WO2014032600A1 - 一种判定自动扫描行为的方法及装置 - Google Patents
一种判定自动扫描行为的方法及装置 Download PDFInfo
- Publication number
- WO2014032600A1 WO2014032600A1 PCT/CN2013/082556 CN2013082556W WO2014032600A1 WO 2014032600 A1 WO2014032600 A1 WO 2014032600A1 CN 2013082556 W CN2013082556 W CN 2013082556W WO 2014032600 A1 WO2014032600 A1 WO 2014032600A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- value
- data sequence
- statistical data
- trusted
- response
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/16—Threshold monitoring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/951—Indexing; Web crawling techniques
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/28—Timers or timing mechanisms used in protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/40—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass for recovering from a failure of a protocol instance or entity, e.g. service redundancy protocols, protocol state redundancy or protocol service redirection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
Definitions
- the present invention relates to the field of network security technologies, and more particularly to a method and apparatus for determining automatic scanning behavior. Background technique
- the existing methods for determining the automatic scanning behavior mainly include the following two types: The first one is to establish a feature information database for determining the automatic scanning behavior according to the feature information of the tool that generates the automatic scanning behavior, and after receiving the access request, the access request is obtained.
- the feature information in the feature information is matched with the feature information in the feature information database to determine whether there is an automatic scanning behavior.
- This method has poor applicability, and can only determine the automatic scanning behavior of the tool with known feature information, and the unknown feature information.
- the second is based on the alarm frequency of the network security device. When it is higher than a certain alarm frequency, it is determined to be an automatic scanning behavior. This determination method is too simple and the accuracy is poor.
- Embodiments of the present invention provide a method and apparatus for determining an automatic scanning behavior, which are used to solve the existing The method of determining the automatic scanning behavior, the applicability and the accuracy of the problem.
- a method of determining automatic scanning behavior including:
- the number of successful response messages and the number of failure response messages in the access response message of the statistics set are determined, and the trusted value of the response of the selected sender is determined according to the number of statistical success response messages and the number of failure response messages. ;
- the integrated evaluation value is compared with a first set threshold to determine whether an automatic scanning behavior has occurred at the selected transmitting end.
- a device for determining an automatic scanning behavior comprising:
- a message collection unit configured to: in the set period, collect an access request message sent by the selected sending end to the selected website server and an access response message returned by the selected website server to the selected sending end;
- a trusted value determining unit configured to divide the set period into at least two setting sub-cycles, and sequentially count the number of access request messages in each set sub-period, according to each set sub-period of statistics The number of internal access request messages, determining the trusted value of the request of the selected sender; and counting the number of successful response messages and the number of failure response messages in the access response message of the statistics set, according to the statistical success response message The number of the number and the number of failure response messages, determining the trusted value of the response of the selected sender;
- An evaluation value determining unit configured to acquire a first weight corresponding to the trusted value of the request and a second weight corresponding to the trusted value of the response, according to the determined trusted value of the request, the trusted value of the response, and the first weight And a second weight, calculating a comprehensive evaluation value of the selected transmitting end in the set period; and a determining unit, configured to compare the comprehensive evaluation value with the first set threshold value, and determine the selected Whether the automatic scanning behavior has occurred on the sender.
- the method and apparatus for determining an automatic scanning behavior provided by an embodiment of the present invention, by selecting an access request message sent by a selected sending end to a selected website server and the selected website server to select the set time period An access response message returned by the sending end; dividing the set period into at least two setting sub-cycles, and sequentially counting the number of access request messages in each set sub-period, according to each set sub-period of the statistics The number of internal access request messages, determining the trusted value of the request of the selected sender; and counting the number of successful response messages and the number of failure response messages in the access response message of the statistics set, according to the statistical success response message And determining, by the number of the number of failure response messages, the trusted value of the response of the selected sender; obtaining a first weight corresponding to the trusted value of the request and a second weight corresponding to the trusted value of the response, according to Determining a trusted value of the request, a trusted value of the response, a first weight, and a second weight, and calculating a
- the solution relies on the access request message sent by the selected sender of the collection and the access response message returned by the website server to determine the comprehensive evaluation value of the selected sender step by step, and then according to the comprehensive evaluation value and the first set threshold Comparing the results to determine whether the automatic scanning behavior occurs at the selected transmitting end, the scheme may determine the access request message and the access response message for each selected transmitting end, which is dependent on the prior art and known.
- the result of matching the database information is determined, and the adaptability is higher; the solution needs to determine the trusted value of the request of the selected sender according to the access request message of the set, and determine the trusted value of the response of the selected sender according to the response message of the set, Then, based on the trusted value of the request and the trusted value of the response, the comprehensive evaluation value of the selected sender is determined. Since the trusted value of the request and the trusted value of the response are comprehensively considered, the network security device is only dependent on the prior art. The alarm frequency is determined to be more accurate.
- FIG. 1 is a flowchart of a method for determining an automatic scanning behavior in an embodiment of the present invention
- FIG. 2 is a flowchart of a method for determining a trusted value of a selected transmitting end according to an embodiment of the present invention
- FIG. 3 is a schematic structural diagram of an apparatus for determining an automatic scanning behavior according to an embodiment of the present invention. detailed description
- S10 During the set period, the set selects an access request message sent by the sending end to the selected website server and an access response message returned by the selected website server to the selected sending end.
- the access request message sent to the selected website server and the access response message returned by the selected website may be collected, that is, the carrying selection received by the selected server is collected.
- IP Internet Protocol
- S11 dividing the set period into at least two setting sub-cycles, and sequentially counting the number of access request messages in each set sub-period, according to the number of access request messages in each set sub-period of the statistics, Determine the trusted value of the request from the selected sender.
- S12 Counting the number of successful response messages and the number of failure response messages in the access response message of the statistics set, and determining the trusted value of the response of the selected sending end according to the number of successful success response messages and the number of failure response messages .
- the access response message of the selected website server for the selected request message of the sender can be divided into two categories, one is a success response message, and the other is a failure response message, which can be based on the number of successful response messages and the failure response message.
- the number of responses determines the trusted value of the response at the selected sender.
- S11 can be executed first and then S12 can be executed.
- S12 can be executed first and S11 can be executed first.
- S11 and S12 can also be executed at the same time.
- S13 Obtain a first weight corresponding to the trusted value of the request and a second weight corresponding to the trusted value of the response, and calculate the setting according to the determined trusted value, the trusted value, the first weight, and the second weight.
- the comprehensive evaluation value of the sender is selected during the period.
- the first weight and the second weight can be set according to actual needs.
- S14 Compare the comprehensive evaluation value with the first set threshold value to determine whether the automatic scanning behavior has occurred at the selected transmitting end.
- the solution relies on the access request message sent by the selected sender of the collection and the access response message returned by the website server to determine the comprehensive evaluation value of the selected sender step by step, and then according to the comprehensive evaluation value and the first set threshold Comparing the results to determine whether the automatic scanning behavior occurs at the selected transmitting end, the scheme may determine the access request message and the access response message for each selected transmitting end, which is dependent on the prior art and known.
- the result of matching the database information is determined, and the adaptability is higher; the solution needs to determine the trusted value of the request of the selected sender according to the access request message of the set, and determine the trusted value of the response of the selected sender according to the response message of the set, Then, based on the trusted value of the request and the trusted value of the response, the comprehensive evaluation value of the selected sender is determined. Since the trusted value of the request and the trusted value of the response are comprehensively considered, the network security device is only dependent on the prior art. The alarm frequency is determined to be more accurate.
- each of the access request messages in each setting sub-period according to the statistics is used.
- the number determines the trusted value of the request of the selected sender, as shown in Figure 2, specifically:
- S111 Record the number of access request messages in each set sub-cycle of the statistics, and obtain a statistical data sequence.
- S112 Obtain a maximum value in the statistical data sequence, determine whether the obtained maximum value is not less than the second set threshold, and if yes, execute S113; otherwise, execute S114.
- S113 The ratio of the obtained maximum value to the second set threshold is used as the requested trusted value.
- the dish is the medium maximum, and if Ymax is greater than Ymax, the ratio of Ymax to Y max is taken as the requested trusted value Q.
- the error ratio K is smaller than the third set threshold, then the error ratio K is the requested trusted value Q .
- S116 respectively calculating a first slope of the first first set number element and a second slope of the second second set number element in the statistical data sequence; averaging the absolute value of the first slope and the absolute value of the second slope The value is used as the trusted value of the request.
- the first set number element is selected in the statistical data sequence.
- the first slope and the second slope of the second set number element assuming that the first 5 elements and the last 5 elements in the statistical sequence Yi can be selected, the slopes of the first 5 elements can be calculated.
- the error ratio of the calculated statistical data sequence in the above S114 specifically includes: calculating a standard deviation and an average value of the statistical data sequence; and using a ratio of the standard deviation of the statistical data sequence to the average value as an error ratio of the statistical data sequence.
- the calculating the standard deviation and the average value of the statistical data sequence specifically includes: calculating a standard deviation ⁇ of the statistical data sequence X by using the following formula:
- k 2 ⁇ 3 ⁇ 4 ⁇ " n - 3 ⁇ 4 n " n -" 2 ;
- the number of successful response messages and the number of failure response messages in the foregoing S11 are determined, and the trusted value of the response of the selected sending end is determined, which specifically includes: the number of successful response messages and the access response of the set
- the total number of messages is compared with the first ratio, and the first ratio is used as the response trusted value; or, the number of failure response messages is compared with the total number of access response messages of the collection.
- the second ratio the difference between 1 and the second ratio is obtained as a response trusted value.
- the trusted value A may be used as the response; or 1 - may be used as the response trusted value A.
- the comprehensive evaluation value of the selected sending end in the set period is calculated according to the determined request trusted value, the response trusted value, the first weight, and the second weight, and the specific weight includes: The trusted value is requested to be multiplied to obtain a first product, and the second weight is multiplied by the response trusted value to obtain a second product; and the sum of the first product and the second product is used as a comprehensive evaluation value.
- the first weight and the second weight can be set according to actual needs. Assuming that the first weight is set to "1 and the second weight is set to " 2 , then the comprehensive evaluation value is Q+A.
- comparing the comprehensive evaluation value with the first set threshold value determining whether the automatic scanning behavior occurs at the selected transmitting end, specifically comprising: if the comprehensive evaluation value is greater than the first set threshold value, determining the selection The automatic scanning behavior occurs at the transmitting end; if the comprehensive evaluation value is not greater than the first set threshold, it is determined that the automatic scanning behavior has not occurred at the selected transmitting end.
- the comprehensive evaluation value i3 ⁇ 4Q+ « 2 A there are two special cases.
- the first one When the first weight "1" is 0, the response trusted value is used as the comprehensive evaluation value, that is, only based on the trusted value of the response.
- the automatic scanning behavior occurs on the selected sender; Second: When the second weight "2 is 0, the trusted value is requested as the comprehensive evaluation value, that is, the selected sender is determined only based on the trusted value of the request. Fixed scanning behavior.
- an embodiment of the present invention provides an apparatus for determining an automatic scanning behavior.
- the structure of the apparatus is as shown in FIG. 3, and includes:
- the message collection unit 30 is configured to collect, during the set period, an access request message sent by the selected sending end to the selected website server and an access response message returned by the selected website server to the selected sending end.
- the trusted value determining unit 31 is configured to divide the set period into at least two setting sub-cycles, and sequentially count the number of access request messages in each set sub-period, according to each set sub-period of the statistics.
- the number of access request messages determines the trusted value of the request from the selected sender; and the number of successful response messages and the number of failed response messages in the access response message of the statistics set, and the number of successful response messages
- the number of failure response messages determines the trusted value of the response of the selected sender.
- the evaluation value determining unit 32 is configured to acquire a first weight corresponding to the requested trusted value and a second weight corresponding to the trusted value, according to the determined trusted value, the trusted value, the first weight, and the second Weight, calculate the comprehensive evaluation value of the selected sender in the set period.
- the determining unit 33 is configured to compare the comprehensive evaluation value with the first set threshold value, and determine whether an automatic scanning behavior has occurred on the selected sending end.
- the trusted value determining unit 31 is specifically configured to: record the number of access request messages in each set sub-period of the statistics, obtain a statistical data sequence; obtain a maximum value in the statistical data sequence, and obtain the maximum The value is compared with the second set threshold; if the obtained maximum value is not less than the second set threshold, the ratio of the obtained maximum value to the second set threshold is used as the requested trusted value; If the error is smaller than the second set threshold, the error ratio of the statistical data sequence is calculated. If the error ratio is smaller than the third set threshold, the error ratio is used as the requested trusted value.
- the trusted value determining unit 31 is specifically configured to: calculate a standard deviation and an average value of the statistical data sequence; and use a ratio of a standard deviation of the statistical data sequence to the average value as an error ratio of the statistical data sequence.
- the foregoing trusted value determining unit 31 is specifically configured to: calculate a standard deviation ⁇ of the statistical data sequence by using the following formula:; calculate the statistical data sequence y by using the following formula
- n represents the total number of elements in the statistical data sequence ⁇ .
- the trusted value determining unit 31 is further used. And: respectively calculating a first slope of the first first set number element and a second slope of the second second set number element in the statistical data sequence; averaging the absolute value of the first slope and the absolute value of the second slope The value is used as the trusted value of the request.
- the formula calculates the second slope k 2 of the second set number element after the statistical data sequence X: n iy i
- k 2 ⁇ 3 ⁇ 4 ⁇ " n - 3 ⁇ 4 n " n -" 2 ;
- n is the total number of elements in the statistical data sequence X.
- the trusted value determining unit 31 is specifically configured to: obtain a first ratio by comparing the number of successful response messages with the total number of access response messages of the set, and use the first ratio as the response trusted value;
- the second ratio is obtained by comparing the number of failure response messages with the total number of access response messages of the set, and obtaining a difference between 1 and the second ratio as a response trusted value.
- the evaluation value determining unit 32 is specifically configured to: multiply the first weight by the requested trusted value to obtain a first product, and multiply the second weight by the response trusted value to obtain a second product; The sum of the product of the product and the second product is used as a comprehensive evaluation value.
- the comprehensive determination unit 33 is specifically configured to: if the comprehensive evaluation value is greater than the first set threshold, determine that the automatic scanning behavior occurs at the selected transmitting end; if the comprehensive evaluation value is not greater than the first set threshold, determine the selection The automatic scanning behavior did not occur on the sending end.
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2015528862A JP5981036B2 (ja) | 2012-08-29 | 2013-08-29 | 自動的なスキャン行為の判断方法及び装置 |
US14/424,986 US10057155B2 (en) | 2012-08-29 | 2013-08-29 | Method and apparatus for determining automatic scanning action |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210313458.3A CN102868685B (zh) | 2012-08-29 | 2012-08-29 | 一种判定自动扫描行为的方法及装置 |
CN201210313458.3 | 2012-08-29 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014032600A1 true WO2014032600A1 (zh) | 2014-03-06 |
Family
ID=47447276
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2013/082556 WO2014032600A1 (zh) | 2012-08-29 | 2013-08-29 | 一种判定自动扫描行为的方法及装置 |
Country Status (4)
Country | Link |
---|---|
US (1) | US10057155B2 (zh) |
JP (1) | JP5981036B2 (zh) |
CN (1) | CN102868685B (zh) |
WO (1) | WO2014032600A1 (zh) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102868685B (zh) * | 2012-08-29 | 2015-04-15 | 北京神州绿盟信息安全科技股份有限公司 | 一种判定自动扫描行为的方法及装置 |
JP2016177324A (ja) * | 2015-03-18 | 2016-10-06 | 株式会社リコー | 情報処理装置、情報処理システム、情報処理方法、及びプログラム |
US9674201B1 (en) * | 2015-12-29 | 2017-06-06 | Imperva, Inc. | Unobtrusive protection for large-scale data breaches utilizing user-specific data object access budgets |
US9674202B1 (en) | 2015-12-29 | 2017-06-06 | Imperva, Inc. | Techniques for preventing large-scale data breaches utilizing differentiated protection layers |
CN108259473B (zh) * | 2017-12-29 | 2022-08-16 | 西安交大捷普网络科技有限公司 | Web服务器扫描防护方法 |
CN108900486B (zh) * | 2018-06-19 | 2020-11-27 | 杭州默安科技有限公司 | 一种扫描器指纹识别方法及其系统 |
CN111866827B (zh) * | 2019-12-31 | 2024-04-12 | 北京骑胜科技有限公司 | 蓝牙设备状态检测方法、装置、电子设备及介质 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101707539A (zh) * | 2009-11-26 | 2010-05-12 | 成都市华为赛门铁克科技有限公司 | 蠕虫病毒检测方法、装置和网关设备 |
CN101826996A (zh) * | 2010-03-19 | 2010-09-08 | 中国科学院计算机网络信息中心 | 域名系统流量检测方法与域名服务器 |
US20110197282A1 (en) * | 2005-12-29 | 2011-08-11 | Kenichi Futamura | Method and apparatus for detecting scans in real-time |
CN102868685A (zh) * | 2012-08-29 | 2013-01-09 | 北京神州绿盟信息安全科技股份有限公司 | 一种判定自动扫描行为的方法及装置 |
Family Cites Families (52)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2000034867A1 (en) * | 1998-12-09 | 2000-06-15 | Network Ice Corporation | A method and apparatus for providing network and computer system security |
US10641861B2 (en) * | 2000-06-02 | 2020-05-05 | Dennis J. Dupray | Services and applications for a communications network |
US20110213869A1 (en) * | 2000-09-25 | 2011-09-01 | Yevgeny Korsunsky | Processing data flows with a data flow processor |
CA2482980A1 (en) * | 2002-04-19 | 2003-10-30 | Computer Associates Think, Inc. | System and method for managing wireless devices in an enterprise |
US8122128B2 (en) * | 2003-11-18 | 2012-02-21 | Burke Ii Robert M | System for regulating access to and distributing content in a network |
JP2006013737A (ja) * | 2004-06-24 | 2006-01-12 | Fujitsu Ltd | 異常トラヒック除去装置 |
JP2007288246A (ja) * | 2006-04-12 | 2007-11-01 | Yokogawa Electric Corp | 攻撃検出装置 |
US20070248058A1 (en) * | 2006-04-20 | 2007-10-25 | Victor Fajardo | Fast link-down detection systems and methods |
US8510467B2 (en) * | 2007-01-11 | 2013-08-13 | Ept Innovation | Monitoring a message associated with an action |
US8112801B2 (en) * | 2007-01-23 | 2012-02-07 | Alcatel Lucent | Method and apparatus for detecting malware |
US8205244B2 (en) * | 2007-02-27 | 2012-06-19 | Airdefense, Inc. | Systems and methods for generating, managing, and displaying alarms for wireless network monitoring |
US7808959B2 (en) * | 2007-03-15 | 2010-10-05 | Alpha Networks Inc. | Topology system of wireless network with dynamic balance |
US8272044B2 (en) * | 2007-05-25 | 2012-09-18 | New Jersey Institute Of Technology | Method and system to mitigate low rate denial of service (DoS) attacks |
US7979598B1 (en) * | 2007-10-10 | 2011-07-12 | Juniper Networks, Inc. | Wake-ahead based on patterns |
WO2009052039A1 (en) * | 2007-10-16 | 2009-04-23 | University Of Florida Research Foundation, Inc. | Efficient intrusion detection |
US20090171703A1 (en) * | 2007-12-28 | 2009-07-02 | International Business Machines Corporation | Use of multi-level state assessment in computer business environments |
US20090172149A1 (en) * | 2007-12-28 | 2009-07-02 | International Business Machines Corporation | Real-time information technology environments |
US8634796B2 (en) * | 2008-03-14 | 2014-01-21 | William J. Johnson | System and method for location based exchanges of data facilitating distributed location applications |
US8839387B2 (en) * | 2009-01-28 | 2014-09-16 | Headwater Partners I Llc | Roaming services network and overlay networks |
US8347386B2 (en) * | 2008-10-21 | 2013-01-01 | Lookout, Inc. | System and method for server-coupled malware prevention |
CN101414927B (zh) * | 2008-11-20 | 2011-05-11 | 浙江大学 | 用于内网网络攻击检测的报警和响应系统 |
US8914783B2 (en) * | 2008-11-25 | 2014-12-16 | Fisher-Rosemount Systems, Inc. | Software deployment manager integration within a process control system |
US8938530B2 (en) * | 2009-02-04 | 2015-01-20 | Hewlett-Packard Development Company, L.P. | Method and system for identifying dynamic content in hypertext transfer protocol (HTTP) responses |
US20100205297A1 (en) * | 2009-02-11 | 2010-08-12 | Gurusamy Sarathy | Systems and methods for dynamic detection of anonymizing proxies |
EP2222048A1 (en) * | 2009-02-24 | 2010-08-25 | BRITISH TELECOMMUNICATIONS public limited company | Detecting malicious behaviour on a computer network |
JP2010218462A (ja) * | 2009-03-18 | 2010-09-30 | Ricoh Co Ltd | 情報処理装置、情報処理方法およびプログラム |
US9282575B2 (en) * | 2009-03-18 | 2016-03-08 | Intel Corporation | Reducing access channel delay in a wireless communication system |
CN101540676B (zh) * | 2009-04-28 | 2012-05-23 | 西安西电捷通无线网络通信股份有限公司 | 一种适合三元对等鉴别可信网络连接架构的平台鉴别方法 |
US8205035B2 (en) * | 2009-06-22 | 2012-06-19 | Citrix Systems, Inc. | Systems and methods for integration between application firewall and caching |
US8776218B2 (en) * | 2009-07-21 | 2014-07-08 | Sophos Limited | Behavioral-based host intrusion prevention system |
US8607340B2 (en) * | 2009-07-21 | 2013-12-10 | Sophos Limited | Host intrusion prevention system using software and user behavior analysis |
JP4820437B2 (ja) * | 2009-07-29 | 2011-11-24 | シャープ株式会社 | 情報処理装置 |
US7890627B1 (en) * | 2009-09-02 | 2011-02-15 | Sophos Plc | Hierarchical statistical model of internet reputation |
US8254967B1 (en) * | 2009-09-25 | 2012-08-28 | Sprint Spectrum L.P. | Method and apparatus for differentiated paging channel selection |
US8830866B2 (en) * | 2009-09-30 | 2014-09-09 | Apple Inc. | Methods and apparatus for solicited activation for protected wireless networking |
EP3582553A1 (en) * | 2009-10-02 | 2019-12-18 | Mitsubishi Electric Corporation | Mobile communication system including a closed subscriber group (csg) cell |
US9094210B2 (en) * | 2009-10-26 | 2015-07-28 | Citrix Systems, Inc. | Systems and methods to secure a virtual appliance |
US20110113491A1 (en) * | 2009-11-12 | 2011-05-12 | Deutsche Telekom Ag | Collaborative system for protecting against the propagation of malwares in a network |
US8776226B2 (en) * | 2010-01-26 | 2014-07-08 | Bae Systems Information And Electronic Systems Integration Inc. | Method and apparatus for detecting SSH login attacks |
US8931088B2 (en) * | 2010-03-26 | 2015-01-06 | Alcatel Lucent | Adaptive distinct counting for network-traffic monitoring and other applications |
US20110247074A1 (en) * | 2010-03-30 | 2011-10-06 | Manring Bradley A C | Metadata-based access, security, and compliance control of software generated files |
US9009330B2 (en) * | 2010-04-01 | 2015-04-14 | Cloudflare, Inc. | Internet-based proxy service to limit internet visitor connection speed |
WO2011143542A1 (en) * | 2010-05-13 | 2011-11-17 | Ramakant Pandrangi | Systems and methods for identifying malicious domains using internet-wide dns lookup patterns |
US20110283358A1 (en) * | 2010-05-17 | 2011-11-17 | Mcafee, Inc. | Method and system to detect malware that removes anti-virus file system filter driver from a device stack |
US8935785B2 (en) * | 2010-09-24 | 2015-01-13 | Verisign, Inc | IP prioritization and scoring system for DDoS detection and mitigation |
CN101980576B (zh) * | 2010-10-19 | 2013-08-28 | 华为技术有限公司 | 随机接入处理方法和用户设备 |
CN102075511B (zh) * | 2010-11-01 | 2014-05-14 | 北京神州绿盟信息安全科技股份有限公司 | 一种数据匹配设备和方法以及网络入侵检测设备和方法 |
US8832839B2 (en) * | 2011-01-04 | 2014-09-09 | Siemens Aktiengesellschaft | Assessing system performance impact of security attacks |
US8595839B2 (en) * | 2011-01-21 | 2013-11-26 | International Business Machines Corporation | Selecting one of a plurality of scanner nodes to perform scan operations for an interface node receiving a file request |
US8800045B2 (en) * | 2011-02-11 | 2014-08-05 | Achilles Guard, Inc. | Security countermeasure management platform |
WO2012112607A1 (en) * | 2011-02-14 | 2012-08-23 | Devicescape Software, Inc. | Systems and methods for network curation |
EP2676402A4 (en) * | 2011-02-17 | 2015-06-03 | Sable Networks Inc | METHOD AND SYSTEMS FOR DETECTING AND WEAKENING A DISTRIBUTED HIGH FREQUENCY DENIAL OF SERVICE (DDOS) ATTACK |
-
2012
- 2012-08-29 CN CN201210313458.3A patent/CN102868685B/zh active Active
-
2013
- 2013-08-29 JP JP2015528862A patent/JP5981036B2/ja active Active
- 2013-08-29 WO PCT/CN2013/082556 patent/WO2014032600A1/zh active Application Filing
- 2013-08-29 US US14/424,986 patent/US10057155B2/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110197282A1 (en) * | 2005-12-29 | 2011-08-11 | Kenichi Futamura | Method and apparatus for detecting scans in real-time |
CN101707539A (zh) * | 2009-11-26 | 2010-05-12 | 成都市华为赛门铁克科技有限公司 | 蠕虫病毒检测方法、装置和网关设备 |
CN101826996A (zh) * | 2010-03-19 | 2010-09-08 | 中国科学院计算机网络信息中心 | 域名系统流量检测方法与域名服务器 |
CN102868685A (zh) * | 2012-08-29 | 2013-01-09 | 北京神州绿盟信息安全科技股份有限公司 | 一种判定自动扫描行为的方法及装置 |
Also Published As
Publication number | Publication date |
---|---|
JP5981036B2 (ja) | 2016-08-31 |
JP2015532048A (ja) | 2015-11-05 |
CN102868685B (zh) | 2015-04-15 |
CN102868685A (zh) | 2013-01-09 |
US20150249589A1 (en) | 2015-09-03 |
US10057155B2 (en) | 2018-08-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2014032600A1 (zh) | 一种判定自动扫描行为的方法及装置 | |
KR101143136B1 (ko) | 네트워크 상태에 응답하여 네트워크 통신을 최적화하는방법 및 시스템 | |
US20180007121A1 (en) | Performance-based content delivery | |
WO2019019396A1 (zh) | 推送结果预测方法、装置、计算机设备和存储介质 | |
US20110185425A1 (en) | Network attack detection devices and methods | |
JP6028026B2 (ja) | リサーチパネル内のユーザのネットワークトラフィックを追跡するためのシステムおよび方法 | |
Joumblatt et al. | HostView: Annotating end-host performance measurements with user feedback | |
CN107196968B (zh) | 一种爬虫识别方法 | |
US8818927B2 (en) | Method for generating rules and parameters for assessing relevance of information derived from internet traffic | |
CN110417747B (zh) | 一种暴力破解行为的检测方法及装置 | |
US10404524B2 (en) | Resource and metric ranking by differential analysis | |
GB2569678A (en) | Automation of SQL tuning method and system using statistic SQL pattern analysis | |
US9813467B1 (en) | Real-time alignment and processing of incomplete stream of data | |
CN110311963B (zh) | 消息推送方法、装置、计算机设备及计算机可读存储介质 | |
CN114363091A (zh) | 一种基于apisix实现平台应用统一登录的方法及系统 | |
CN107612946B (zh) | Ip地址的检测方法、检测装置和电子设备 | |
WO2023151426A1 (zh) | 直播间人数统计方法及装置 | |
CN110543509A (zh) | 用户访问数据的监控系统、方法、装置及电子设备 | |
WO2023045434A1 (zh) | 访问检测方法、系统及装置 | |
WO2022134806A1 (zh) | 热点key的确定方法、装置、设备及存储介质 | |
CN110572299B (zh) | 设备测试方法、系统、装置、网络节点、终端及存储介质 | |
KR101661858B1 (ko) | 쿠키 브리지 장치 및 방법 | |
Brahneborg et al. | Round-Trip time anomaly detection | |
CN112905320A (zh) | 一种物联网任务的执行系统、方法及装置 | |
US20140337671A1 (en) | System and Methods for Monitoring a Geographic Information System |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 13834102 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2015528862 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14424986 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 13834102 Country of ref document: EP Kind code of ref document: A1 |