CN116545714A - Web attack prevention reaction system based on rule engine - Google Patents
Web attack prevention reaction system based on rule engine Download PDFInfo
- Publication number
- CN116545714A CN116545714A CN202310558571.6A CN202310558571A CN116545714A CN 116545714 A CN116545714 A CN 116545714A CN 202310558571 A CN202310558571 A CN 202310558571A CN 116545714 A CN116545714 A CN 116545714A
- Authority
- CN
- China
- Prior art keywords
- backtracking
- link
- nodes
- preset
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000006243 chemical reaction Methods 0.000 title claims abstract description 17
- 230000002265 prevention Effects 0.000 title claims abstract description 17
- 238000004458 analytical method Methods 0.000 claims abstract description 26
- 230000001105 regulatory effect Effects 0.000 claims abstract description 16
- 238000010276 construction Methods 0.000 claims abstract description 7
- CLOMYZFHNHFSIQ-UHFFFAOYSA-N clonixin Chemical compound CC1=C(Cl)C=CC=C1NC1=NC=CC=C1C(O)=O CLOMYZFHNHFSIQ-UHFFFAOYSA-N 0.000 claims description 43
- 230000008859 change Effects 0.000 claims description 9
- 230000000694 effects Effects 0.000 claims description 6
- 238000000034 method Methods 0.000 description 8
- 230000005540 biological transmission Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 238000013461 design Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000011161 development Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000010485 coping Effects 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention relates to the field of network security, in particular to a Web attack prevention reaction system based on a rule engine, which comprises a construction module, a control module and a control module, wherein the construction module is used for constructing a backtracking link and acquiring open source data; the judging module acquires the number ratio of the attacked nodes and judges the security of the backtracking link; the analysis module compares the acquired attack intensity with preset attack intensity and adjusts the number of nodes increased in each level; when the regulating module judges that the number of nodes of each layer in the backtracking link is increased, the balancing module compares the obtained difference value of the number of nodes of each layer with the preset difference value of the number of nodes, and regulates the number of the layers in the backtracking link.
Description
Technical Field
The invention relates to the field of network security, in particular to a Web attack prevention reaction system based on a rule engine.
Background
In modern society, especially for science and technology, military field, network security is crucial, when obtaining open source data, in order to protect the network information safety of user side, the user usually can set up the back tracing link to set up a plurality of levels in fact, every level contains a plurality of nodes to guarantee not exposing user information in the process of obtaining open source data, but present tradition back tracing link intelligence when the node is attacked, changes the node that is attacked, or builds virtual network and covers up real route, can't adjust back tracing link according to actual conditions, in order to guarantee the security of back tracing link. By developing a policy-based game service automation scheduling framework study and constructing an automation scheduling framework, projects can combine the service requirements, and corresponding debugging policies are selected according to the service characteristics to rapidly develop high-quality service functions. For a hand-tour user, a more playable system with more user participation will be experienced; for the operation manager, the framework can provide a more efficient development mode, and the service designed on the framework can be more stable and available. The automatic scheduling framework is reusable, supports custom scheduling, can continuously update iteration and supports agile development. The design of the cross-over system is much more complex than that of a single area, and the biggest characteristic is that the cross-over system is provided with more users, and is not like the single-area system, but is a small part of players which are already divided by the area. The player who wants to bear enough magnitude and the high concurrency pressure brought by the player need to fully utilize the distributed architecture to design the architecture meeting the game requirement, however, the common architecture design often has some shortfalls: the service and the architecture have the problem of excessive coupling, uniform scheduling is lacking among the services, the service has a single point problem on the architecture design, and the service lacks the capability of coping with disaster recovery.
The Chinese patent ZL202111513187.1 discloses a method for disposing and planning optimal paths of back-traced heterogeneous resources, which is technically characterized by comprising two steps of disposing the back-traced heterogeneous resources and planning optimal paths of back-traced heterogeneous resources, wherein the disposing of the back-traced heterogeneous resources is to select a series of basic network resources according to the position information and cooperation relations of the attacker and the country or region where the attacker is located and the relevant country and region, and to configure the attributes of the network resources, so that manpower and material resources are consumed, and the real-time adjustment of the attack cannot be realized.
Disclosure of Invention
Therefore, the invention provides a Web attack prevention reaction system based on a rule engine, which can solve the technical problem that the layer number of a backtracking link and the number of nodes contained in each layer cannot be regulated according to the number of attacked nodes and the distance between the nodes in the backtracking link.
In order to achieve the above object, the present invention provides a Web attack prevention reaction system based on a rule engine, comprising:
the construction module is used for constructing a backtracking link and acquiring open source data;
the judging module is used for acquiring the number duty ratio of the attacked nodes when the backtracking link is attacked, comparing the acquired number duty ratio with a preset number duty ratio, and judging the security of the backtracking link;
the analysis module is used for acquiring the attack strength born by the backtracking link according to the number of the attacked nodes and the attack times in the preset time when the judgment module judges that the safety of the backtracking link meets the preset standard, comparing the acquired attack strength with the preset attack strength, and adjusting the node connection position in the K layers before the attacked node;
the adjusting module is used for judging that the number of nodes of each level in the backtracking link is increased when the judging module judges that the safety of the backtracking link does not meet the preset standard, acquiring the safety degree through the distance between the attacked nodes, comparing the acquired safety degree with the preset safety degree, and adjusting the number of the nodes increased in each level;
and the balancing module is used for comparing the obtained node quantity difference value of each level with the preset node quantity difference value when the regulating module judges that the node quantity of each level in the backtracking link is increased, judging the level quantity in the backtracking link, and comparing the obtained node quantity difference value with a difference value standard value when the balancing module judges that the level quantity in the backtracking link is increased, and selecting the increased level quantity in the backtracking link so as to enable the backtracking effect when the open source data is obtained to meet the preset standard.
Further, the judging module obtains the ratio D of the number of the attacked nodes in the backtracking link, d=m/n is set, wherein m is the number of the attacked nodes, n is the number of the attacked nodes in the backtracking link, the judging module compares the obtained ratio with the preset ratio D to judge the security of the backtracking link, wherein,
under a first comparison condition, the judging module judges that the security of the backtracking link accords with a preset standard, and the analyzing module acquires the attack strength born by the backtracking link;
under a second comparison condition, the judging module judges that the safety of the backtracking link does not accord with a preset standard, and the adjusting module acquires the safety of the backtracking link;
the first comparison condition is D less than or equal to D, and the second comparison condition is D > D.
Further, when the number ratio obtained by the judging module is smaller than or equal to the preset number ratio, and the judging module judges that the security of the backtracking link accords with the preset standard, the analyzing section module presets the attack strength F, the analyzing module compares the obtained attack strength F born by the backtracking link with the preset attack strength to adjust the node connection position in the K layers before the attacked node, wherein,
under a first constraint condition, the analysis module judges the number of levels of nodes for reducing the change of the connection position;
under a second constraint condition, the analysis module does not change the number of nodes;
under a third constraint condition, the analysis module judges the number of levels of the node with the increased connection position change;
the analysis module presets attack force F, a first preset attack force F1 and a second attack force F2 are set, the first constraint condition is F less than or equal to F1, the second constraint condition is F1 less than F less than F2, and the third constraint condition is F more than or equal to F2.
Further, the attack strength f born by the backtracking link is determined according to the number t of times of attack of the nodes of the backtracking link and the number m of the attacked nodes in a preset time, and is set
Further, when the attack intensity obtained by the adjusting module is smaller than or equal to a first preset attack intensity, the adjusting module determines that the number K of the levels where the nodes with changed connection positions are located is reduced to K1, and setsWhen the attack intensity acquired by the adjusting module is greater than or equal to a second preset attack intensity, the adjusting module judges that the number K of the levels where the nodes with changed connection positions are located is increased to K2, and ∈is set>
Further, the number of the nodes in each level in the backtracking link is increased when the number of the nodes in each level in the backtracking link is equal to or greater than the preset number of the nodes in each level, the adjustment module compares the acquired security E with the preset security E to adjust the number of the nodes in each level, wherein,
when E is less than or equal to E1, the adjusting module judges that the number of the nodes N to N1 increased by each level is increased;
when E1 is less than E and less than E2, the adjusting module does not adjust the number of the nodes increased in each level;
when E is more than or equal to E2, the adjusting module judges that the number of nodes added by each level is reduced by N to N2;
the adjusting module presets the safety degree E, and sets a first preset safety degree E1 and a second preset safety degree E2.
Further, the security e is determined according to the node distance, and e=lmax×smin is set, where lmax is the maximum distance between the attacked nodes, and smin is the distance between the node closest to the user side in the attacked nodes and the user side.
Further, when the security obtained by the adjustment module is smaller than or equal to a first preset security, the adjustment module determines to increase the number N of nodes increased in each level to N1, sets n1=nx (1+|e1-e|/E1), and when the security obtained by the adjustment module is larger than or equal to a second preset security, the adjustment module determines to decrease the number N of nodes increased in each level to N2, and sets n2=nx (1+|e2-e|/E2).
Further, when the adjustment module determines to increase the number of nodes of each level in the backtracking link, the balancing module obtains a difference Δr of the number of nodes of each level, and sets Δr=ni—n0, where N0 is a preset node number standard value of the balancing module, and the balancing module compares the obtained difference Δr of the number of nodes with the preset difference Δr of the number of nodes to determine the number of levels in the backtracking link,
when Deltar is less than or equal to DeltaR, the balancing module judges that the number of levels in the backtracking link is not regulated;
when Deltar > Deltar, the balancing module judges to increase the layer number in the backtracking link;
where i=1, 2.
Further, when the balancing module determines to increase the number of layers in the backtracking link, the balancing module compares the obtained node number difference Deltar with a preset difference standard value DeltaR 0, selects the number of layers increased in the backtracking link, wherein,
when Deltar is less than or equal to Deltar 01, the balancing module selects a first preset layer number H1 as an increased layer number in the backtracking link;
when DeltaR 01 < DeltaR < DeltaR02, the balancing module selects a second preset layer number H2 as an increased layer number in the backtracking link;
when Deltar is not less than Deltar 02, the balancing module selects a second preset layer number H2 as an increased layer number in the backtracking link;
the balance module presets a difference standard value DeltaR 0, a first preset difference expression value DeltaR 01, a second preset difference standard value DeltaR 02, a balance module presets a layer number H, a first preset layer number H1 and a second preset layer number H2.
Compared with the prior art, the method has the advantages that through the arrangement of the judging module, when the user number backtracking link is attacked, the number of attacked nodes is obtained, the obtained number of nodes is compared with the preset number of nodes, the safety of the backtracking link is judged, potential safety hazards are found timely and adjusted timely, when the judging module judges that the safety of the backtracking link meets the preset standard, the analyzing module obtains the attack strength born by the backtracking link according to the number of attacked nodes and the attack times in the preset time, the obtained attack strength is compared with the preset attack strength, the node connection position in the front K layer of the attacked nodes is adjusted, under the condition that the backtracking link is safer, the safety is further improved, when the judging module judges that the safety of the backtracking link does not meet the preset standard, the regulating module judges that the number of nodes of each level in the backtracking link is increased, the obtained safety is compared with the preset safety, the regulating module adjusts the number of nodes of each level in the backtracking link according to the distance between the attacked nodes, the regulating module balances the obtained number of nodes in the backtracking link with the preset level, the difference value is increased, the number of nodes in the backtracking link is balanced when the backtracking module judges that the number of nodes in the backtracking link is increased, the number of the backtracking link is balanced, the number of nodes in the backtracking module is increased, and the number of the backtracking module is balanced, and the number of the nodes in the backtracking module is balanced, and the number in the number of the backtracking level is balanced, and the number between the nodes is balanced, and the level according to the obtained, and the node is balanced, and the safety, the cost is saved, and the safety is ensured, so that the backtracking effect when the open source data is acquired accords with the preset standard.
Especially, the user may encounter an attack in the process of constructing the backtracking link and acquiring the target open source data, if the number of the attacked nodes is enough, the user can be traced, so that threat is generated to the network security of the user, the judging module acquires the number proportion of the attacked nodes in the backtracking link, compares the acquired number proportion with the preset number proportion, and judges the security of the backtracking link, wherein when the number proportion acquired by the judging module is smaller than or equal to the preset number proportion, the number of the attacked nodes is smaller, the security of the backtracking link is stronger at the moment, the possibility of being traced is smaller, and when the number proportion acquired by the judging module is larger than the preset number proportion, the number of the attacked nodes is larger at the moment, the possibility of being traced is larger, and the security of the backtracking link is poorer.
In particular, the backtracking link can be automatically switched to other nodes at the same level when the node is attacked, but only the attacked node is changed, the security of the backtracking link is not enough to be guaranteed, for the security, the analysis module adjusts the node connection positions in a plurality of layers in front of the attacked node, the analysis module obtains the attack strength born by the backtracking link through the number of attacked nodes and the attack times in preset time, and compares the obtained attack strength with the preset attack strength, adjusts the node connection positions in a plurality of layers in front of the attacked node, wherein when the attack strength born by the backtracking link obtained by the analysis module is smaller than or equal to the first preset attack strength, the number of the attacked nodes in the preset time is smaller, the attack times are also smaller, the threat faced by the backtracking link is lower, so that the analysis module judges the number of layers where the node connection positions are changed to avoid too many nodes, the obtained data packets are lost, when the attack strength born by the backtracking link in the preset time is larger than or equal to the second preset attack strength, the backtracking link is larger, the number of the backtracking link is more, the number of the backtracking links is more, the security is more, and the number of the backtracking links is more is prevented from being changed, and the security is more, and the number of the backtracking links are more is more changed.
In particular, when the number of the obtained nodes is equal to or greater than the preset number of the nodes, the adjusting module needs to adjust the constructed backtracking links, that is, increase the number of nodes of each level, the adjusting module obtains the security through the distance between the attacked nodes, and compares the obtained security with the preset security, so as to adjust the number of the nodes increased in each level.
In particular, after the adjusting module increases the nodes in each level, the balancing module obtains the difference between the number of nodes in each level and the standard value of the number of preset nodes, compares the obtained number difference with the preset number difference, judges the level of the backtracking link, when the number difference of the nodes obtained by the balancing module is larger than the preset number difference, the excessive number of the nodes in the level is indicated to easily cause the loss of the obtained data packet, and the safety of the backtracking link is indicated to be only increased at the moment, so that the balancing module judges that the level number of the backtracking link is increased, compares the obtained number difference of the nodes with the preset number difference of the nodes, and selects the increased level number to keep the level number in a certain range, thereby avoiding the influence of the excessive level number on the data transmission speed.
Drawings
Fig. 1 is a schematic diagram of an open source data acquisition system based on a backtracking network according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a backtracking network structure according to an embodiment of the present invention;
FIG. 3 is a flow chart of a rule engine-based Web attack prevention reaction system according to an embodiment of the invention.
Detailed Description
In order that the objects and advantages of the invention will become more apparent, the invention will be further described with reference to the following examples; it should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Preferred embodiments of the present invention are described below with reference to the accompanying drawings. It should be understood by those skilled in the art that these embodiments are merely for explaining the technical principles of the present invention, and are not intended to limit the scope of the present invention.
It should be noted that, in the description of the present invention, terms such as "upper," "lower," "left," "right," "inner," "outer," and the like indicate directions or positional relationships based on the directions or positional relationships shown in the drawings, which are merely for convenience of description, and do not indicate or imply that the apparatus or elements must have a specific orientation, be constructed and operated in a specific orientation, and thus should not be construed as limiting the present invention.
Furthermore, it should be noted that, in the description of the present invention, unless explicitly specified and limited otherwise, the terms "mounted," "connected," and "connected" are to be construed broadly, and may be either fixedly connected, detachably connected, or integrally connected, for example; can be mechanically or electrically connected; can be directly connected or indirectly connected through an intermediate medium, and can be communication between two elements. The specific meaning of the above terms in the present invention can be understood by those skilled in the art according to the specific circumstances.
Referring to fig. 1, a schematic diagram of an open source data acquisition system based on a backtracking network according to an embodiment of the present invention includes a building module 10 for building a backtracking link and acquiring open source data;
the judging module 20 is configured to obtain a number of attacked nodes and compare the obtained number of attacked nodes with a preset number of attacked nodes when the backtracking link is attacked, and judge the security of the backtracking link;
the analysis module 30 is configured to obtain attack strength born by the backtracking link according to the number of attacked nodes and the number of attacks in a preset time when the judgment module judges that the security of the backtracking link meets a preset standard, and compare the obtained attack strength with the preset attack strength, so as to adjust the node connection position in the K-layer before the attacked node;
the adjusting module 40 is configured to determine to increase the number of nodes in each level in the backtracking link when the determining module determines that the security of the backtracking link does not meet the preset standard, obtain the security through the distance between the attacked nodes, compare the obtained security with the preset security, and adjust the number of nodes increased in each level;
the balancing module 50 is configured to compare the obtained node number difference value of each level with a preset node number difference value when the adjusting module determines to increase the node number of each level in the backtracking link, determine the level number in the backtracking link, and compare the obtained node number difference value with a difference value standard value when the balancing module determines to increase the level number in the backtracking link, and select the increased level number in the backtracking link so that the backtracking effect when the open source data is obtained meets the preset standard.
Specifically, the construction module comprises a construction unit and a transmission unit, wherein the construction unit is used for constructing a backtracking link; and the transmission unit is used for transmitting the acquired open source data through the backtracking.
Specifically, the embodiment of the invention obtains the number of the attacked nodes by arranging the judging module when the user number backtracking link is attacked, compares the obtained number of the attacked nodes with the preset number of the nodes, judges the safety of the backtracking link, discovers potential safety hazards in time and adjusts in time, when the judging module judges that the safety of the backtracking link meets the preset standard, the analyzing module obtains the attack strength born by the backtracking link according to the number of the attacked nodes and the attack times in the preset time, compares the obtained attack strength with the preset attack strength, adjusts the connection positions of the nodes in the front K layer of the attacked nodes, further improves the safety under the condition that the backtracking link is safer, judges to increase the number of the nodes of each layer in the backtracking link when the judging module judges that the safety of the backtracking link does not meet the preset standard, compares the obtained safety with the preset safety, adjusts the number of the nodes of each layer in the backtracking link according to the distance between the attacked nodes, balances the obtained number of the backtracking link with the preset safety standards, and balances the number of the backtracking module in the backtracking link to ensure that the number of the backtracking link is balanced when the number of the backtracking module is increased by a certain number of the backtracking links, and the number of the backtracking module is compared with the number of the nodes in the preset layer is balanced, and the number of the backtracking module is compared with the number of the nodes in the layer is balanced to the number of the layer is obtained in the layer, so that the backtracking effect when the open source data is acquired accords with a preset standard.
Fig. 2 is a schematic diagram of a backtracking network structure according to an embodiment of the present invention, which includes a user side, a backtracking link and a data side, wherein the backtracking link includes a plurality of levels, each level includes a plurality of nodes, and a user can self-establish the backtracking link to obtain open source data according to needs.
Referring to fig. 3, a flowchart of a method for preventing Web attack response based on a rule engine according to an embodiment of the present invention includes,
step S1, a backtracking link is established, and open source data is obtained;
step S2, when the backtracking link is attacked, a judging module acquires the number duty ratio of the attacked nodes, compares the acquired number duty ratio with a preset number duty ratio, and judges the safety of the backtracking link;
step S3, when the judging module judges that the security of the backtracking link meets the preset standard, the analyzing module acquires the attack intensity born by the backtracking link according to the number of the attacked nodes and the attack times in the preset time, compares the acquired attack intensity with the preset attack intensity, and adjusts the node connection position in the K layers before the attacked node;
step S4, when the judging module judges that the safety of the backtracking link does not meet the preset standard, the adjusting module judges that the number of nodes of each level in the backtracking link is increased, the safety degree is obtained through the distance between the attacked nodes, and the adjusting module compares the obtained safety degree with the preset safety degree to adjust the number of the nodes increased in each level;
and S5, when the regulating module judges that the number of the nodes of each level in the backtracking link is increased, the balancing module compares the obtained difference value of the number of the nodes of each level with the preset difference value of the number of the nodes of each level, judges the number of the levels in the backtracking link, and when the balancing module judges that the number of the levels in the backtracking link is increased, the balancing module compares the obtained difference value of the number of the nodes with a standard value of the difference value, and selects the number of the levels increased in the backtracking link so that the backtracking effect when the open source data is obtained accords with the preset standard.
Specifically, the judging module obtains the ratio D of the number of the attacked nodes in the backtracking link, and sets d=m/n, where m is the number of the attacked nodes, n is the number of the attacked nodes in the backtracking link, and compares the obtained ratio D with a preset ratio D to judge the security of the backtracking link,
when D is less than or equal to D, the judging module judges that the safety of the backtracking link accords with a preset standard, and the analyzing module acquires the attack strength born by the backtracking link;
when D is more than D, the judging module judges that the safety of the backtracking link does not accord with a preset standard, and the adjusting module obtains the safety of the backtracking link.
Specifically, a user may encounter an attack in the process of constructing a backtracking link and acquiring target open source data, if the number of attacked nodes is enough, the user may be traced, so that threat is generated to the network security of the user, the judging module acquires the number of attacked nodes in the backtracking link, compares the acquired number of the attacked nodes with a preset number of the attacked nodes, and judges the security of the backtracking link, wherein when the number of the attacked nodes acquired by the judging module is smaller than or equal to the preset number of the attacked nodes, the number of the attacked nodes is smaller, the security of the backtracking link is stronger at the moment, the possibility of being traced is smaller, and when the number of the attacked nodes acquired by the judging module is larger than the preset number of the attacked nodes, the possibility of being traced at the moment is larger, and the security of the backtracking link is poorer.
Specifically, the node refers to a node in a real backtracking link in the process of acquiring open source data.
Specifically, when the number ratio obtained by the judging module is smaller than or equal to the preset number ratio, and the judging module judges that the security of the backtracking link accords with the preset standard, the analyzing section module presets the attack strength F, the analyzing module compares the obtained attack strength F born by the backtracking link with the preset attack strength to adjust the node connection position in the K layers before the attacked node, wherein,
when F is less than or equal to F1, the analysis module judges the number of the levels of the nodes with reduced connection position change;
when F1 is less than F2, the analysis module does not change the number of nodes;
when F is more than or equal to F2, the analysis module judges the number of the levels of the nodes with increased connection position change;
the analysis module presets attack force F, and sets first preset attack force F1 and second attack force F2.
Specifically, the attack strength f born by the backtracking link is determined according to the number t of times of attack of the nodes of the backtracking link and the number m of the attacked nodes within a preset time, and is set
When the attack force acquired by the adjusting module is smaller than or equal to a first preset attack force, the adjusting module judges that the connection position is changedThe number K of the layers where the nodes are located is reduced to K1, and setting is carried outWhen the attack intensity acquired by the adjusting module is greater than or equal to a second preset attack intensity, the adjusting module judges that the number K of the levels where the nodes with changed connection positions are located is increased to K2, and ∈is set>
Specifically, when the node is attacked, the backtracking link can be automatically switched to other nodes at the same level, however, only the attacked node is changed, the security of the backtracking link is not enough to be guaranteed, for the security, the analysis module adjusts the node connection positions in a plurality of layers in front of the attacked node, the analysis module obtains attack strengths born by the backtracking link through the number of attacked nodes and attack times in preset time, and compares the obtained attack strengths with the preset attack strengths, the node connection positions in a plurality of layers in front of the attacked node are adjusted, when the attack strengths born by the backtracking link obtained by the analysis module are smaller than or equal to the first preset attack strengths, the number of the attacked node in the preset time is smaller, the attack times are also smaller, the threat faced by the backtracking link is lower, therefore, the analysis module judges the number of layers where the node connection positions are changed to be reduced, so that too many nodes are changed, when the attack strengths born by the backtracking link obtained by the analysis module are larger than or equal to the second preset attack strengths, the number of the backtracking link is larger in preset time, the number of the backtracking link is increased, and the security of the backtracking link is changed, and the security of the number of the node is greatly changed.
Specifically, when the number duty ratio obtained by the judging module is greater than or equal to the preset number duty ratio, the judging module judges that the security of the backtracking link does not meet the preset standard, the adjusting module judges that the number of nodes of each level in the backtracking link is increased, the adjusting module compares the obtained security E with the preset security E, adjusts the number of the nodes increased in each level, wherein,
when E is less than or equal to E1, the adjusting module judges that the number of the nodes N to N1 increased by each level is increased;
when E1 is less than E and less than E2, the adjusting module does not adjust the number of the nodes increased in each level;
when E is more than or equal to E2, the adjusting module judges that the number of nodes added by each level is reduced by N to N2;
the adjusting module presets the safety degree E, and sets a first preset safety degree E1 and a second preset safety degree E2.
And the security e is determined according to the node distance, and e=lmax×smin is set, wherein lmax is the maximum distance between the attacked nodes, and smin is the distance between the node closest to the user side in the attacked nodes and the user side.
Specifically, the calculation mode of the node distance is not specifically limited in the present invention, and an embodiment of the present invention provides a preferred embodiment, that is, the distance between adjacent nodes is denoted as 1.
Specifically, when the security degree acquired by the adjustment module is equal to or less than a first preset security degree, the adjustment module determines to increase the number N of nodes increased in each level to N1, sets n1=nx (1+|e1-e|/E1), and when the security degree acquired by the adjustment module is equal to or greater than a second preset security degree, the adjustment module determines to decrease the number N of nodes increased in each level to N2, sets n2=nx (1+|e2-e|/E2).
Specifically, when the number of the obtained number of the judging modules is equal to or greater than the preset number of the judging modules, the judging modules judge that the safety of the backtracking links does not meet the preset standard, the regulating modules need to regulate the constructed backtracking links, namely, increase the number of nodes of each level, the regulating modules obtain the safety degree through the distance between the attacked nodes, and compare the obtained safety degree with the preset safety degree to regulate the increased number of the nodes of each level, wherein when the safety degree obtained by the regulating modules is equal to or less than the first preset safety degree, the attacked nodes are concentrated and are very close to the client, so that more nodes are added at each level to increase the paths of the backtracking links, the changing mode is also increased accordingly, so that the safety of the backtracking links is ensured, and when the safety degree obtained by the regulating modules is greater than the second preset safety degree, the obtained safety degree is compared with the preset safety degree, the attacked nodes are more nodes, the obtained nodes are scattered, and the obtained information is very much, so that the relevant and the probability of finding the network address information is very close to the client is very low, and the network address of the user is not greatly increased at each level, and the network address of the regulating module is not greatly increased.
Specifically, when the adjustment module determines to increase the number of nodes of each level in the backtracking link, the balancing module obtains a difference Δr of the number of nodes of each level, and sets Δr=ni—n0, where N0 is a preset node number standard value of the balancing module, and the balancing module compares the obtained difference Δr of the number of nodes with the preset node number difference to determine the number of levels in the backtracking link, where,
when Deltar is less than or equal to DeltaR, the balancing module judges that the number of levels in the backtracking link is not regulated;
when Deltar > Deltar, the balancing module judges to increase the layer number in the backtracking link;
where i=1, 2.
Specifically, when the balancing module determines to increase the number of layers in the backtracking link, the balancing module compares the obtained node number difference Deltar with a preset difference standard value DeltaR 0, selects the number of layers increased in the backtracking link, wherein,
when Deltar is less than or equal to Deltar 01, the balancing module selects a first preset layer number H1 as an increased layer number in the backtracking link;
when DeltaR 01 < DeltaR < DeltaR02, the balancing module selects a second preset layer number H2 as an increased layer number in the backtracking link;
when Deltar is not less than Deltar 02, the balancing module selects a second preset layer number H2 as an increased layer number in the backtracking link;
the balance module presets a difference standard value DeltaR 0, a first preset difference expression value DeltaR 01, a second preset difference standard value DeltaR 02, a balance module presets a layer number H, a first preset layer number H1 and a second preset layer number H2.
Specifically, after the adjusting module increases the nodes in each level, the balancing module obtains the difference value between the number of nodes in each level and the standard value of the number of preset nodes, compares the obtained number difference value with the preset number difference value, judges the level of the backtracking link, when the number difference value of the nodes obtained by the balancing module is larger than the preset number difference value, the excessive number of the nodes in the level is indicated to easily cause the loss of the obtained data packet, and the safety of the backtracking link is indicated to be only increased at the moment, so that the balancing module judges that the level number of the backtracking link is increased, compares the obtained number difference value of the nodes with the preset number difference value of the nodes, and selects the increased level number to keep the level number in a certain range, thereby avoiding the influence of the excessive number of the levels on the data transmission speed.
Specifically, the number of preset layers is not specifically limited, and the embodiments of the present invention provide a preferred embodiment, where h1=1-2, h2=3-4, and h3=4-5.
Specifically, the embodiment of the invention provides a preferred implementation, a user end builds a backtracking link according to actual needs, an open source data packet is acquired by arriving at a data end, and the acquired data packet is transmitted back to the user end, in the transmission process, when the backtracking link is attacked, a judging module acquires the number of the attacked nodes in the number of the nodes of the backtracking link, the acquired number of the nodes is compared with a preset number of the nodes, the security of the backtracking link is judged, when the acquired number of the judging module is smaller than or equal to the preset number of the nodes, the security of the backtracking link is higher, the built backtracking link is not required to be changed, an analysis module adjusts the connecting positions of the nodes in the front K layers of the attacked nodes, changes the path of the backtracking link, adjusts the number of the nodes according to attack strength, when the acquired number of the judging module is larger than the preset number of the nodes, the acquired number of the nodes is lower than the preset number of the nodes, the safety of the backtracking link is illustrated, the safety of the backtracking link is acquired according to the node distance, the safety of the nodes is acquired by the judging module is compared with the preset number of the safety of the nodes, the safety of the nodes is compared with the preset number of the nodes, the safety of the nodes is not balanced, the difference value is increased, the difference value is larger than the threshold value is acquired by the balancing the number of the nodes is larger than the preset number of the nodes is illustrated, the safety difference value is larger than the threshold value is acquired, the number of the nodes are compared with the number of the nodes are larger than the nodes are compared with the number the threshold value, which are changed, the real-time and random adjustment of the backtracking link is carried out in the process of transmitting back the data packet, so that the user terminal is ensured not to be traced by external attack, and the information safety is ensured.
Thus far, the technical solution of the present invention has been described in connection with the preferred embodiments shown in the drawings, but it is easily understood by those skilled in the art that the scope of protection of the present invention is not limited to these specific embodiments. Equivalent modifications and substitutions for related technical features may be made by those skilled in the art without departing from the principles of the present invention, and such modifications and substitutions will be within the scope of the present invention.
Claims (10)
1. A rule engine-based Web attack prevention reaction system, comprising:
the construction module is used for constructing a backtracking link and acquiring open source data;
the judging module is used for acquiring the number duty ratio of the attacked nodes when the backtracking link is attacked, comparing the acquired number duty ratio with a preset number duty ratio, and judging the security of the backtracking link;
the analysis module is used for acquiring the attack strength born by the backtracking link according to the number of the attacked nodes and the attack times in the preset time when the judgment module judges that the safety of the backtracking link meets the preset standard, comparing the acquired attack strength with the preset attack strength, and adjusting the node connection position in the K layers before the attacked node;
the adjusting module is used for judging that the number of nodes of each level in the backtracking link is increased when the judging module judges that the safety of the backtracking link does not meet the preset standard, acquiring the safety degree through the distance between the attacked nodes, comparing the acquired safety degree with the preset safety degree, and adjusting the number of the nodes increased in each level;
and the balancing module is used for comparing the obtained node quantity difference value of each level with the preset node quantity difference value when the regulating module judges that the node quantity of each level in the backtracking link is increased, judging the level quantity in the backtracking link, and comparing the obtained node quantity difference value with a difference value standard value when the balancing module judges that the level quantity in the backtracking link is increased, and selecting the increased level quantity in the backtracking link so as to enable the backtracking effect when the open source data is obtained to meet the preset standard.
2. The Web attack prevention reaction system based on a rule engine according to claim 1, wherein the judging module obtains a ratio D of the number of attacked nodes in the backtracking link, and sets d=m/n, where m is the number of attacked nodes, n is the number of nodes in the backtracking link, compares the obtained ratio D with a preset ratio D, and judges the security of the backtracking link,
under a first comparison condition, the judging module judges that the security of the backtracking link accords with a preset standard, and the analyzing module acquires the attack strength born by the backtracking link;
under a second comparison condition, the judging module judges that the safety of the backtracking link does not accord with a preset standard, and the adjusting module acquires the safety of the backtracking link;
the first comparison condition is D less than or equal to D, and the second comparison condition is D > D.
3. The Web attack prevention reaction system based on a rule engine according to claim 2, wherein when the number ratio acquired by the judging module is smaller than or equal to a preset number ratio, the judging module judges that the security of the backtracking link meets a preset standard, the analyzing section module presets an attack force F, and the analyzing module compares the acquired attack force F born by the backtracking link with the preset attack force to adjust the node connection position in the K-layer before the attacked node, wherein,
under a first constraint condition, the analysis module judges the number of levels of nodes for reducing the change of the connection position;
under a second constraint condition, the analysis module does not change the number of nodes;
under a third constraint condition, the analysis module judges the number of levels of the node with the increased connection position change;
the analysis module presets attack force F, a first preset attack force F1 and a second attack force F2 are set, the first constraint condition is F less than or equal to F1, the second constraint condition is F1 less than F less than F2, and the third constraint condition is F more than or equal to F2.
4. The Web attack prevention reaction system based on a rule engine according to claim 3, wherein the attack strength f born by the backtracking link is determined according to the number t of times the node of the backtracking link is attacked and the number m of attacked nodes in a preset time, and is set
5. The rules engine-based Web attack prevention reaction system according to claim 3, wherein theWhen the attack intensity acquired by the adjusting module is smaller than or equal to a first preset attack intensity, the adjusting module judges that the number K of the levels where the nodes with changed connection positions are located is reduced to K1, and the setting is carried outWhen the attack intensity acquired by the adjusting module is greater than or equal to a second preset attack intensity, the adjusting module judges that the number K of the levels where the nodes with changed connection positions are located is increased to K2, and ∈is set>
6. The Web attack prevention reaction system based on a rule engine according to claim 5, wherein the number of the nodes in each level in the backtracking link is increased when the number of the nodes in each level is equal to or greater than a preset number of the nodes in each level, and the adjustment module compares the acquired security E with a preset security E to adjust the number of the nodes in each level, wherein when the judgment module judges that the security of the backtracking link does not meet the preset standard,
when E is less than or equal to E1, the adjusting module judges that the number of the nodes N to N1 increased by each level is increased;
when E1 is less than E and less than E2, the adjusting module does not adjust the number of the nodes increased in each level;
when E is more than or equal to E2, the adjusting module judges that the number of nodes added by each level is reduced by N to N2;
the adjusting module presets the safety degree E, and sets a first preset safety degree E1 and a second preset safety degree E2.
7. The rule engine-based Web attack prevention reaction system according to claim 6, wherein the security e is determined according to a node distance, and e = lmax x smin is set, wherein lmax is a maximum distance between attacked nodes, and smin is a distance between a node closest to a user side among attacked nodes and the user side.
8. The Web attack prevention reaction system based on a rule engine according to claim 7, wherein when the security degree acquired by the adjustment module is equal to or less than a first preset security degree, the adjustment module determines to increase the number of nodes N increased by each level to N1, sets n1=nx (1+|e1-e|/E1), and when the security degree acquired by the adjustment module is equal to or greater than a second preset security degree, the adjustment module determines to decrease the number of nodes N increased by each level to N2, sets n2=nx (1- |e2-e|/E2).
9. The Web attack prevention reaction system according to claim 8, wherein when the adjustment module determines to increase the number of nodes of each level in the backtracking link, the balancing module obtains a difference Δr of the number of nodes of each level, and sets Δr=ni-N0, where N0 is a preset number of nodes standard value of the balancing module, and the balancing module compares the obtained difference Δr of the number of nodes with the preset difference Δr of the number of nodes to determine the number of levels in the backtracking link,
when Deltar is less than or equal to DeltaR, the balancing module judges that the number of levels in the backtracking link is not regulated;
when Deltar > Deltar, the balancing module judges to increase the layer number in the backtracking link;
where i=1, 2.
10. The Web attack prevention reaction system according to claim 9, wherein when the balancing module determines to increase the number of layers in the backtracking link, the balancing module compares the obtained node number difference Δr with a preset difference standard value Δr0, and selects the number of layers increased in the backtracking link, wherein,
when Deltar is less than or equal to Deltar 01, the balancing module selects a first preset layer number H1 as an increased layer number in the backtracking link;
when DeltaR 01 < DeltaR < DeltaR02, the balancing module selects a second preset layer number H2 as an increased layer number in the backtracking link;
when Deltar is not less than Deltar 02, the balancing module selects a second preset layer number H2 as an increased layer number in the backtracking link;
wherein, the balance module presets a difference standard value DeltaR 0, sets a first preset difference expression value DeltaR 01,
a second preset difference standard value DeltaR 02, a balancing module preset layer number H, a first preset layer number H1,
a second preset number of layers H2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310558571.6A CN116545714B (en) | 2023-05-17 | 2023-05-17 | Web attack prevention reaction system based on rule engine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310558571.6A CN116545714B (en) | 2023-05-17 | 2023-05-17 | Web attack prevention reaction system based on rule engine |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116545714A true CN116545714A (en) | 2023-08-04 |
| CN116545714B CN116545714B (en) | 2024-02-20 |
Family
ID=87445055
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310558571.6A Active CN116545714B (en) | 2023-05-17 | 2023-05-17 | Web attack prevention reaction system based on rule engine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116545714B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112633314A (en) * | 2020-10-15 | 2021-04-09 | 浙江工业大学 | Active learning source tracing attack method based on multi-layer sampling |
| CN114205152A (en) * | 2021-12-12 | 2022-03-18 | 中国电子科技集团公司第十五研究所 | Method for deploying backtracking heterogeneous resources and planning optimal path |
| WO2022088405A1 (en) * | 2020-10-28 | 2022-05-05 | 杭州安恒信息技术股份有限公司 | Network security protection method, apparatus, and system |
| CN115277127A (en) * | 2022-07-12 | 2022-11-01 | 清华大学 | Attack detection method and device for searching matching attack mode based on system tracing graph |
| CN116405246A (en) * | 2023-02-24 | 2023-07-07 | 广州大学 | Vulnerability exploitation chain construction technology based on attack and defense combination |
-
2023
- 2023-05-17 CN CN202310558571.6A patent/CN116545714B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112633314A (en) * | 2020-10-15 | 2021-04-09 | 浙江工业大学 | Active learning source tracing attack method based on multi-layer sampling |
| WO2022088405A1 (en) * | 2020-10-28 | 2022-05-05 | 杭州安恒信息技术股份有限公司 | Network security protection method, apparatus, and system |
| CN114205152A (en) * | 2021-12-12 | 2022-03-18 | 中国电子科技集团公司第十五研究所 | Method for deploying backtracking heterogeneous resources and planning optimal path |
| CN115277127A (en) * | 2022-07-12 | 2022-11-01 | 清华大学 | Attack detection method and device for searching matching attack mode based on system tracing graph |
| CN116405246A (en) * | 2023-02-24 | 2023-07-07 | 广州大学 | Vulnerability exploitation chain construction technology based on attack and defense combination |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116545714B (en) | 2024-02-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10506527B2 (en) | Mechanism for enhancing power control in time division based communications | |
| CN108833279B (en) | Method for multi-constraint QoS routing based on service classification in software defined network | |
| CN104756543B (en) | Multiple channel wireless communication system, base station, channel usage method | |
| US20070038743A1 (en) | System and method for communication in a wireless mobile ad-hoc network | |
| JP2005539437A (en) | Radio resource control system | |
| CN107211481A (en) | Frame structure and data mapping for aiding in authorizing access | |
| CN109639588B (en) | Network congestion control routing method for aviation cluster | |
| US11729864B2 (en) | Enhanced downlink message delivery in wide area networks | |
| US20120063330A1 (en) | Wireless network path setting apparatus and method | |
| Parvin et al. | Towards trust establishment for spectrum selection in cognitive radio networks | |
| Ioannou et al. | A novel Distributed AI framework with ML for D2D communication in 5G/6G networks | |
| CN107124365A (en) | A kind of acquisition system of the routing policy based on machine learning | |
| CN108924825A (en) | A kind of high energy efficiency trust management and credible routing method towards SDWSNs | |
| Hong et al. | Exploring multiple radios and multiple channels in wireless mesh networks [accepted from open call] | |
| CN116545714B (en) | Web attack prevention reaction system based on rule engine | |
| CN108712334A (en) | A kind of routing self-organizing method and its system | |
| CN108282888A (en) | A kind of D2D resource allocation methods based on improvement fuzzy clustering | |
| Rustad et al. | New radio networks for tactical communication | |
| US9712423B1 (en) | Routing protocol for an interconnection network | |
| Sharma et al. | Qos-aware routing in wireless networks using aerial vehicles | |
| Hu et al. | SDN-based efficient bandwidth allocation for caching enabled cognitive radio networks | |
| Shuminoski et al. | Radio network aggregation for 5G mobile terminals in heterogeneous wireless networks | |
| CN104219679B (en) | A kind of improved method for channel allocation in cognitive radio networks | |
| JP2006332753A (en) | Mobile communication system, mobile station apparatus, and access control method | |
| US11277749B2 (en) | Communication device and communication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |