Brute force cracking detection method, system and device and medium

Abstract

The invention relates to the technical field of financial science and technology, and discloses a brute force cracking detection method, system and device, and a computer storage medium, and the method comprises the steps: obtaining a suspicious source IP address of which the login failure frequency reaches a preset frequency threshold value in a preset duration; obtaining dimension features of the suspicious source IP address, wherein the number of the dimension features is at least two; and determining whether the login behavior of the suspicious source IP address is a brute force cracking behavior or not according to the dimension characteristics of the suspicious source IP address. Compared with a scheme in the prior art that whether brute force cracking behaviors exist in the IP is determined only according to whether the login failure frequency reaches the threshold value or not, after the suspicious source IP address is determined according to whether the login failure frequency reaches the threshold value or not, comprehensive analysis is performed according to the dimension characteristics of the suspicious source IP address, and then whether the login behavior of the suspicious source IP address is a brute force cracking behavior is determined, so that the one-sidedness and limitation of single-dimension judgment can be avoided, and the accuracy of brute force cracking detection judgment is improved.

Description

Technical field[0001]The present invention relates to the field of financial technology, in particular to violent cracking detection methods, systems, equipment, and computer storage media.Background technique[0002]With the development of computer technology, more and more technologies (large data, distributed, artificial intelligence, etc.) are applied to the financial field, and the traditional financial industry is changing to Fintech, but due to the safety of the financial industry. The versatility requirement, also proposed higher requirements for violent crack detection technology.[0003]Violent crack refers to an attacker to combine various possible user verification information (such as login account names, passwords, etc.) to try various possibilities to crack the user account. An attacker often uses an automated script or a violent crack tool to attack. Since the attacker will use different usernames and passwords frequent login attempts, there will be many entries that hav...

AI Technical Summary

Problems solved by technology

[0004] At present, it is mainly determined whether there is brute force cracking behavior by detecting whether the number of failed logins reaches the threshold. If the number of failed logins reaches the threshold, an alarm will be issued so that security operators can handle the alarm. This method only uses the number of failed logins to issue an alarm. Too one-sided, many normal operations may also cause the number of login failures to reach the threshold. For example, the same IP address uses the same password to log in to the same account repeatedly. This situation may be just a Web / It is only a mobile application. At this time, the system will also issue false alarms, causing security operators to spend a lot of time on alarm processing that is not actually a brute force cracking attack behavior, so that the real brute force cracking attack behavior alarm cannot be processed in a timely manner.

Images