KR102242219B1 - 서버가 공격받는 것을 막기 위한 방법 및 디바이스 - Google Patents

서버가 공격받는 것을 막기 위한 방법 및 디바이스 Download PDF

Info

Publication number
KR102242219B1
KR102242219B1 KR1020187036802A KR20187036802A KR102242219B1 KR 102242219 B1 KR102242219 B1 KR 102242219B1 KR 1020187036802 A KR1020187036802 A KR 1020187036802A KR 20187036802 A KR20187036802 A KR 20187036802A KR 102242219 B1 KR102242219 B1 KR 102242219B1
Authority
KR
South Korea
Prior art keywords
page
script
request
server
verification request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
KR1020187036802A
Other languages
English (en)
Korean (ko)
Other versions
KR20190015327A (ko
Inventor
야란 루
Original Assignee
어드밴스드 뉴 테크놀로지스 씨오., 엘티디.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 어드밴스드 뉴 테크놀로지스 씨오., 엘티디. filed Critical 어드밴스드 뉴 테크놀로지스 씨오., 엘티디.
Publication of KR20190015327A publication Critical patent/KR20190015327A/ko
Application granted granted Critical
Publication of KR102242219B1 publication Critical patent/KR102242219B1/ko
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/80Information retrieval; Database structures therefor; File system structures therefor of semi-structured data, e.g. markup language structured data such as SGML, XML or HTML
    • G06F16/83Querying
    • G06F16/835Query processing
    • G06F16/8373Query execution
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/80Information retrieval; Database structures therefor; File system structures therefor of semi-structured data, e.g. markup language structured data such as SGML, XML or HTML
    • G06F16/83Querying
    • G06F16/838Presentation of query results
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/955Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/958Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Databases & Information Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Power Engineering (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)
KR1020187036802A 2016-05-31 2017-04-18 서버가 공격받는 것을 막기 위한 방법 및 디바이스 Active KR102242219B1 (ko)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN201610377847.0 2016-05-31
CN201610377847.0A CN107454041B (zh) 2016-05-31 2016-05-31 防止服务器被攻击的方法及装置
PCT/CN2017/080862 WO2017206605A1 (zh) 2016-05-31 2017-04-18 防止服务器被攻击的方法及装置

Publications (2)

Publication Number Publication Date
KR20190015327A KR20190015327A (ko) 2019-02-13
KR102242219B1 true KR102242219B1 (ko) 2021-04-21

Family

ID=60479720

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020187036802A Active KR102242219B1 (ko) 2016-05-31 2017-04-18 서버가 공격받는 것을 막기 위한 방법 및 디바이스

Country Status (17)

Country Link
US (2) US10965689B2 (https=)
EP (1) EP3468128B1 (https=)
JP (1) JP6859518B2 (https=)
KR (1) KR102242219B1 (https=)
CN (1) CN107454041B (https=)
AU (1) AU2017273371B2 (https=)
BR (1) BR112018074497B1 (https=)
CA (1) CA3024889C (https=)
ES (1) ES2818588T3 (https=)
MX (1) MX377724B (https=)
MY (1) MY200541A (https=)
PH (1) PH12018502495B1 (https=)
PL (1) PL3468128T3 (https=)
RU (1) RU2734027C2 (https=)
SG (1) SG11201810205XA (https=)
TW (1) TW201743237A (https=)
WO (1) WO2017206605A1 (https=)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107454041B (zh) 2016-05-31 2020-06-02 阿里巴巴集团控股有限公司 防止服务器被攻击的方法及装置
CN109936575B (zh) * 2019-03-07 2021-11-12 北京融链科技有限公司 页面访问方法、装置、存储介质及处理器
CN113761489B (zh) * 2020-06-02 2024-01-26 共道网络科技有限公司 验证方法、装置及设备、存储介质
CN112600863A (zh) * 2021-03-04 2021-04-02 南京敏宇数行信息技术有限公司 一种安全远程访问系统及方法
US12130710B2 (en) * 2022-07-27 2024-10-29 Dell Products L.P. Self-healing data protection system matching system attributes to relevant scripts using weighted attributes

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160119304A1 (en) 2014-10-22 2016-04-28 Radware, Ltd. Techniques for optimizing authentication challenges for detection of malicious attacks

Family Cites Families (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5541996A (en) 1994-12-12 1996-07-30 Itt Corporation Apparatus and method for a pseudo-random number generator for high precision numbers
US7555529B2 (en) * 1995-11-13 2009-06-30 Citrix Systems, Inc. Interacting with software applications displayed in a web page
US7373510B2 (en) * 2000-09-12 2008-05-13 International Business Machines Corporation System and method for implementing a robot proof Web site
US7127608B2 (en) * 2001-01-12 2006-10-24 Siemens Medical Solutions Health Services Corporation System and user interface supporting URL processing and concurrent application operation
US7949729B2 (en) 2001-05-31 2011-05-24 Oracle International Corp. System and method for displaying dynamic page content in a page-caching browser
US20020184507A1 (en) * 2001-05-31 2002-12-05 Proact Technologies Corp. Centralized single sign-on method and system for a client-server environment
US6941512B2 (en) * 2001-09-10 2005-09-06 Hewlett-Packard Development Company, L.P. Dynamic web content unfolding in wireless information gateways
US20040039994A1 (en) * 2002-08-22 2004-02-26 Duffy Colm Donal System and process for communication between Java server pages and servlets
US7376732B2 (en) * 2002-11-08 2008-05-20 Federal Network Systems, Llc Systems and methods for preventing intrusion at a web host
US20070282874A1 (en) 2003-08-19 2007-12-06 Rapid Intelligence Pty Ltd. Content System
US7516153B2 (en) 2005-11-29 2009-04-07 Att Intellectual Property I, L.P. Rendering dynamic data in a web browser
WO2007065019A2 (en) 2005-12-02 2007-06-07 Hillcrest Laboratories, Inc. Scene transitions in a zoomable user interface using zoomable markup language
CN101030860A (zh) * 2007-02-15 2007-09-05 华为技术有限公司 一种防御通过自动软件对服务器进行攻击的方法和设备
CN101594343B (zh) * 2008-05-29 2013-01-23 国际商业机器公司 安全提交请求的装置和方法、安全处理请求的装置和方法
CN101437030B (zh) * 2008-11-29 2012-02-22 成都市华为赛门铁克科技有限公司 一种防止服务器被攻击的方法、检测装置及监控设备
US20100180082A1 (en) 2009-01-12 2010-07-15 Viasat, Inc. Methods and systems for implementing url masking
KR101061255B1 (ko) * 2009-04-17 2011-09-01 주식회사 파이오링크 웹 서버와 클라이언트 간의 통신을 감시하는 웹 보안 관리 장치 및 방법
CN101834866B (zh) * 2010-05-05 2013-06-26 北京来安科技有限公司 一种cc攻击防护方法及其系统
US9912718B1 (en) 2011-04-11 2018-03-06 Viasat, Inc. Progressive prefetching
RU2477929C2 (ru) * 2011-04-19 2013-03-20 Закрытое акционерное общество "Лаборатория Касперского" Система и способ предотвращения инцидентов безопасности на основании рейтингов опасности пользователей
CN102981812A (zh) * 2011-09-07 2013-03-20 深圳市金蝶中间件有限公司 网页脚本语言的执行方法及装置
CN103139138B (zh) * 2011-11-22 2016-02-03 飞塔公司 一种基于客户端检测的应用层拒绝服务防护方法及系统
JP2013125497A (ja) * 2011-12-16 2013-06-24 Sony Corp 情報処理装置、情報処理方法およびプログラム
TWI506471B (zh) 2011-12-27 2015-11-01 Univ Nat Taiwan Science Tech 跨網站攻擊防範系統及方法
CN103209158A (zh) * 2012-01-12 2013-07-17 深圳市宇初网络技术有限公司 一种第三方验证方法以及系统
US20130318056A1 (en) * 2012-05-23 2013-11-28 Sap Ag Lightweight Integrity Protection for Web Storage-Driven Content Caching
US20140053056A1 (en) * 2012-08-16 2014-02-20 Qualcomm Incorporated Pre-processing of scripts in web browsers
US20140259145A1 (en) * 2013-03-08 2014-09-11 Barracuda Networks, Inc. Light Weight Profiling Apparatus Distinguishes Layer 7 (HTTP) Distributed Denial of Service Attackers From Genuine Clients
CN104636664B (zh) * 2013-11-08 2018-04-27 腾讯科技(深圳)有限公司 基于文档对象模型的跨站脚本攻击漏洞检测方法及装置
CN103795786A (zh) * 2014-01-20 2014-05-14 杭州百富电子技术有限公司 具有web服务功能的嵌入式集中器系统
TW201547247A (zh) * 2014-06-13 2015-12-16 Vivotek Inc 網頁認證方法與系統
CN107454041B (zh) 2016-05-31 2020-06-02 阿里巴巴集团控股有限公司 防止服务器被攻击的方法及装置

