Library hit attack detection method, device and equipment and computer readable memory medium

A technology of attack detection and preset thresholds, which is applied in the field of network security, can solve problems such as NAT environment false positives, hard-to-crash attacks, and large traffic on portal websites, so as to improve recognition accuracy and reduce rule complexity and calculation load. Effect

Active Publication Date: 2018-09-28
广州广电研究院有限公司
View PDF11 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, the inventor found in the process of implementing the present invention that some portal websites have huge traffic, and the traditional detection method needs to comprehensively use multiple dimensions for simultaneous judgment. The efficiency is low, and it is easy to cause false positives in the NAT environment

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Library hit attack detection method, device and equipment and computer readable memory medium
  • Library hit attack detection method, device and equipment and computer readable memory medium

Examples

Experimental program
Comparison scheme
Effect test

no. 2 example

[0068] The learning library includes at least two groups of URL groups corresponding to time periods; each URL group includes N first URLs; each URL group contains N first URLs extracted according to the same time period within a predetermined historical date Obtain the statistics of the top N URLs in terms of visits.

[0069] Then, the URL that does not match the preset learning library is extracted from the N URLs as the target URL, specifically:

[0070] Obtain the URL group corresponding to the current moment in the learning library;

[0071] A URL that does not exist in the URL group is extracted from the N URLs as a target URL.

[0072] Specifically, the activity of different URLs in different time periods is different. For example, the websites corresponding to some URLs are more active during the day, that is, they have a relatively large number of visits during the day (top N), while the websites corresponding to some URLs are more active during the daytime. The num...

no. 3 example

[0075] On the basis of the first embodiment:

[0076] According to the payload of each request message of the target URL, it is determined that the login request message in the request message is a login behavior, specifically:

[0077] Using stream processing mode for the payload of each request message of the target URL, matching through ordered vectorization technology to obtain a matching result;

[0078] According to the matching result, judging whether the request message is a login behavior;

[0079] If not, discarding the request message;

[0080] If yes, mark the request packet as a login request packet.

[0081] In this embodiment, as an example, the stream processing mode is used for the payload of each request message of the target URL, and high-speed matching is performed in multiple dimensions through the ordered vectorization technology, wherein the matched dimension and keyword It can be set by the user, for example, only filter the request message whose req...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a library hit attack detection method, comprising the steps of separating HTTP traffic information from collected network traffic; analyzing the HTTP traffic information to obtain N URLs with N top ranked current page views; extracting the URLs which do not match a preset learning library from the N URLs as target URLs; determining login request messages as login behaviorsin the request messages according to payload of each request message of the target URLs; calculating a login failure rate of each source IP according to the payload of a response message correspondingto each login request message; and judging whether the login request of each source IP is a library hit attack or not according to the login failure rate of each source IP and a preset threshold. Theinvention also discloses a library hit attack detection device and equipment and a computer readable memory medium. The detection operation quantity can be effectively reduced, the processing efficiency and operation speed are improved, and the identification accuracy is improved.

Description

technical field [0001] The present invention relates to the technical field of network security, in particular to a credential stuffing attack detection method, device, equipment and computer-readable storage medium. Background technique [0002] With the rapid development of the Internet, a large number of websites and mobile applications have emerged. Each user may have multiple accounts on multiple different websites. For the convenience of memory, these accounts often use the same account number and password. Therefore, serious security problems are caused. When the user data of a certain website or mobile application is leaked, all the information of the user on other websites and mobile applications may be leaked. In recent years, the impact of credential stuffing attacks on users has become increasingly significant. [0003] In the current credential stuffing attack detection methods, information in as many dimensions as possible is obtained when capturing traffic, ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/26H04L29/08G06F17/30
CPCH04L43/16H04L63/0815H04L63/0876H04L63/1416H04L63/1425H04L67/02
Inventor 杨润达黄跃珍刘纬唐锡南
Owner 广州广电研究院有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap