TW201502845A - Website antivirus information security system - Google Patents
Website antivirus information security system Download PDFInfo
- Publication number
- TW201502845A TW201502845A TW102125159A TW102125159A TW201502845A TW 201502845 A TW201502845 A TW 201502845A TW 102125159 A TW102125159 A TW 102125159A TW 102125159 A TW102125159 A TW 102125159A TW 201502845 A TW201502845 A TW 201502845A
- Authority
- TW
- Taiwan
- Prior art keywords
- attack
- website
- black
- information
- module
- Prior art date
Links
Abstract
Description
本發明係為一種防毒資訊安全系統,特別是針對網站的防毒、防駭,提供分析攻擊、記錄、阻擋、攔截、網址轉導、通知管理者等方式達到網站防毒資訊安全之效。 The invention relates to an anti-virus information security system, in particular to anti-virus and anti-mite of a website, and provides an analysis attack, recording, blocking, intercepting, website transposition, notification manager and the like to achieve the anti-virus information security effect of the website.
網站已成為企業品牌經營、商務獲利、媒體宣傳的重要管道,然而電腦病毒和攻擊也不再僅是針對您的個人電腦,而是開始將目標轉向您的網站。網站病毒植入(SQL Injection、XSS)和暴力流量攻擊(DDOS)的模式,是目前最常見且最具破壞性的攻擊手法,輕則造成您網站的資料被異動,重則造成您的網站會員個人資料外洩,更嚴重則導致整個網站癱瘓無法營運! Websites have become an important conduit for corporate branding, business profitability, and media campaigns. However, computer viruses and attacks are no longer just for your personal computer, but are turning to your website. Website virus injection (SQL Injection, XSS) and Violent Traffic Attack (DDOS) mode is the most common and most devastating attack method at present, which can cause the data of your website to be changed, and the personal information of your website members. The leakage of data, even more serious, will result in the entire website being inoperable!
駭客透過輸入介面,將惡意程式植入到您的網站內,即可藉此監聽及竊取您網站的敏感資料,甚至模擬管理者登入後台,使得購物詐騙事件層出不窮。駭客也會透過網軍力量,以機海戰術模擬正常的網頁瀏覽,塞爆網站的對外頻寬,導致網站癱瘓無法營運,再恐嚇威脅您支付一筆可觀的保護費! Through the input interface, hackers can insert malicious programs into your website to monitor and steal sensitive information on your website, and even simulate the administrator's login to the background, making shopping frauds endless. The hacker will also use the power of the network to simulate normal web browsing with the sea tactics, and the external bandwidth of the website will be smashed, resulting in the website being unable to operate, and threatening to threaten you to pay a considerable protection fee!
在目前市面上若要保護網站免受於病毒植入(SQL Injection、XSS)需在您的伺服器前,多加裝一台WAF(Web Application Firewall)網站應用程式防火牆設備,讓網站免受惡意病毒植入;要免受於 暴力流量攻擊(DDOS)威脅,則多加裝一台IPS(Intrusion Prevention System)入侵防禦系統設備,讓網站免受暴力流量攻擊。 In order to protect the website from virus injection (SQL Injection, XSS), you need to install a WAF (Web Application Firewall) website application firewall device in front of your server to protect the website from malicious. Virus implantation; to be protected from For violent traffic attack (DDOS) threats, an IPS (Intrusion Prevention System) intrusion prevention system device is added to protect websites from violent traffic attacks.
而現今並無一套,使用軟體的方式去解決網站毒害威脅! There is no set today, using software to solve the website poisoning threat!
因此,本發明之目的,即在提供一種用於網站,可偵測攻擊、辨識攻擊、攔截攻擊、阻擋攻擊、通知管理者的防毒軟體。 Therefore, the object of the present invention is to provide an anti-virus software for a website that can detect attacks, identify attacks, intercept attacks, block attacks, and notify administrators.
本發明之另一目的,是提供一種快速安裝建置網站防毒之方法,降低使用門檻。 Another object of the present invention is to provide a method for quickly installing and installing a website anti-virus, and reducing the threshold for use.
本發明之另一目的,提供一種可以封鎖、開放、自動更新網頁瀏覽者IP位置名單的系統方法。 Another object of the present invention is to provide a system method for blocking, opening, and automatically updating a list of web page viewer IP locations.
本發明之另一目的,提供一種將攻擊特徵分析與辨識,透過非原網站系統架構之硬體設備處理之系統方法。 Another object of the present invention is to provide a system method for analyzing and identifying attack characteristics through hardware devices of a non-original website system architecture.
於是,本發明具有掛載於任一網站的特性之防毒資安系統,適用於任一網站,該系統包含一偵測傳輸元件、一攔截阻擋元件、一黑白名單辨識模組、一黑白名單資料庫、一攻擊特徵辨識模組、一攻擊特徵資料庫、一記錄通知模組、一網頁傳輸紀錄資料庫、一暴力攻擊辨識模組。 Therefore, the present invention has an anti-virus security system mounted on any website, and is applicable to any website. The system includes a detection transmission component, an interception blocking component, a black and white list identification module, and a black and white list data. The library, an attack feature recognition module, an attack feature database, a record notification module, a webpage record record database, and a brute force attack recognition module.
偵測傳輸、攔截阻擋元件為系統的外部元件,用於嵌入在受保護網站內。分別具備偵測網頁傳輸資訊後,透過網際網路傳送至本發明之內部系統;攔截阻擋元件可透過網際網路接收系統回傳之受攻擊訊號,發動阻擋或是轉導攻擊者網頁。黑白名單資料庫中載有過去有攻擊記錄之來源IP之名單、管理者自行增加封鎖之來源IP之名單、管理者自行增加的排除攻擊辨識之白名單。攻擊特徵資料庫載有網站病毒植入(SQL Injection、 XSS、IDor)等攻擊特徵資訊。網頁傳輸記錄資料庫載有所有偵測傳輸元件回傳之資訊、攻擊特徵辨識模組辨識之資訊。 The detection transmission and interception blocking elements are external components of the system for embedding in a protected website. After detecting the information transmitted by the webpage, the information is transmitted to the internal system of the present invention through the Internet; the intercepting blocking component can transmit or block the attacker's webpage through the attack signal transmitted back by the Internet receiving system. The black and white list database contains a list of source IPs that have been attacked in the past, a list of source IPs that managers have added to blockades themselves, and a whitelist of exclusions identified by managers. The attack signature database contains website virus implants (SQL Injection, Attack feature information such as XSS, IDor). The webpage transmission record database contains information for detecting the backhaul of the transmission component and the identification of the attack signature module.
黑白名單辨識模組與偵測傳輸元件、攔截阻擋元件、黑白名單資料庫、攻擊特徵辨識模組、記錄通知模組等連結,黑白名單辨識模組將偵測傳輸元件回傳之網頁傳輸內容與黑白名單資料庫進行比對。符合黑白名單資料庫內容者傳送受攻擊訊號給攔截阻擋元件,並將辨識結果交由記錄通知模組處理;若不在黑白名單資料庫內容者,將傳輸資訊交由攻擊特徵辨識模組處裡。 The black and white list identification module is connected with the detection transmission component, the interception blocking component, the black and white list database, the attack feature recognition module, the record notification module, etc., and the black and white list recognition module detects the transmission content of the webpage transmitted back by the transmission component and The black and white list database is compared. The content of the black and white list database is transmitted to the interception blocking component, and the identification result is processed by the record notification module; if the content of the database is not in the black and white list, the transmission information is handed over to the attack feature recognition module.
攻擊特徵辨識模組與白名單辨識模組、黑白名單資料庫攻擊特徵資料庫、記錄通知模組相連。接收黑名單辨識模組傳送之資訊與攻擊特徵資料庫做比對,若為攻擊則傳送受攻擊之訊號給攔截阻擋元件,並將辨識結果交由記錄通知模組處理;若不在攻擊特徵資料庫內容者,將傳輸資訊交由記錄通知模組處理。 The attack feature identification module is connected to the whitelist identification module, the black and white list database attack feature database, and the record notification module. The information transmitted by the blacklist identification module is compared with the attack signature database. If the attack is sent, the attack signal is transmitted to the interception blocking component, and the identification result is processed by the record notification module; if not, the attack signature database is not included. The content person transfers the transmission information to the record notification module.
暴力攻擊辨識模組與網頁傳輸記錄資料庫、黑白名單資料庫紀錄通知模組相連,暴力攻擊辨識模組依據網頁傳輸記錄資料庫之載入內容,分析出暴力流量攻擊(DDOS)的網頁瀏覽者位置,將辨識結果交由記錄通知模組處理,並更新黑白名單資料庫內容。 The brute force attack identification module is connected to the webpage transmission record database and the black and white list database record notification module. The brute force attack identification module analyzes the content of the webpage transmission record database to analyze the web browser of the violent traffic attack (DDOS). The location, the identification result is processed by the record notification module, and the black and white list database content is updated.
記錄通知模組與黑白名單辨識模組、攻擊特徵辨識模組網頁傳輸紀錄資料庫相連,具備功能有將攻擊記錄並透過網路傳輸的方式通知手機應用程式、簡訊發送、電子郵件、網站顯示的方式告知網站管理者資安防毒資訊,將網路傳輸資訊更新到網頁傳輸紀錄資料庫內。 The record notification module is connected to the black and white list identification module and the attack feature recognition module webpage transmission record database, and has the function of notifying the mobile phone application, the short message sending, the email, the website display by means of the attack record and transmitting through the network. The method informs the website administrator of the security information and updates the network transmission information to the webpage transmission record database.
本發明網站防毒資安系統包含以下步驟可用圖2說明: The anti-virus security system of the website of the present invention comprises the following steps:
(B1)需具備一網站。 (B1) A website is required.
(B2)將該網站嵌入本發明之系統偵測傳輸、截阻擋嵌入元件,當網站有瀏覽者時,元件會將偵測到的網頁傳輸資訊傳送至本發明之系統。 (B2) Embedding the website into the system of the present invention for detecting transmission and intercepting the embedded component. When the website has a viewer, the component transmits the detected webpage transmission information to the system of the present invention.
(B3)系統進行傳輸資料的分析。 (B3) The system analyzes the transmitted data.
(B4)將傳輸資訊做攻擊特徵判斷。 (B4) The transmission information is judged as an attack feature.
(B5)若不具備攻擊特徵只做資料傳輸記錄。 (B5) If there is no attack feature, only the data transmission record is made.
(B6)若具備攻擊特徵會觸發攔截阻擋嵌入元件,進行阻擋、攔截、網頁轉導。 (B6) If there is an attack feature, it will trigger the interception blocking embedded component to block, intercept, and page transpose.
(B7)將攻擊資訊做記錄,並通報網站管理者。 (B7) Record the attack information and notify the website administrator.
(B8)防護成功。 (B8) Protection is successful.
A1‧‧‧網站 A1‧‧‧ website
A2‧‧‧偵測傳輸元件 A2‧‧‧Detection transmission component
A3‧‧‧攔截元件 A3‧‧‧ interception element
A4‧‧‧黑白明單辨識模組 A4‧‧‧Black and white list identification module
A5‧‧‧黑白名單資料庫 A5‧‧‧Black and White List Database
A6‧‧‧攻擊特徵辨識模組 A6‧‧‧ attack feature identification module
A7‧‧‧攻擊特徵資料庫 A7‧‧‧ Attack signature database
A8‧‧‧記錄通知模組 A8‧‧‧record notification module
A9‧‧‧網站防毒資安系統 A9‧‧‧ website anti-drug security system
A10‧‧‧網頁傳輸記錄資料庫 A10‧‧‧Web transmission record database
A11‧‧‧暴力攻擊辨識模組 A11‧‧‧Violence Attack Identification Module
B1~B8‧‧‧系統流程步驟 B1~B8‧‧‧ system process steps
圖1是一系統架構圖,說明本發明是具有網站防毒、管理、通知機制的系統;圖2是一說明本發明由偵測到防駭成功之系統流程步驟圖。 1 is a system architecture diagram illustrating the present invention as a system with website anti-virus, management, and notification mechanisms; and FIG. 2 is a flow chart showing the flow of the system for detecting the success of the invention.
有關本發明之前述及其他技術內容、特點與功效,配合參考圖1並加以詳細說明,將清楚呈現。 The foregoing and other technical contents, features and effects of the present invention will be apparent from the description with reference to FIG.
如圖一所示,本發明網站防毒資安系統A9的實施案例,可應用於購物網站、企業官方形象網站、政府、公務、學術、醫療等網站皆可嵌入本發明之偵測傳輸A2與攔截阻擋A3元件。 As shown in FIG. 1 , the implementation case of the website anti-virus security system A9 of the present invention can be applied to a shopping website, an official image website, a government, a public service, an academic, a medical website, etc., and can be embedded in the detection transmission A2 and interception of the present invention. Block A3 components.
當瀏覽者進入該網站時,偵測傳輸元件A2會將網頁的傳輸資訊送至黑白名單辨識模組A4由該模組依據黑白名單資料庫A5比對出拒絕往來之瀏覽者,將該瀏覽者透過攔截阻擋元件A3執行攔截操作、阻擋該瀏覽者的任何行為之動作,並將比對結果送至記錄通知模組A8。 When the viewer enters the website, the detecting transmission component A2 sends the transmission information of the webpage to the black and white list identification module A4, and the module compares the blacklisted database A5 to the viewer who refuses to and from the browser. The interception operation is performed by intercepting the blocking element A3, blocking any action of the viewer, and the comparison result is sent to the record notification module A8.
瀏覽者若皆不屬於據黑白名單資料庫A5內之資料,會再將偵測傳輸元件A2所擷取的網頁傳輸資訊送往攻擊特徵辨識模組A6,並依據攻擊特徵資料庫A7(SQL Injection、XSS、DDOS、IDOR等網路攻擊手法特徵)使用資料特徵做比對,再將比對結果送至記錄通知模組A8。 If the viewer does not belong to the data in the black and white list database A5, the webpage transmission information captured by the detection transmission component A2 is sent to the attack feature recognition module A6, and according to the attack feature database A7 (SQL Injection , XSS, DDOS, IDOR and other network attack techniques feature) use the data feature for comparison, and then send the comparison result to the record notification module A8.
暴力攻擊辨識模組A11對網頁傳輸記錄資料庫A10使用資料鑽探(data mining)的方式找出暴力攻擊的來源,將比對攻擊結果送至記錄通知模組A8,且更新黑白名單資料庫A4。 The brute force attack identification module A11 uses the data mining method to find the source of the brute force attack, and sends the comparison attack result to the record notification module A8, and updates the black and white list database A4.
記錄通知模組A8在處理辨識結果會分為攻擊行為與非攻擊 行為。攻擊行為:將網頁傳輸資訊記錄至網頁傳輸記錄資料庫A10,再透過網際網路傳出防毒資安訊息通知給網站管理者,其通知方式可使用手機應用程式接收、簡訊告知、e-mail告知或是由網頁顯示等方式通知。非攻擊行為:將網頁傳輸資訊記錄至網頁傳輸記錄資料庫A10。 Record notification module A8 is divided into attack behavior and non-attack when processing identification results. behavior. Attack behavior: Record the webpage transmission information to the webpage transmission record database A10, and then send the anti-virus security information to the website administrator through the Internet. The notification method can be received by the mobile application, the newsletter, and the e-mail. Or by web page display, etc. Non-aggressive behavior: Record the webpage transmission information to the webpage transmission record database A10.
歸納上述,本發明具有讓網站具備防毒偵測攻擊、辨識攻擊、攔截攻擊、阻擋攻擊、通知管理者的資訊安全機制。網站欲加入本發明所提供之保護,只需在網站中嵌入本發明所提供之偵測傳輸元件(A2)與攔截阻擋元件(A3),不需額外擴增硬體設備,降低網站防毒門檻;網站管理者可開放瀏覽者IP或是任意新增阻擋瀏覽者IP,提供自行控管網站瀏覽者的瀏覽權限;有別於電腦防毒軟體,本發明之辨識毒害由本系統處理,不會增加原網站之系統負擔。 In summary, the present invention has an information security mechanism that allows a website to have an anti-virus detection attack, identify an attack, intercept an attack, block an attack, and notify a manager. To add the protection provided by the present invention, the website only needs to embed the detection transmission component (A2) and the interception blocking component (A3) provided by the invention in the website, and does not need to additionally augment the hardware device, thereby reducing the anti-virus threshold of the website; The website administrator can open the browser IP or any new blocked browser IP, and provide the user's own browsing rights for the website viewer. Different from the computer anti-virus software, the identification of the invention is handled by the system, and the original website will not be added. The system burden.
惟以上所述之網站類型,為本發明之論述舉例而已,當不能以此限定本發明實施之範圍,即大凡依本發明申請專利範圍及發明說明內容所作之簡單的等效變化與修飾,皆仍屬本發明專利涵蓋之範圍內。 However, the above-mentioned types of websites are exemplified by the discussion of the present invention, and the scope of the invention is not limited thereto, that is, the simple equivalent changes and modifications made by the scope of the invention and the description of the invention are all It is still within the scope of the invention patent.
A1‧‧‧網站 A1‧‧‧ website
A2‧‧‧偵測傳輸元件 A2‧‧‧Detection transmission component
A3‧‧‧攔截元件 A3‧‧‧ interception element
A4‧‧‧黑白名單資料庫 A4‧‧‧Black and White List Database
A5‧‧‧黑白明單辨識模組 A5‧‧‧Black and white list identification module
A6‧‧‧攻擊特徵資料庫 A6‧‧‧ Attack signature database
A7‧‧‧攻擊特徵辨識模組 A7‧‧‧ attack feature identification module
A8‧‧‧記錄通知模組 A8‧‧‧record notification module
A9‧‧‧網站防毒資安系統 A9‧‧‧ website anti-drug security system
A10‧‧‧網頁傳輸紀錄資料庫 A10‧‧‧Web transmission record database
A11‧‧‧暴力攻擊辨識模組 A11‧‧‧Violence Attack Identification Module
Claims (7)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW102125159A TW201502845A (en) | 2013-07-15 | 2013-07-15 | Website antivirus information security system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW102125159A TW201502845A (en) | 2013-07-15 | 2013-07-15 | Website antivirus information security system |
Publications (1)
Publication Number | Publication Date |
---|---|
TW201502845A true TW201502845A (en) | 2015-01-16 |
Family
ID=52718410
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW102125159A TW201502845A (en) | 2013-07-15 | 2013-07-15 | Website antivirus information security system |
Country Status (1)
Country | Link |
---|---|
TW (1) | TW201502845A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI553502B (en) * | 2015-03-05 | 2016-10-11 | 緯創資通股份有限公司 | Protection method and computer system thereof for firewall apparatus disposed to application layer |
TWI659328B (en) * | 2017-02-03 | 2019-05-11 | 日商日立解決方案股份有限公司 | Computer system and file access control method |
TWI665578B (en) * | 2018-11-27 | 2019-07-11 | 廣達電腦股份有限公司 | Systems and methods for management of software connections |
TWI667587B (en) * | 2018-05-15 | 2019-08-01 | 玉山商業銀行股份有限公司 | Information security protection method |
TWI672609B (en) * | 2017-12-27 | 2019-09-21 | 中華電信股份有限公司 | Computer system and ransomware detection method thereof |
-
2013
- 2013-07-15 TW TW102125159A patent/TW201502845A/en unknown
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI553502B (en) * | 2015-03-05 | 2016-10-11 | 緯創資通股份有限公司 | Protection method and computer system thereof for firewall apparatus disposed to application layer |
TWI659328B (en) * | 2017-02-03 | 2019-05-11 | 日商日立解決方案股份有限公司 | Computer system and file access control method |
TWI672609B (en) * | 2017-12-27 | 2019-09-21 | 中華電信股份有限公司 | Computer system and ransomware detection method thereof |
TWI667587B (en) * | 2018-05-15 | 2019-08-01 | 玉山商業銀行股份有限公司 | Information security protection method |
TWI665578B (en) * | 2018-11-27 | 2019-07-11 | 廣達電腦股份有限公司 | Systems and methods for management of software connections |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11706250B2 (en) | Secure notification on networked devices | |
Souppaya et al. | Guide to malware incident prevention and handling for desktops and laptops | |
Mell et al. | Guide to malware incident prevention and handling | |
Kuraku et al. | Emotet malware—a banking credentials stealer | |
US20210194915A1 (en) | Identification of potential network vulnerability and security responses in light of real-time network risk assessment | |
Alharbi | Dealing with Data Breaches Amidst Changes In Technology. | |
TW201502845A (en) | Website antivirus information security system | |
US20240045954A1 (en) | Analysis of historical network traffic to identify network vulnerabilities | |
Ahmed et al. | Survey of Keylogger technologies | |
Newman | Cybercrime, identity theft, and fraud: practicing safe internet-network security threats and vulnerabilities | |
Ahmad et al. | Security challenges from abuse of cloud service threat | |
Ruhani et al. | Keylogger: The Unsung Hacking Weapon | |
Hussain et al. | A survey on cyber security threats and their solutions | |
Victoire et al. | A Survey on Cyber Security Threats and its Impact on Society | |
Yost et al. | MalFire: Malware firewall for malicious content detection and protection | |
Kumar et al. | A review on 0-day vulnerability testing in web application | |
Robles et al. | Survey of non-malicious user actions that introduce network and system vulnerabilities and exploits | |
Gomathi et al. | Detecting malware attack on cloud using deep learning vector quantization | |
Hassan et al. | Enterprise Defense Strategies Against Ransomware Attacks: Protection Against Ransomware Attacks on Corporate Environment | |
Watters | Time to Compromise: How Cyber Criminals use Ads to Compromise Devices through Piracy Websites and Apps | |
Alsmadi et al. | Information systems security management | |
Singh et al. | Managing Cyber Security | |
Dimick | How to prevent healthcare cyber extortion | |
Dias et al. | Guidelines and impact of Covid-19 on cybersecurity: a model for protecting businesses in the digital universe | |
Singh et al. | Cybercrime-As-A-Service (Malware) |