Reverse tracing method and device of proxy host

A technology of reverse tracking and proxy host, applied in the field of network security, can solve the problem of inability to trace the real IP address of attackers, improve the intrusion identification ability of network security protection equipment, etc., and achieve the effect of improving the identification ability.

Active Publication Date: 2018-11-23
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF6 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, these so-called "professional" hackers are often producing network attack warning data every day, which brings great challenges to network security
In the traditional traceability of hackers and even black industry network attacks, the clues are often broken on the proxy IP address, and the real IP address of the attacker cannot be traced, so measures cannot be taken to improve the intrusion identification of network security protection equipment ability

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Reverse tracing method and device of proxy host
  • Reverse tracing method and device of proxy host
  • Reverse tracing method and device of proxy host

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0033] see figure 2 , which is a reverse tracing method applied to the proxy host of the above-mentioned electronic device 100 provided by the embodiment of the present invention, which will be combined below figure 2 Describe the steps involved.

[0034] Step S101: Filter out at least one HTTP request data with proxy behavior from the intercepted WEB attack alarm log.

[0035] Filter out at least one HTTP request data with proxy behavior from all WEB attack alarm logs intercepted by the network security protection device. As an implementation, you can combine image 3 The steps shown illustrate this process.

[0036] Step S201: Obtain the HTTP request data of each WEB attack alarm log from the intercepted WEB attack alarm log.

[0037] Obtain the HTTP request data of each WEB attack alarm log from all WEB attack alarm logs intercepted by the network security protection device, and further filter out WEB type WEB attack alarms from all the attack alarm logs intercepted b...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a reverse tracing method and device of a proxy host, belonging to the technical field of network security. The method comprises the steps of screening out at least one piece of HTTP request data with a proxy behavior from intercepted WEB attack warning logs; determining whether a request head of each piece of HTTP request data of the at least one HTTP request data comprises a real IP address of a real attacker; and if first HTTP request data comprising the real IP address of the real attacker exists in the at least one HTTP request data, searching a preset threat intelligence database for the real IP address and a proxy IP address of the first HTTP request data, so as to obtain a first query result. The method determines the IP address of the real attack source andcompletes tracing work rapidly and effectively, and helps network security protection equipment better identify proxy attack behaviors.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a reverse tracing method and device for a proxy host. Background technique [0002] In the process of daily analysis of network security device logs, it is found that the IP address of the attack source of most alarms is not the real IP address of the attacker. Network attackers not only have the ability to detect vulnerabilities, but also have higher security awareness than ordinary people, especially Black industry practitioners who make a living in the black industry chain have a certain degree of research and actual combat on network anonymous attack technology. However, these so-called "professional" hackers are often producing network attack warning data every day, which brings great challenges to network security. In the traditional traceability of hackers and even black industry network attacks, the clues are often broken on the proxy IP address, and...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/1408H04L63/1425H04L67/02
Inventor 王世晋范渊黄进莫金友
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap