Network attack detection method and device, storage medium and computer device

Abstract

The invention discloses a network attack detection method and device, a storage medium and a computer device. The method comprises the following steps: determining an access party of which the numberof uniform resource identifiers URIs accessed in a preset time period is lower than a preset number; for each URI of the determined at least one URI accessed by the access party: determining the number of access parties accessing the URI in the preset time period, when the number of the access parties exceeds a first threshold value; and obtaining an access information group carried by each accessrequest accessing the URI in the preset time period, determining the access information group with the highest occurrence frequency in each access request as a high-risk access information group, anddetermining the access request carrying the high-risk access information group and accessing the URI as a network attack. According to the method and the device, the detection and recognition capabilities of network attacks can be effectively improved, and the defense capability of the network attacks is improved.

Description

technical field [0001] The invention relates to the field of network security protection, in particular to a network attack detection method, equipment, storage medium and computer equipment. Background technique [0002] With the development of science and technology, network security has become particularly important, and current website servers are often subject to various illegal attacks. CC (Challenge Collapsar, challenge black hole) attack is one of the common attack behaviors. CC attack is a kind of DDoS (Distributed Denial of Service, Distributed Denial of Service). CC attack continuously sends access requests to the website server through access URI (Uniform Resource Identifier, Uniform Resource Identifier), so that the website server cannot handle legitimate users for normal users. Access to network resources, thereby forming the purpose of denial of service. [0003] Existing network attack detection technologies detect network attacks by counting the number of ...

AI Technical Summary

Problems solved by technology

[0004] However, with the development of technology, there are currently incidents of network attacks through multiple different IPs

For example, an attacker who launches a CC attack can modify the IP multiple times, and send a page request (a type of access request) that takes up a lot of processing resources and time to the website server through different IPs to access the URI of the website server, causing the website server to process resources. Waste, the website server CPU is in 100% usage state for a long time, so the CPU has no way to process normal requests from legitimate users

[0005] It can be seen that the attacker can access the attacked URI through multiple different IPs, and the number of visits to the URI by each IP will not exceed the threshold, which makes it impossible for existing network attack detection technologies to detect such attacks. Network attacks

Images