Network attack defense method, server and computer readable storage medium

Abstract

The invention discloses a network attack defense method, a server and a computer readable storage medium. According to the invention, feature information corresponding to a preset analysis factor is extracted from a service request initiated by a client based on the preset analysis factor in a pre-constructed behavior analysis statistical table, and the index data corresponding to the preset analysis factor is updated according to the extracted feature information, namely, the access behavior of the client to the website is mapped in the behavior analysis statistical table, so that a pluralityof target preset analysis factors meeting an attack judgment rule can be selected from the behavior analysis statistical table according to a preset attack judgment rule before the service request becomes a log; and whether the service request is an attack request or not is judged according to the attack judgment rule and the index data corresponding to the target preset analysis factor, so thatthe attack request is directly blocked, whether the service request is an attack behavior or not can be identified in advance based on the attack request, and the crawler attack identification, namelythe protection efficiency is greatly improved.

Description

technical field [0001] The embodiments of the present invention relate to the technical field of network security, and in particular to a method for defending against network attacks, a server, and a computer-readable storage medium. Background technique [0002] A crawler is a program that automatically obtains web content. It is usually divided into legal crawlers based on its legality, such as search engine crawlers that are purely used to collect data for searchers to consult; and illegal crawlers, such as illegally collecting data. Even malicious crawlers that launch DDoS attacks (Distributed denial of service attack, distributed denial of service attack). [0003] With the development of the Internet, the number of malicious crawlers on the Internet is increasing day by day. These malicious crawlers will forge user information, simulate user behavior, bypass enterprise security policies, and continuously access servers to obtain information. This not only seriously sl...

AI Technical Summary

Problems solved by technology

However, the way of access control to prevent crawler attacks is usually based on conventional known information such as IP (Internet Protocol, Internet Protocol), User-Agent (User Agent), Cookie (data stored on the user's local terminal), etc. Enterprise security policies are set based on characteristics, and such characteristics are easy to forge, so enterprise security policies can be easily bypassed; client access frequency limitation is used to prevent crawler attacks, although it can be done to a certain extent Mitigate the impact of crawler attacks on enterprise business, but with the continuous update and iteration of network hacking technology and tools, the behavior of crawlers is becoming more and more anthropomorphic, so it is difficult to set an appropriate access frequency limit threshold to balance normal users Access and crawler attacks, such as in a multi-user single exit or NAT (Network Address Translation, Network Address Translation) environment, the user group shares the same exit IP, if the threshold is set unreasonably, it may cause serious false positives or false positives. However, based on access log analysis and identification to prevent crawler attacks, there will be a great dependence on the delay of log collection and analysis. Attackers can use proxy IP, second dial IP and other hacking tools to switch identity characteristics to carry out distributed attacks or Ultra-low frequency attacks, resulting in the inability to continuously apply the attack signatures based on log analysis output, thereby bypassing enterprise security policies

Images