A method, device and system for protecting a website through safety learning

A security device and website technology, applied in the field of network security, can solve problems such as high false positive rate and ineffective identification of security models, and achieve the effects of improving accuracy and comprehensiveness, improving interception accuracy, and reducing deployment time.

Active Publication Date: 2020-08-28
ZHONGYUNWANGAN TECHNOLOGY (BEIJING) CO LTD
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The technical problem to be solved by the present invention is to overcome the deficiencies of the prior art, provide a method for safely learning and protecting websites, and solve the problem that the security model of machine learning cannot effectively identify AJAX requests, resulting in a high false alarm rate

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method, device and system for protecting a website through safety learning
  • A method, device and system for protecting a website through safety learning
  • A method, device and system for protecting a website through safety learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0065] During the learning process, if an AJAX-based threat access judgment is received, the administrator can add his own or trusted IP address to the address of safe learning, and the firewall will automatically use regular expression-based writing security access rules based on the added result .

[0066] Such as figure 1 As shown, the method for safely learning and protecting a website described in this embodiment includes the following steps:

[0067] S11. Setting a website security model;

[0068] Set up a website security model for the website, judge all visits to the website according to this security model, intercept threatening visits, and release visits that conform to the security model.

[0069] For example, this security model can be a general firewall with blacklists and / or whitelists, or it can be a security model established through machine learning with different access rules for website content. The security model stores access release rules based on diff...

Embodiment 2

[0084] Such as figure 2 Another example of protecting the website through security learning is shown. The difference between this example and the first example is that the setting of the website security model is added, which can combine the process of machine learning to improve the protection of website security and reduce manual configuration. Time increases productivity.

[0085] S21. Setting a website security model;

[0086] The specific setting of the website security model is Figure II Shown on the right:

[0087] S211. Establish a reverse proxy connection with the website to receive an access request to the website;

[0088] The website security device is switched to passive mode, set between the website server and the user access end, receives the access request from the user end and then sends the request to the website server end, and sends the return result of the data from the server end to the user access request end. The website security device uses the ...

Embodiment 3

[0103] Such as image 3 Shown, a kind of website safety device 30 that protects website through safety study, this website safety device 30 comprises website protection module 31, safe study address module 32, rule adding module 33; Specifically:

[0104] Website protection module 31, used to establish and update the security model;

[0105] A safe learning address module 32, configured to set at least one safe learning address;

[0106] A rule adding module 33, configured to receive an access request from a secure learning address, and add a custom rule according to the access request;

[0107] Wherein the website protection module 31 also includes a receiving access request unit 311, an alarm prompting unit 312, a judging unit 313, and a machine learning unit 314;

[0108] Receive an access request unit 311, configured to establish a reverse proxy connection with the website to receive an access request to the website;

[0109] an alarm prompting unit 312, configured to i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for protecting a website through security learning. A website security apparatus establishes a connection with the website and carries out security learning, an access rule is added according to input feedback, and based on an AJAX request, a security learning address is set and a security access model is set up. According to the security access mode, threat access is obstructed. According to the technical scheme provided by the invention, an AJAX-based request can be effectively learned, the installation and personnel deployment time is reduced, and the enterprise cost is decreased.

Description

technical field [0001] The invention belongs to the field of network security, and in particular relates to a method for safely learning and protecting a website. Background technique [0002] With the rapid development of the Internet, website security issues have become prominent. Websites often carry major business functions and store a large amount of valuable data. Traditional website firewalls use signature databases to protect websites, which cannot defend against unknown threats. There are more and more attacks on web servers and databases, such as attacks on database SQL injection vulnerabilities, or attacks on web server ports. [0003] Through the method of machine learning, an intelligent website security model can be established to prevent unknown attacks in a timely and effective manner and ensure the safe operation of the website server. However, for AJAX-based client requests, the machine learning method is powerless, because machine learning will misjudge t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06G06N20/00
CPCG06N20/00H04L63/0263H04L63/1441
Inventor 王茁
Owner ZHONGYUNWANGAN TECHNOLOGY (BEIJING) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap