Method and device for detecting network attack

An attack detection and network attack technology, applied in the Internet field, can solve the problems of unproposed solutions, reduce the accuracy and effectiveness of WEB attack detection, and not take into account the immune function of webserver, so as to improve the accuracy and effectiveness, and solve the problems less accurate effect

Inactive Publication Date: 2017-08-15
ALIBABA GRP HLDG LTD
View PDF7 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] However, the above-mentioned method of legality detection only for traffic in the direction of the HTTP request has the following defects: this solution can only unilaterally determine whether the HTTP request contains attack information, and does not consider the response of the attacked object webserver. In other words, the solution does not take into account whet

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting network attack
  • Method and device for detecting network attack
  • Method and device for detecting network attack

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0036] Example 1

[0037] According to an embodiment of the present invention, a method embodiment of a method for detecting a network attack is also provided. It should be noted that the steps shown in the flowchart of the accompanying drawings may be executed in a computer system such as a set of computer-executable instructions and, although a logical order is shown in the flowcharts, in some cases the steps shown or described may be performed in an order different from that herein.

[0038] The method embodiment provided in Embodiment 1 of the present application may be executed in a mobile terminal, a computer terminal, or a similar computing device. Take running on a computer terminal as an example, figure 1 It is a hardware structure block diagram of a computer terminal of a network attack detection method according to an embodiment of the present invention. like figure 1 As shown, the computer terminal 10 may include one or more (only one is shown in the figure) proce...

Example Embodiment

[0088] Example 2

[0089] According to an embodiment of the present invention, a structural block diagram of a detection device for implementing the above network attack is also provided. The device can be located at a sending end (eg, a computer terminal) and a receiving end (eg, a website server), which is equivalent to sending An intermediate bridge between the terminal and the receiving terminal, which is similar in nature to a proxy, and the device can be located either in the terminal or, of course, in the server. like Figure 4 As shown, the device includes: a receiving module 10 for receiving a network request from a sender; an obtaining module 20 for forwarding the network request to an attack request when the attack detection rule set is used to determine the type of the network request. The receiving end obtains the network response corresponding to the network request; the processing module 30 is used to detect the network response by using the attack detection ru...

Example Embodiment

[0100] Example 3

[0101] Embodiments of the present invention may provide a computer terminal, and the computer terminal may be any computer terminal device in a computer terminal group. Optionally, in this embodiment, the above-mentioned computer terminal may also be replaced by a terminal device such as a mobile terminal.

[0102] Optionally, in this embodiment, the above-mentioned computer terminal may be located in at least one network device among multiple network devices of a computer network.

[0103] Optionally, Image 6 It is a structural block diagram of a computer terminal according to an embodiment of the present invention. like Image 6 As shown, the computer terminal may include: one or more (only one is shown in the figure) processors and memory.

[0104] The memory can be used to store software programs and modules, such as program instructions / modules and attack detection rule sets corresponding to the network attack detection method and device in the emb...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and device for detecting network attacks. The method comprises the following steps: receiving a network request from a sender; when determining that the type of the network request is an attack request by adopting an attack detection rule set, forwarding the network request to a receiver, and acquiring a network response corresponding to the network request; and detecting the network response by adopting the attack detection rule set, and selecting a processing mode of the network response according to a detection result. By adopting the method and device disclosed by the invention, the technical problem that a one-way network attack detection method adopted in related technologies is relatively low in accuracy can be solved.

Description

technical field [0001] The invention relates to the field of the Internet, in particular to a method and device for detecting network attacks. Background technique [0002] World Wide Web (WEB) attack refers to the use of Hypertext Transfer Protocol (HTTP) to send maliciously constructed HTTP requests to "deceive" the World Wide Web server (webserver) to deviate from the normal execution logic. [0003] WEB attack is the most common HTTP request on the Internet. Almost all websites suffer from different degrees of WEB attacks every day, but this does not mean that all WEB attacks will be successful. The reason is that whether a WEB attack can be successful depends on Whether there are corresponding defects or loopholes in the web server. For example: For a webserver that is only responsible for returning static pages (Hypertext Markup Language (HTML) pages, images, etc.) and does not use any database technology, any Structured Query Language (SQL) injection attack will obvi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416
Inventor 张峰
Owner ALIBABA GRP HLDG LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap