Method and device for detecting abnormal flow, and method and device for defending against Web attack

A technology of abnormal traffic and detection method, which is applied in the field of network security, can solve the problems of inability to protect the network, 0day loophole defense lag, etc., and achieve the effect of overcoming the lag of defense

Active Publication Date: 2015-10-21
NEUSOFT CORP
View PDF4 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Since the blacklist is set according to the web attacks that have already occurred, the method of detecting abnormal traffic based on specific codes has the characteristics of defense lag and "post-update", so that the method of specific code detect...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting abnormal flow, and method and device for defending against Web attack
  • Method and device for detecting abnormal flow, and method and device for defending against Web attack
  • Method and device for detecting abnormal flow, and method and device for defending against Web attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0059] figure 1 It is a schematic flowchart of the method for detecting abnormal traffic provided in Embodiment 1 of the present invention. like figure 1 As shown, the method includes the following steps:

[0060] S101. Obtain the benchmark traffic characteristics of the website:

[0061] It should be noted that the reference traffic characteristics described in the embodiment of the present invention are URL characteristics constructed according to legal URLs of websites. How to determine whether a URL is legitimate? In this embodiment of the present invention, whether the URL is legal can be determined by checking the response of the URL. For example, when the response of the URL is "HTTP 200 OK", it indicates that the URL is legal and correct; when the response of the URL is "HTTP 404 Not Found", it indicates that the URL does not exist or is a broken URL. Links or citations are not legal.

[0062] In the embodiment of the present invention, any one of the following t...

Embodiment 2

[0137] Figure 4 is a schematic flowchart of the method for defending against Web attacks provided by Embodiment 2 of the present invention. like Figure 4 As shown, the method includes the following steps:

[0138] S401. Detect whether the received traffic is abnormal traffic;

[0139] According to step S101 to step S104 in the method for detecting abnormal traffic according to the first embodiment, it is detected whether the received traffic is abnormal traffic.

[0140] S402. When the received traffic is abnormal traffic, track the user who generated the abnormal traffic;

[0141] When the received traffic is abnormal, track the user who generated the abnormal traffic.

[0142] S403. Determine the trust degree of the user within the preset time period according to the degree of abnormal traffic generated by the user within the current preset time period:

[0143] It should be noted that the time corresponding to the current flow input by the user is pushed forward by a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method and a device for detecting abnormal flow. The method comprises the following steps of obtaining reference flow characteristics of a website, wherein the reference flow characteristics comprise URL (Uniform Resource Locator) characteristics constructed by a legal URL; extracting to-be-detected flow characteristics from received to-be-detected flow; matching the to-be-detected flow characteristics and the reference flow characteristics to determine whether characteristics which are unmatched with the reference flow characteristics exist in the to-be-detected flow characteristics; and when the characteristics which are unmatched with the reference flow characteristics exist in the to-be-detected flow characteristics, analyzing the characteristics which are unmatched with the reference flow characteristics to determine whether the to-be-detected flow is abnormal flow. According to the method provided by the invention, a 0day loophole can be coped with well to help to improve network security. The invention also provides a method and device for defending against a Web attack.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and device for detecting abnormal traffic, and a method and device for defending against Web attacks based on the method for detecting abnormal traffic. Background technique [0002] With the development of computer technology, computers are facing increasingly advanced and diverse Web attacks. Rich Java scripts and SQL (Structured Query Language, Structured Query Language) provide hackers with an opportunity to exploit Web attacks. In order to defend against web attacks, it is necessary to detect the traffic input to the website to detect abnormal traffic that attacks the website. [0003] At present, most of them use specific codes to detect abnormal traffic, and then resist their attacks on the Web. However, this particular code has the following problems: [0004] Either the scope of the detection is too broad, resulting in false positive threats, or the ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1433H04L63/168
Inventor 于杨
Owner NEUSOFT CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap