Flow analysis based protective method and device against network attack

Abstract

The invention discloses a flow analysis based protective method against a network attack. The method comprises that a network flow between a network server and a network router is collected; a network access parameter in the network flow is analyzed; a target network access parameter corresponding to the network flow generated when a network attack source accesses the network server is searched by matching a preset rule; and according to the target network access parameter, the network attack source is forbidden establishing connection to the network server. According to schemes of the invention, no operation needs to be carried out on a client or an external server, and the learning cost of a user is reduced; and compared with a traditional manner in which an WAF server needs to be connected, the method and device aim at clients or external servers of all access network servers, safety detection can be carried out needless of connecting the WAF server, 100% safety protection is provided for the network server, and the total safety of the cloud computing network is improved.

Description

technical field [0001] The present application relates to the field of network technology, in particular to a network attack protection method based on flow analysis and a network attack protection device based on flow analysis. Background technique [0002] While web applications are becoming more and more abundant, web servers have gradually become the main target of attacks, and security incidents such as SQL injection, web page tampering, and web page Trojans have also occurred frequently. [0003] Usually, WAF (Web Application Firewall, web application firewall) is used as an access control device to strengthen the security of the web server. By analyzing the request initiated by the web client, the content is detected to ensure the legitimacy of the request and block illegal requests. , can effectively protect the web server. [0004] The early WAF is usually a kind of hardware device, which is connected to the network through series or bypass, and is generally applic...

AI Technical Summary

Problems solved by technology

[0006] 1. Because the protection rules of WAF in the form of hardware are predefined, it is difficult to update the protection rules after new vulnerabilities appear

And the complexity of its deployment method and high maintenance cost determine that it is not suitable for cloud computing network environment

[0007] 2. It is necessary for the user to change the NS record or CNAME record to achieve security protection, which increases the user's learning cost; moreover, for the user terminal that is not connected to the WAF server, it cannot provide security protection for the web server, which cannot be achieved in the cloud computing network. 100% protection, reducing the overall security of the cloud computing network

[0008] 3. The processing of the existing WAF is generally to complete the matching of the network request and all the rules before deciding whether the request is intercepted or let go, which increases the delay for users to access the web server

[0009] 4. The existing WAF is aimed at the protection of a single website or a single Web service. It has poor perception of large-scale vulnerability scanning for the entire network, and has not been well linked to the large-scale scanning of the cloud computing network by the same attacker. protection

Images