Method and device for detecting database collision attack

An IP address and login request technology, applied in the field of credential stuffing attack detection, can solve problems such as consuming computing power resources, and achieve the effect of improving accuracy and saving computing resources

Active Publication Date: 2017-11-14
ALIBABA GRP HLDG LTD
View PDF5 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method consumes a lot of computing resources because the password in each login reque

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting database collision attack
  • Method and device for detecting database collision attack
  • Method and device for detecting database collision attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] Before discussing the exemplary embodiments in more detail, it should be mentioned that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although the flowcharts describe operations as sequential processing, many of the operations may be performed in parallel, concurrently, or simultaneously. In addition, the order of operations can be rearranged. The process may be terminated when its operations are complete, but may also have additional steps not included in the figure. The processing may correspond to a method, function, procedure, subroutine, subroutine, or the like.

[0028] The term "computer equipment" in this context, also referred to as "computer", refers to an intelligent electronic device that can perform predetermined processing procedures such as numerical calculations and / or logic calculations by running predetermined programs or instructions, which may include a processor and The memory is realized by the processor...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method and a device for detecting a database collision attack. The method comprises the steps of: acquiring source IP addresses and login information of login requests received within a predetermined time; determining a source IP address having high-frequency login behavior among the acquired source IP addresses according to the acquired source IP addresses and login information; and judging whether the login request initiated by the source IP address having high-frequency login behavior within the predetermined time is a database collision attack according to a proportion of passwords with semantic meanings in passwords used by the login request initiated by the source IP address, wherein the passwords with semantic meanings are passwords with the probability that the passwords have semantic meanings exceeding a predetermined probability threshold value. The method and the device provided by the invention improve the precision of database collision attack detection.

Description

technical field [0001] The present application relates to the field of network attack defense, in particular to a method and device for detecting credential stuffing attacks. Background technique [0002] Credential stuffing attack means that hackers collect user names and passwords that have been leaked from the Internet, generate corresponding dictionary tables, and then use the users and passwords listed in the dictionary tables to try to log in to other websites in batches. If the same username and password are set, hackers can easily log in to these websites successfully through the existing username and password information in the dictionary, thereby obtaining relevant information of the user. After the information is leaked, it will not only bring huge losses to the user's economy, but also bring negative impacts to related websites. At present, after hackers illegally invade the website server, they usually store the user name and password information of website use...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L63/1433H04L63/145H04L63/1466
Inventor 郭家龙
Owner ALIBABA GRP HLDG LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap