Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Flow analysis based protective method and device against network attack

A network attack and network technology, applied in the network field, can solve problems such as increased user learning costs, poor scanning perception, high maintenance costs, etc., to achieve the effects of shortening waiting time, reducing learning costs, and improving security

Inactive Publication Date: 2017-05-10
ALIBABA GRP HLDG LTD
View PDF8 Cites 31 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] 1. Because the protection rules of WAF in the form of hardware are predefined, it is difficult to update the protection rules after new vulnerabilities appear
And the complexity of its deployment method and high maintenance cost determine that it is not suitable for cloud computing network environment
[0007] 2. It is necessary for the user to change the NS record or CNAME record to achieve security protection, which increases the user's learning cost; moreover, for the user terminal that is not connected to the WAF server, it cannot provide security protection for the web server, which cannot be achieved in the cloud computing network. 100% protection, reducing the overall security of the cloud computing network
[0008] 3. The processing of the existing WAF is generally to complete the matching of the network request and all the rules before deciding whether the request is intercepted or let go, which increases the delay for users to access the web server
[0009] 4. The existing WAF is aimed at the protection of a single website or a single Web service. It has poor perception of large-scale vulnerability scanning for the entire network, and has not been well linked to the large-scale scanning of the cloud computing network by the same attacker. protection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Flow analysis based protective method and device against network attack
  • Flow analysis based protective method and device against network attack
  • Flow analysis based protective method and device against network attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0077] In order to make the above objects, features and advantages of the present application more obvious and comprehensible, the present application will be further described in detail below in conjunction with the accompanying drawings and specific implementation methods.

[0078] refer to figure 1 , which shows a flow chart of the steps of Embodiment 1 of a traffic analysis-based network attack protection method of the present application, which may specifically include the following steps:

[0079] Step 101, collecting network traffic passing between a network server and a network routing device.

[0080] When the client or external server accesses the Internet provided by the network provider, the network access request is transmitted to the network server provided by the network provider through the network routing device, and the network server further transmits the information from the network server to the network routing device according to the feedback information ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a flow analysis based protective method against a network attack. The method comprises that a network flow between a network server and a network router is collected; a network access parameter in the network flow is analyzed; a target network access parameter corresponding to the network flow generated when a network attack source accesses the network server is searched by matching a preset rule; and according to the target network access parameter, the network attack source is forbidden establishing connection to the network server. According to schemes of the invention, no operation needs to be carried out on a client or an external server, and the learning cost of a user is reduced; and compared with a traditional manner in which an WAF server needs to be connected, the method and device aim at clients or external servers of all access network servers, safety detection can be carried out needless of connecting the WAF server, 100% safety protection is provided for the network server, and the total safety of the cloud computing network is improved.

Description

technical field [0001] The present application relates to the field of network technology, in particular to a network attack protection method based on flow analysis and a network attack protection device based on flow analysis. Background technique [0002] While web applications are becoming more and more abundant, web servers have gradually become the main target of attacks, and security incidents such as SQL injection, web page tampering, and web page Trojans have also occurred frequently. [0003] Usually, WAF (Web Application Firewall, web application firewall) is used as an access control device to strengthen the security of the web server. By analyzing the request initiated by the web client, the content is detected to ensure the legitimacy of the request and block illegal requests. , can effectively protect the web server. [0004] The early WAF is usually a kind of hardware device, which is connected to the network through series or bypass, and is generally applic...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/1416H04L63/1441H04L67/02
Inventor 张钊
Owner ALIBABA GRP HLDG LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com