Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for adjusting target hitting characteristics according to attacking logs

A log and integer multiple technology, applied in the field of communication, can solve the problems of large investment, high manpower and skill requirements, low efficiency, etc., and achieve the effect of reducing false positives

Active Publication Date: 2014-02-12
SANGFOR TECH INC
View PDF3 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] This method has obvious disadvantages: manual analysis of logs is very inefficient. On the one hand, more manpower is required for log analysis. On the other hand, log analysts also have certain skill requirements, and they need to be familiar with attacks to give correct analysis. As a result, the requirements for manpower and skills are relatively high, and the overall investment is relatively large
The adjustment of features cannot be fine-tuned. If there is a false positive, it is generally to enable or disable the rule. A certain rule may not apply to a certain URL and IP address, but it is still applicable to other environments. Directly disabling a certain rule may will reduce the defense effect

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for adjusting target hitting characteristics according to attacking logs
  • Method and device for adjusting target hitting characteristics according to attacking logs
  • Method and device for adjusting target hitting characteristics according to attacking logs

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] The technical solutions of the present invention will be further described below in conjunction with the accompanying drawings and specific embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0038] refer to figure 1 , figure 1 It is a schematic flowchart of the first embodiment of the method for adjusting hit features according to attack logs in the present invention.

[0039] This embodiment proposes a method for adjusting hit features according to attack logs, including:

[0040] Step S10, obtaining the attack log of the same IP address within the preset first time interval, and extracting the hit feature and the target URL in the obtained attack log;

[0041] The attack log includes information such as IP address, hit feature, target URL, attack time, and attack load. In this embodiment, the IP address refers to the source IP address, which can be o...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a method and device for adjusting target hitting characteristics according to attacking logs. An IP address of a terminal can hit the plurality of target hitting characteristics in a certain period of time when the terminal attacks a protected web server, and each target hitting characteristic corresponds to a small number of attacking logs. Therefore, the target hitting characteristics and target websites of all attacking logs in the same IP address in the first time interval are the same, and when the number of all the attacked logs in the first time interval is larger than or equal to a first preset threshold, it is considered that a false alarm is given when the IP address browses the target website, the IP address and the target website are simultaneously avoided in the target hitting characteristics, and therefore the terminal with the IP address is not intercepted when the terminal browses the target website and is matched with the target hitting characteristics, terminals with other IP addresses are intercepted when the terminals browse the target website and are matched with the target hitting characteristics, and the attacking logs are generated. False alarms are reduced without directly abolishing a certain rule and on the premise of not reducing the defending effect.

Description

technical field [0001] The invention relates to the field of communication technology, in particular to a method and device for adjusting hit features according to attack logs. Background technique [0002] The defense based on Web site attacks can be defended with a web application firewall (WAF). Web application firewalls have a built-in rule base, which extracts common attack features that attack web sites. When a packet passes through the web firewall, the detection engine compares it with the predefined features to detect whether the packet submitted to the web server is There is an attack. The built-in rule base will set a default action for each rule according to the complexity and severity of the rules. If a rule is matched, the WAF firewall will determine how to further process the packet according to the default action of the rule. [0003] Due to the complexity and diversity of network packets, user network implementation environments are different, and rule fa...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06G06F21/55
Inventor 周欣
Owner SANGFOR TECH INC
Features
  • Generate Ideas
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com