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160119304A1 (en) 2014-10-22 2016-04-28 Radware, Ltd. Techniques for optimizing authentication challenges for detection of malicious attacks

Also Published As

Publication number Publication date
ES2818588T3 (es) 2021-04-13
EP3468128A1 (en) 2019-04-10
BR112018074497B1 (pt) 2021-11-30
EP3468128A4 (en) 2019-04-24
CA3024889C (en) 2021-06-22
PH12018502495B1 (en) 2022-09-30
PL3468128T3 (pl) 2020-11-16
MY200541A (en) 2024-01-02
RU2018146848A3 (https=) 2020-07-09
CA3024889A1 (en) 2017-12-07
RU2734027C2 (ru) 2020-10-12
US20190109861A1 (en) 2019-04-11
EP3468128B1 (en) 2020-08-19
CN107454041A (zh) 2017-12-08
AU2017273371B2 (en) 2020-12-24
JP6859518B2 (ja) 2021-04-14
TW201743237A (zh) 2017-12-16
PH12018502495A1 (en) 2019-04-08
MX377724B (es) 2025-03-11
MX2018014378A (es) 2019-08-12
BR112018074497A2 (pt) 2019-05-28
SG11201810205XA (en) 2018-12-28
RU2018146848A (ru) 2020-07-09
WO2017206605A1 (zh) 2017-12-07
AU2017273371A1 (en) 2018-12-06
KR20190015327A (ko) 2019-02-13
US10965689B2 (en) 2021-03-30
CN107454041B (zh) 2020-06-02
US10986101B2 (en) 2021-04-20
JP2019519849A (ja) 2019-07-11
US20200137075A1 (en) 2020-04-30

Similar Documents

Publication Publication Date Title
JP7018920B2 (ja) 機密情報処理方法、装置、及び、サーバ、ならびに、セキュリティ決定システム
CN109743315B (zh) 针对网站的行为识别方法、装置、设备及可读存储介质
CN107395659B (zh) 一种业务受理及共识的方法及装置
KR102242219B1 (ko) 서버가 공격받는 것을 막기 위한 방법 및 디바이스
JP6570663B2 (ja) フィッシングおよびブランド保護のためのシステムおよび方法
US11405363B2 (en) File upload control for client-side applications in proxy solutions
CN108989355B (zh) 一种漏洞检测方法和装置
CN111191243B (zh) 一种漏洞检测方法、装置和存储介质
CN113536183A (zh) 一种页面访问方法、装置、存储介质及电子设备
CN114157568B (zh) 一种浏览器安全访问方法、装置、设备及存储介质
CN107103243B (zh) 漏洞的检测方法及装置
CN109981533B (zh) 一种DDoS攻击检测方法、装置、电子设备及存储介质
CN107391980B (zh) 一种基于设备数据的登录验证方法、装置、设备及存储介质
CN112019544A (zh) 网络接口的安全扫描方法、装置及系统
CN116975839A (zh) 基于struts2组件的资源共享方法、设备及介质
CN116361793A (zh) 代码检测方法、装置、电子设备及存储介质
US20160239364A1 (en) Method of verifying integrity of program using hash
CN109740386B (zh) 一种静态资源文件的检测方法及装置
US9600508B1 (en) Data layer service availability
CN119995905B (zh) 数据处理方法、装置、电子设备及存储介质
HK40092677A (zh) 页面截图的校验方法和装置、存储介质及电子设备
CN107103242A (zh) 数据的获取方法及装置
CN116915445A (zh) 基于mvc组件的资源共享方法、计算机设备及存储介质
Nilsson Security in Behaviour Driven Authentication for Web Applications
CN118590305A (zh) 越权检测方法、装置、电子设备及存储介质

Legal Events

Date Code Title Description
PA0105 International application

St.27 status event code: A-0-1-A10-A15-nap-PA0105

PG1501 Laying open of application

St.27 status event code: A-1-1-Q10-Q12-nap-PG1501

A201 Request for examination
E13-X000 Pre-grant limitation requested

St.27 status event code: A-2-3-E10-E13-lim-X000

P11-X000 Amendment of application requested

St.27 status event code: A-2-2-P10-P11-nap-X000

P13-X000 Application amended

St.27 status event code: A-2-2-P10-P13-nap-X000

PA0201 Request for examination

St.27 status event code: A-1-2-D10-D11-exm-PA0201

D13-X000 Search requested

St.27 status event code: A-1-2-D10-D13-srh-X000

D14-X000 Search report completed

St.27 status event code: A-1-2-D10-D14-srh-X000

A302 Request for accelerated examination
E13-X000 Pre-grant limitation requested

St.27 status event code: A-2-3-E10-E13-lim-X000

P11-X000 Amendment of application requested

St.27 status event code: A-2-2-P10-P11-nap-X000

P13-X000 Application amended

St.27 status event code: A-2-2-P10-P13-nap-X000

PA0302 Request for accelerated examination

St.27 status event code: A-1-2-D10-D17-exm-PA0302

St.27 status event code: A-1-2-D10-D16-exm-PA0302

E902 Notification of reason for refusal
N231 Notification of change of applicant
PE0902 Notice of grounds for rejection

St.27 status event code: A-1-2-D10-D21-exm-PE0902

PN2301 Change of applicant

St.27 status event code: A-3-3-R10-R13-asn-PN2301

St.27 status event code: A-3-3-R10-R11-asn-PN2301

P11-X000 Amendment of application requested

St.27 status event code: A-2-2-P10-P11-nap-X000

P13-X000 Application amended

St.27 status event code: A-2-2-P10-P13-nap-X000

E701 Decision to grant or registration of patent right
PE0701 Decision of registration

St.27 status event code: A-1-2-D10-D22-exm-PE0701

GRNT Written decision to grant
PR0701 Registration of establishment

St.27 status event code: A-2-4-F10-F11-exm-PR0701

PR1002 Payment of registration fee

St.27 status event code: A-2-2-U10-U12-oth-PR1002

Fee payment year number: 1

PG1601 Publication of registration

St.27 status event code: A-4-4-Q10-Q13-nap-PG1601

P22-X000 Classification modified

St.27 status event code: A-4-4-P10-P22-nap-X000

R18-X000 Changes to party contact information recorded

St.27 status event code: A-5-5-R10-R18-oth-X000

PR1001 Payment of annual fee

St.27 status event code: A-4-4-U10-U11-oth-PR1001

Fee payment year number: 4

PR1001 Payment of annual fee

St.27 status event code: A-4-4-U10-U11-oth-PR1001

Fee payment year number: 5

PR1001 Payment of annual fee

St.27 status event code: A-4-4-U10-U11-oth-PR1001

Fee payment year number: 6

U11 Full renewal or maintenance fee paid

Free format text: ST27 STATUS EVENT CODE: A-4-4-U10-U11-OTH-PR1001 (AS PROVIDED BY THE NATIONAL OFFICE)

Year of fee payment: 6