kind of internet anti-attack method and certificate server |
| WO2020042856A1 (en) * | 2018-08-27 | 2020-03-05 | 北京智芯微电子科技有限公司 | Security auditing system and method |
| CN109600377A (en) * | 2018-12-13 | 2019-04-09 | 平安科技(深圳)有限公司 | Anti- go beyond one's commission method, apparatus, computer equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| Limei He ; Zheng Yan ; Mohammed Atiquzzaman.LTE/LTE-A Network Security Data Collection and Analysis for Security Measurement: A Survey.IEEE Access.2018,第6卷全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115208593A (en) | 2022-10-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10200384B1 (en) | Distributed systems and methods for automatically detecting unknown bots and botnets | |
| EP4027604A1 (en) | Security vulnerability defense method and device | |
| US10929538B2 (en) | Network security protection method and apparatus | |
| US10277614B2 (en) | Information processing apparatus, method for determining activity and computer-readable medium | |
| RU2680736C1 (en) | Malware files in network traffic detection server and method | |
| CN108664793B (en) | Method and device for detecting vulnerability | |
| WO2019178966A1 (en) | Network attack defense method and apparatus, and computer device and storage medium | |
| CN110266650B (en) | Identification method of Conpot industrial control honeypot | |
| KR20000054538A (en) | System and method for intrusion detection in network and it's readable record medium by computer | |
| CN111010409A (en) | Encryption attack network flow detection method | |
| CN110958231A (en) | Industrial control safety event monitoring platform and method based on Internet | |
| US11930036B2 (en) | Detecting attacks and quarantining malware infected devices | |
| Fei et al. | The abnormal detection for network traffic of power iot based on device portrait | |
| CN115550049A (en) | Vulnerability detection method and system for Internet of things equipment | |
| CN107786489B (en) | Access request verification method and device | |
| CN113645181A (en) | Distributed protocol attack detection method and system based on isolated forest | |
| CN115208593B (en) | Security monitoring method, terminal and computer readable storage medium | |
| CN108833410B (en) | Protection method and system for HTTP Flood attack | |
| CN115102781B (en) | Network attack processing method, device, electronic equipment and medium | |
| CN114389863B (en) | Honeypot interaction method and device, honeypot network, equipment and storage medium | |
| CN114363059A (en) | Attack identification method and device and related equipment | |
| JP5925287B1 (en) | Information processing apparatus, method, and program | |
| CN112637171A (en) | Data traffic processing method, device, equipment, system and storage medium | |
| CN114301689B (en) | Campus network security protection method and device, computing equipment and storage medium | |
| Zhu | On the model-checking-based IDS |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |