CN105100070A - Method and device for preventing malicious attacks to interface service - Google Patents
Method and device for preventing malicious attacks to interface service Download PDFInfo
- Publication number
- CN105100070A CN105100070A CN201510370116.9A CN201510370116A CN105100070A CN 105100070 A CN105100070 A CN 105100070A CN 201510370116 A CN201510370116 A CN 201510370116A CN 105100070 A CN105100070 A CN 105100070A
- Authority
- CN
- China
- Prior art keywords
- access
- access end
- service
- statistics
- access times
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and device for preventing malicious attacks to an interface service. The method comprises the following steps: performing statistics to obtain the access times of an access end accessing the interface service within preset statistics time; comparing the access times with a preset limit threshold, and judging whether or not the access times exceed the preset limit threshold; and when the access times exceed the preset limit threshold, forbidding the interface service to serve for the access end. Through adoption of the method and device, the problem of failure in providing normal services for a user due to interface service paralysis caused by malicious attacks of malicious programs in a network to the interface service is solved. The beneficial effects of detecting the malicious attacks to the interface service and preventing the malicious programs in the network from making malicious attacks to the interface service are achieved.
Description
Technical field
The present invention relates to computer safety field, be specifically related to a kind of prevent docking port service from carrying out malicious attack method and device.
Background technology
Along with the development of computer networking technology, service provider by network for user provides various service.Usual way is, service provider sets up server in a network, and server provides access interface for user, interface service is used to meet the various demands of user, such as, by interface service for user provides map inquiry, the miscellaneous services such as video file download, online shopping.In addition, also a proxy server can be passed through, for each interface provides agency service, for user provides miscellaneous service.
In the prior art, in network, there is the various device carrying out malicious attack, by the frequent server interface of access services provider or the interface of proxy server, cause server normally for user provides service, even cannot to be paralysed.Thus realize the object of malicious attack interface service.
Summary of the invention
In view of the above problems, the present invention is proposed to provide a kind of overcoming the problems referred to above or method and the device of malicious attack are carried out in the docking port service that prevents that solves the problem at least in part.
According to one aspect of the present invention, provide a kind of method preventing docking port service from carrying out malicious attack, described method comprises:
The access times of statistics access end docking port service in default timing statistics;
Described access times and default threshold limit are compared, judges whether described access times exceed default threshold limit;
When described access times exceed default threshold limit, forbid that interface service is served access end.
Alternatively, described method also comprises:
When described access times exceed default threshold limit, send the announcement information comprising access times and exceeded the prompting of restriction to access end.
Alternatively, described method also comprises:
When described access times do not exceed default threshold limit, interface service is allowed to serve access end.
Alternatively, the access times of described statistics access end docking port service in default timing statistics, comprising:
When access end access interface is served, judge whether the time interval of the initial time of current time and statistics exceedes default timing statistics;
When the described time interval does not exceed default timing statistics, the access times of access end docking port service are counted;
When the described time interval exceedes default timing statistics, the initial time upgrading statistics is current time, and the access times of access end docking port service are re-started counting.
Alternatively, described method also comprises:
Before the access times of statistics access end docking port service in default timing statistics, judge whether the structure stored corresponding to interface service and access end, described structure comprises the variable for record access end access times of docking port service in default timing statistics;
When not having to store the structure corresponding to interface service and access end, creating the structure corresponding to interface service and access end, variable in described structure being carried out initialization, and stores described structure.
Alternatively, the access times of described statistics access end docking port service in default timing statistics, comprising: use the access times of variable to access end docking port service in default timing statistics in structure to add up.
Alternatively, judge whether to comprise the structure that stores corresponding to interface service and access end described in:
Determine to close key value key according to interface service and access end;
Judge the structure whether stored in internal memory corresponding to described pass key value key.
According to a further aspect in the invention, provide a kind of device preventing docking port service from carrying out malicious attack, described device comprises:
Statistical module, is suitable for the access times of adding up access end docking port service in default timing statistics;
Comparison module, is suitable for described access times and default threshold limit to compare, judges whether described access times exceed default threshold limit;
Executive Module, is suitable for, when described access times exceed default threshold limit, forbidding that interface service is served access end.
Alternatively, described device also comprises:
Sending module, is suitable for when described access times exceed default threshold limit, sends the announcement information comprising access times and exceeded the prompting of restriction to access end.
Alternatively, described Executive Module is also suitable for when described access times do not exceed default threshold limit, allows interface service to serve access end.
Alternatively, described statistical module, comprising:
Judge submodule, be suitable for, when access end access interface is served, judging whether the time interval of the initial time of current time and statistics exceedes default timing statistics;
Statistics submodule, is suitable for, when the described time interval does not exceed default timing statistics, the access times of access end docking port service being counted; When the described time interval exceedes default timing statistics, the initial time upgrading statistics is current time, and the access times of access end docking port service are re-started counting.
Alternatively, described device, also comprises:
Initialization module, be suitable for before the access times of statistical module counts access end docking port service in default timing statistics, judge whether the structure stored corresponding to interface service and access end, described structure comprises the variable for record access end access times of docking port service in default timing statistics; When not having to store the structure corresponding to interface service and access end, creating the structure corresponding to interface service and access end, variable in described structure being carried out initialization, and stores described structure.
Alternatively, described statistical module, is suitable for using the access times of variable to access end docking port service in default timing statistics in structure to add up.
Alternatively, described initialization module, is suitable for determining to close key value key according to interface service and access end; Judge the structure whether stored in internal memory corresponding to described pass key value key.
The access times of access end docking port service in default timing statistics can be added up according to technical scheme of the present invention; Access times and default threshold limit are compared, judges whether access times exceed default threshold limit; When access times exceed default threshold limit, forbid that interface service is served access end.Solve thus, because rogue program docking port service malicious attack and cause interface service to be paralysed in network, the problem of normal service cannot be provided for user; Achieve the malicious attack that can detect that docking port is served, and then prevent rogue program docking port service in network from carrying out the beneficial effect of malicious attack.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to technological means of the present invention can be better understood, and can be implemented according to the content of specification, and can become apparent, below especially exemplified by the specific embodiment of the present invention to allow above and other objects of the present invention, feature and advantage.
Accompanying drawing explanation
By reading hereafter detailed description of the preferred embodiment, various other advantage and benefit will become cheer and bright for those of ordinary skill in the art.Accompanying drawing only for illustrating the object of preferred implementation, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts by identical reference symbol.In the accompanying drawings:
Fig. 1 shows the flow chart preventing docking port service from carrying out the method for malicious attack according to an embodiment of the invention;
Fig. 2 shows according to an embodiment of the invention to the flow chart of the method that access times are added up;
Fig. 3 shows the schematic diagram of application scenarios according to an embodiment of the invention;
Fig. 4 shows the flow chart preventing docking port service from carrying out the method for malicious attack according to an embodiment of the invention;
Fig. 5 shows the structure chart preventing docking port service from carrying out the device of malicious attack according to an embodiment of the invention;
Fig. 6 shows the structure chart preventing docking port service from carrying out the device of malicious attack according to an embodiment of the invention; And
Fig. 7 shows the structure chart preventing docking port service from carrying out the device of malicious attack according to an embodiment of the invention.
Embodiment
Below with reference to accompanying drawings exemplary embodiment of the present disclosure is described in more detail.Although show exemplary embodiment of the present disclosure in accompanying drawing, however should be appreciated that can realize the disclosure in a variety of manners and not should limit by the embodiment set forth here.On the contrary, provide these embodiments to be in order to more thoroughly the disclosure can be understood, and complete for the scope of the present disclosure can be conveyed to those skilled in the art.
Fig. 1 shows the flow chart preventing docking port service from carrying out the method for malicious attack according to an embodiment of the invention.The method is used for the various server providing interface, such as, and the server of interface proxy service, the server of multimedia interface service, the server of electric business's interface service.As shown in Figure 1, the method comprises the steps S110-S140.
In step s 110, the access times of access end docking port service in default timing statistics are added up.
Each access end has unique ID, such as, the device hardware of access end can be encoded (as network interface card MAC (media get involved control, MediaAccessControl) address) or mailing address (as IP address) as access end ID.Access end sends access request to server, and access request comprises access end ID.After server receives access request, parse the access end ID in access request, according to access end ID, counting statistics is carried out to the access times of each access end.Malicious attack in network is usually expressed as docking port service within a short period of time and frequently conducts interviews, and then the task burden of interface service is increased suddenly, exceeds the disposal ability of interface service, causes interface service to paralyse.For this feature of malicious attack in network, server is added up the access times of individual access end in certain hour section, and this certain hour section is for presetting timing statistics.
In one embodiment, as shown in Figure 2, the access times of described statistics access end docking port service in default timing statistics, comprise the steps S112-S116.
In step S112, when access end access interface is served, judge whether the time interval of the initial time of current time and statistics exceedes default timing statistics.
In step S114, when the time interval does not exceed default timing statistics, the access times of access end docking port service are counted.
In step S116, when the time interval exceedes default timing statistics, the initial time upgrading statistics is current time, and the access times of access end docking port service are re-started counting.
For example, adopt variables L astStatisticTme to record the initial time of this statistics, adopt the access times of variables A ccessTimesPerInterval to access end docking port service in default timing statistics to count.When detecting that access end access interface is served, this initial time of adding up recorded in current time and variables L astStatisticTme subtracted each other, gained difference is the time interval of current time and this initial time of adding up.Judge whether this time interval exceedes default timing statistics (such as, default timing statistics is 1 minute).If this time interval does not exceed default timing statistics, then numerical value in variables A ccessTimesPerInterval is added 1.If this time interval exceedes default timing statistics, then by value storage in variables A ccessTimesPerInterval in global variable Times, then numerical value in variables A ccessTimesPerInterval is set to 0, and the time in variables L astStatisticTme is updated to current time.So, the statistics to access end access times of docking port service in default timing statistics is completed by variables L astStatisticTme and variables A ccessTimesPerInterval.Above-mentioned variables L astStatisticTme and variables A ccessTimesPerInterval founds for access end ID, namely access end has corresponding variables L astStatisticTme and variables A ccessTimesPerInterval, for for this access end, carry out the statistics of the access times of docking port service in default timing statistics.
In one embodiment, described method also comprises: before the access times of statistics access end docking port service in default timing statistics, judge whether the structure stored corresponding to interface service and access end, this structure comprises the variable of record access end access times of docking port service in default timing statistics; When not having to store the structure corresponding to interface service and access end, creating the structure corresponding to interface service and access end, variable in structure is carried out initialization, and storage organization body.
Wherein, judge whether the structure stored corresponding to interface service and access end, specifically comprise: determine to close key value key according to interface service and access end; Judge in internal memory, whether to have stored the structure corresponding to and close key value key.
Further, the access times of described statistics access end docking port service in default timing statistics, comprising: use the access times of variable to access end docking port service in default timing statistics in structure to add up.
For example, structure LimitValue is created for interface service and access end, the variables A ccessTimesPerInterval for record access end access times of docking port service in default timing statistics can be comprised in structure LimitValue, in addition, also can comprise in structure LimitValue: for recording the variables L astStatisticTme of the initial time of this statistics, for recording the variable StartTime access of access end being started to the time added up, and access the variable SumAccessTimes of total degree for record access end.Adopt the mode of key-value pair (key-value), corresponding to interface service and access end storage organization body LimitValue.Such as, key value key is generated (such as according to interface service and access end ID, with access end IP for access end ID, key is generated) according to interface service service and access end IP, or generate key value key, corresponding key value key storage organization body LimitValue according to interface service service and the secret key appkey of interface.Before the access times of statistics access end docking port service in default timing statistics, key is generated according to interface service and access end, search the value that key is corresponding, if value is not empty, then the structure LimitValue stored for interface service and access end is described.If value is empty, then create the structure LimitValue corresponding to interface service and access end, corresponding key storage organization body LimitValue.
Then, the access times of variable to access end in structure LimitValue are used to add up.When first time adds up the access of access end, the value of variable StartTime is set to current time, the value of variables L astStatisticTme is set to current time, numerical value in variables A ccessTimesPerInterval and variable SumAccessTimes is set to 1 respectively.Afterwards, when detecting that access end is accessed at every turn, this initial time of adding up recorded in current time and variables L astStatisticTme subtracted each other, gained difference is the time interval of current time and this initial time of adding up.Judge whether this time interval exceedes default timing statistics, if this time interval does not exceed default timing statistics, then numerical value in variables A ccessTimesPerInterval is added 1, numerical value in variable SumAccessTimes is added 1; If this time interval exceedes default timing statistics, then numerical value in variable SumAccessTimes is added 1, by value storage in variables A ccessTimesPerInterval in global variable Times, then numerical value in variables A ccessTimesPerInterval is set to 0, and the time in variables L astStatisticTme is updated to current time.So, not only the statistics to access end access times of docking port service in default timing statistics is completed by variables L astStatisticTme and variables A ccessTimesPerInterval; And the total degree of the access of access end docking port service and initial time are added up, to be used where necessary.
In the step s 120, access times and default threshold limit are compared, judge whether access times exceed default threshold limit.
For example, when the time interval exceedes default timing statistics, read numerical value in global variable Times, numerical value and default threshold limit are compared, judges whether this numerical value exceedes default threshold limit.
Also can be that the access times of statistics and default threshold limit are compared when access being detected at every turn, judge whether access times exceed default threshold limit.Such as, when access being detected, judge whether this time interval exceedes default timing statistics at every turn.If this time interval does not exceed default timing statistics, then the access times of access end docking port service are counted, the numerical value of counting and default threshold limit are compared, judge whether the numerical value counted exceedes default threshold limit.If this time interval exceedes default timing statistics, then the access times of access end docking port service are re-started counting, before re-starting counting, the numerical value of counting and default threshold limit are compared, judge whether the numerical value counted exceedes default threshold limit.
In step s 130, which, when access times exceed default threshold limit, forbid that interface service is served access end.
For example, when access times exceed default threshold limit, to interface service send comprise access end ID forbid service order, interface service is received after this forbids service order, forbids providing service to the access end with this access end ID.
In one embodiment, in the present invention, method also comprises: when access times exceed default threshold limit, sends the announcement information comprising access times and exceeded the prompting of restriction to access end.
Such as, send announcement information to access end, notice access end " you exceed restrict access ".
In one embodiment, in the present invention, method also comprises: when access times do not exceed default threshold limit, allows interface service to serve access end.
Embodiment in the present invention, to solve in network the service malicious attack of rogue program docking port and causes interface service to be paralysed, and cannot provide the problem of normal service for user; Achieve the malicious attack that can detect that docking port is served, and then prevent rogue program docking port service in network from carrying out the beneficial effect of malicious attack.
Fig. 3 shows the schematic diagram of application scenarios according to an embodiment of the invention, as shown in Figure 3, provides the server of interface service to be connected by network with between access end.Access end can be terminal equipment also can be another server in network, and it can be that cable network connects that network connects, and also can be that wireless network connects, be not particularly limited this.Fig. 4 shows the flow chart preventing docking port service from carrying out the method for malicious attack according to an embodiment of the invention.The method is used for the various server providing interface service, and as shown in Figure 4, the method comprises the steps.
In step S402, when access end access interface is served, determine to close key value key according to interface service and access end.
Such as, according to access end IP for access end ID, generate key according to interface service service and access end IP, or generate key according to interface service service and the secret key appkey of interface.
In step s 404, judge in internal memory, whether to have stored the structure corresponding to and close key value key.
Such as, function getLimitValue (key) is adopted to obtain structure LimitValue.If the structure LimitValue obtained is empty, then judge do not have in internal memory to store the structure corresponding to key; Otherwise, judge the structure stored in internal memory corresponding to key
In step S406, when not having to store the structure corresponding to interface service and access end, creating the structure corresponding to interface service and access end, variable in structure is carried out initialization, and storage organization body, perform step S418.
Such as, create structure LimitValue, the variables A ccessTimesPerInterval for record access end access times of docking port service in default timing statistics can be comprised in structure LimitValue, in addition, also can comprise in structure LimitValue: for recording the variables L astStatisticTme of the initial time of this statistics, for recording the variable StartTime access of access end being started to the time added up, and access the variable SumAccessTimes of total degree for record access end.
Initialization is carried out to variable in structure, the value of variable StartTime is set to current time, the value of variables L astStatisticTme is set to current time, numerical value in variables A ccessTimesPerInterval and variable SumAccessTimes is set to 1 respectively.Corresponding key storage organization body LimitValue.
In step S408, when storing the structure corresponding to interface service and access end, judge whether the time interval of the initial time of current time and statistics exceedes default timing statistics.
Such as, this initial time of adding up recorded in current time CurTime and variables L astStatisticTme subtracted each other, gained difference is the time interval of current time and this initial time of adding up.Judge whether this time interval exceedes default timing statistics 1 minute.
In step S410, when the time interval does not exceed default timing statistics, the access times of access end docking port service are counted.
Such as, if this time interval does not exceed default timing statistics, then numerical value in variables A ccessTimesPerInterval is added 1, numerical value in variable SumAccessTimes is added 1.
In step S412, when the time interval exceedes default timing statistics, the initial time upgrading statistics is current time, and the access times of access end docking port service are re-started counting.
Such as, if the time interval exceedes default timing statistics, then numerical value in variable SumAccessTimes is added 1, by value storage in variables A ccessTimesPerInterval in global variable Times, then numerical value in variables A ccessTimesPerInterval is set to 0, and the time in variables L astStatisticTme is updated to current time.
In step S414, the access times of statistics and default threshold limit are compared, judge whether access times exceed default threshold limit.
Such as, when the time interval exceedes default timing statistics, numerical value in global variable Times and default threshold limit Limit are compared, when in global variable Times, numerical value exceedes default threshold limit Limit, perform step S416, when numerical value does not exceed default threshold limit Limit in global variable Times, perform step S418.
When the time interval does not exceed default timing statistics, numerical value in variables A ccessTimesPerInterval and default threshold limit Limit are compared, when numerical value in variables A ccessTimesPerInterval exceedes default threshold limit Limit, perform step S416, when numerical value in variables A ccessTimesPerInterval does not exceed default threshold limit Limit, perform step S418.
In step S416, when access times exceed default threshold limit, forbid that interface service is served access end, send the announcement information comprising access times and exceeded the prompting of restriction to access end.
Such as, when access times exceed default threshold limit, forbid that interface service is served access end, send json formatted data to access end, prompting " request exceedes restrict access ".
In step S418, when access times do not exceed default threshold limit, interface service is allowed to serve access end.
The exemplary preventing docking port service from carrying out the method for malicious attack that above are only embodiments of the invention illustrates, the present invention is not limited thereto.All do within spirit of the present invention or principle any amendment, equivalent replacement, improvement etc., be all included in protection scope of the present invention.
Fig. 5 shows the structure chart preventing docking port service from carrying out the device of malicious attack according to an embodiment of the invention.This device is used for the various server providing interface service, such as, and the server of interface proxy service, the server of multimedia interface service, the server of electric business's interface service.As shown in Figure 5, this device comprises module.
Statistical module 510, is suitable for the access times of adding up access end docking port service in default timing statistics;
Comparison module 520, is suitable for access times and default threshold limit to compare, judges whether access times exceed default threshold limit;
Executive Module 530, is suitable for, when access times exceed default threshold limit, forbidding that interface service is served access end.
Wherein, statistical module 510, comparison module 520 and Executive Module 530 can be software module, also can be hardware statistics device, comparator and actuator in server.
For example, each access end has unique ID, such as, the device hardware of access end can be encoded (as network interface card MAC (media get involved control, MediaAccessControl) address) or mailing address (as IP address) as access end ID.Access end sends access request to server, and access request comprises access end ID.Statistical module 510 carries out counting statistics according to access end ID in access request to the access times of each access end.Malicious attack in network is usually expressed as docking port service within a short period of time and frequently conducts interviews, and then the task burden of interface service is increased suddenly, exceeds the disposal ability of interface service, causes interface service to paralyse.For this feature of malicious attack in network, the access times of statistical module 510 pairs of individual access ends in certain hour section are added up, and this certain hour section is for presetting timing statistics.
The access times of the access end of statistics and default threshold limit when the time interval exceedes default timing statistics between the initial time of current time and statistics, compare, judge whether this numerical value exceedes default threshold limit by comparison module 520.
The access times of statistics and default threshold limit also when access being detected at every turn, can compare by comparison module 520, judge whether access times exceed default threshold limit.Such as, when access being detected at every turn, comparison module 520 is not when the time interval exceedes default timing statistics, the numerical value and the default threshold limit that the access times of statistical module 510 pairs of access end docking ports service are carried out counting gained compare, and judge whether the numerical value counted exceedes default threshold limit; When the time interval exceedes default timing statistics, statistical module 510 is carried out counting institute's value to comparison module 520 before re-starting counting to the access times of access end docking port service and default threshold limit compares, and judges whether the numerical value counted exceedes default threshold limit.
When access times exceed default threshold limit, Executive Module 530 to interface service send comprise access end ID forbid service order, interface service is received after this forbids service order, forbids providing service to the access end with this access end ID.
In one embodiment, as shown in Figure 6, described device also comprises: sending module 540, is suitable for when access times exceed default threshold limit, sends the announcement information comprising access times and exceeded the prompting of restriction to access end.
Wherein, sending module 540 can be software module, also can be the hardware transmitter in server.
In one embodiment, Executive Module 530 is also suitable for when access times do not exceed default threshold limit, allows interface service to serve access end.
In one embodiment, as shown in Figure 7, statistical module 510, comprising:
Judge submodule 512, be suitable for, when access end access interface is served, judging whether the time interval of the initial time of current time and statistics exceedes default timing statistics;
Statistics submodule 514, is suitable for, when the time interval does not exceed default timing statistics, the access times of access end docking port service being counted; When the time interval exceedes default timing statistics, the initial time upgrading statistics is current time, and the access times of access end docking port service are re-started counting.
For example, adopt variables L astStatisticTme to record the initial time of this statistics, adopt the access times of variables A ccessTimesPerInterval to access end docking port service in default timing statistics to count.Judge that submodule 512 is when detecting that access end access interface is served, this initial time of adding up recorded in current time and variables L astStatisticTme subtracted each other, gained difference is the time interval of current time and this initial time of adding up.Judge that submodule 512 judges whether this time interval exceedes default timing statistics (such as, default timing statistics is 1 minute).Numerical value in variables A ccessTimesPerInterval, when the time interval does not exceed default timing statistics, is added 1 by statistics submodule 514.Statistics submodule 514 is when the time interval exceedes default timing statistics, by value storage in variables A ccessTimesPerInterval in global variable Times, then numerical value in variables A ccessTimesPerInterval is set to 0, and the time in variables L astStatisticTme is updated to current time.So, the statistics to access end access times of docking port service in default timing statistics is completed by variables L astStatisticTme and variables A ccessTimesPerInterval.Above-mentioned variables L astStatisticTme and variables A ccessTimesPerInterval founds for access end ID, namely access end has corresponding variables L astStatisticTme and variables A ccessTimesPerInterval, for for this access end, carry out the statistics of the access times of docking port service in default timing statistics.
In one embodiment, device as shown in Figure 6, also comprises:
Initialization module 550, be suitable for before the access times of statistical module counts access end docking port service in default timing statistics, judge whether the structure stored corresponding to interface service and access end, described structure comprises the variable for record access end access times of docking port service in default timing statistics; When not having to store the structure corresponding to interface service and access end, creating the structure corresponding to interface service and access end, variable in described structure being carried out initialization, and stores described structure.
Wherein, initialization module 550, is suitable for determining to close key value key according to interface service and access end; Judge the structure whether stored in internal memory corresponding to described pass key value key.
Further, statistical module 510, is suitable for using the access times of variable to access end docking port service in default timing statistics in structure to add up.
For example, structure LimitValue is created for interface service and access end, the variables A ccessTimesPerInterval for record access end access times of docking port service in default timing statistics can be comprised in structure LimitValue, in addition, also can comprise in structure LimitValue: for recording the variables L astStatisticTme of the initial time of this statistics, for recording the variable StartTime access of access end being started to the time added up, and access the variable SumAccessTimes of total degree for record access end.Adopt the mode of key-value pair (key-value), corresponding to interface service and access end storage organization body LimitValue.Such as, initialization module 550 generates key value key (such as according to interface service and access end ID, with access end IP for access end ID, key is generated) according to interface service service and access end IP, or generate key value key, corresponding key value key storage organization body LimitValue according to interface service service and the secret key appkey of interface.Initialization module 550 is before statistical module 510 adds up the access times of access end docking port service in default timing statistics, key is generated according to interface service and access end, search the value that key is corresponding, if value is not empty, then the structure LimitValue stored for interface service and access end is described.If value is empty, then create the structure LimitValue corresponding to interface service and access end, corresponding key storage organization body LimitValue.
Then, statistical module 510 uses the access times of variable to access end in structure LimitValue to add up.When first time adds up the access of access end, the value of variable StartTime is set to current time by initialization module 550, the value of variables L astStatisticTme is set to current time, numerical value in variables A ccessTimesPerInterval and variable SumAccessTimes is set to 1 respectively.Judge that submodule 512 is when detecting that access end is accessed at every turn, this initial time of adding up recorded in current time and variables L astStatisticTme subtracted each other, gained difference is the time interval of current time and this initial time of adding up.Judge that submodule 512 judges whether this time interval exceedes default timing statistics.Numerical value in variables A ccessTimesPerInterval, when judging that submodule 512 determination time interval does not exceed default timing statistics, is added 1, numerical value in variable SumAccessTimes is added 1 by statistics submodule 514; Statistics submodule 514 is when judging that submodule 512 determination time, interval exceeded default timing statistics, numerical value in variable SumAccessTimes is added 1, by value storage in variables A ccessTimesPerInterval in global variable Times, then numerical value in variables A ccessTimesPerInterval is set to 0, and the time in variables L astStatisticTme is updated to current time.So, not only the statistics to access end access times of docking port service in default timing statistics is completed by variables L astStatisticTme and variables A ccessTimesPerInterval; And the total degree of the access of access end docking port service and initial time are added up, to be used where necessary.
The exemplary illustration of said apparatus, see the detailed description of corresponding part in said method, does not repeat them here.
Embodiment in the present invention, to solve in network the service malicious attack of rogue program docking port and causes interface service to be paralysed, and cannot provide the problem of normal service for user; Achieve the malicious attack that can detect that docking port is served, and then prevent rogue program docking port service in network from carrying out the beneficial effect of malicious attack.
The present invention includes following technical scheme.
A1, a kind of method preventing docking port service from carrying out malicious attack, described method comprises:
The access times of statistics access end docking port service in default timing statistics;
Described access times and default threshold limit are compared, judges whether described access times exceed default threshold limit;
When described access times exceed default threshold limit, forbid that interface service is served access end.
A2, method according to A1, wherein, described method also comprises:
When described access times exceed default threshold limit, send the announcement information comprising access times and exceeded the prompting of restriction to access end.
A3, method according to A1, wherein, described method also comprises:
When described access times do not exceed default threshold limit, interface service is allowed to serve access end.
A4, method according to A1, wherein, the access times of described statistics access end docking port service in default timing statistics, comprising:
When access end access interface is served, judge whether the time interval of the initial time of current time and statistics exceedes default timing statistics;
When the described time interval does not exceed default timing statistics, the access times of access end docking port service are counted;
When the described time interval exceedes default timing statistics, the initial time upgrading statistics is current time, and the access times of access end docking port service are re-started counting.
A5, method according to A1, wherein, described method also comprises:
Before the access times of statistics access end docking port service in default timing statistics, judge whether the structure stored corresponding to interface service and access end, described structure comprises the variable for record access end access times of docking port service in default timing statistics;
When not having to store the structure corresponding to interface service and access end, creating the structure corresponding to interface service and access end, variable in described structure being carried out initialization, and stores described structure.
A6, method according to A5, wherein, the access times of described statistics access end docking port service in default timing statistics, comprising: use the access times of variable to access end docking port service in default timing statistics in structure to add up.
A7, method according to A5, wherein, described in judge whether to comprise the structure that stores corresponding to interface service and access end:
Determine to close key value key according to interface service and access end;
Judge the structure whether stored in internal memory corresponding to described pass key value key.
B8, a kind of device preventing docking port service from carrying out malicious attack, described device comprises:
Statistical module, is suitable for the access times of adding up access end docking port service in default timing statistics;
Comparison module, is suitable for described access times and default threshold limit to compare, judges whether described access times exceed default threshold limit;
Executive Module, is suitable for, when described access times exceed default threshold limit, forbidding that interface service is served access end.
B9, device according to B8, wherein, described device also comprises:
Sending module, is suitable for when described access times exceed default threshold limit, sends the announcement information comprising access times and exceeded the prompting of restriction to access end.
B10, device according to B8, wherein, described Executive Module is also suitable for when described access times do not exceed default threshold limit, allows interface service to serve access end.
B11, device according to B8, wherein, described statistical module, comprising:
Judge submodule, be suitable for, when access end access interface is served, judging whether the time interval of the initial time of current time and statistics exceedes default timing statistics;
Statistics submodule, is suitable for, when the described time interval does not exceed default timing statistics, the access times of access end docking port service being counted; When the described time interval exceedes default timing statistics, the initial time upgrading statistics is current time, and the access times of access end docking port service are re-started counting.
B12, device according to B8, wherein, described device, also comprises:
Initialization module, be suitable for before the access times of statistical module counts access end docking port service in default timing statistics, judge whether the structure stored corresponding to interface service and access end, described structure comprises the variable for record access end access times of docking port service in default timing statistics; When not having to store the structure corresponding to interface service and access end, creating the structure corresponding to interface service and access end, variable in described structure being carried out initialization, and stores described structure.
B13, device according to B12, wherein, described statistical module, is suitable for using the access times of variable to access end docking port service in default timing statistics in structure to add up.
B14, device according to B12, wherein, described initialization module, is suitable for determining to close key value key according to interface service and access end; Judge the structure whether stored in internal memory corresponding to described pass key value key.
It should be noted that:
Intrinsic not relevant to any certain computer, virtual bench or miscellaneous equipment with display at this algorithm provided.Various fexible unit also can with use based on together with this teaching.According to description above, the structure constructed required by this kind of device is apparent.In addition, the present invention is not also for any certain programmed language.It should be understood that and various programming language can be utilized to realize content of the present invention described here, and the description done language-specific is above to disclose preferred forms of the present invention.
In specification provided herein, describe a large amount of detail.But can understand, embodiments of the invention can be put into practice when not having these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand in each inventive aspect one or more, in the description above to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes.But, the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires feature more more than the feature clearly recorded in each claim.Or rather, as claims below reflect, all features of disclosed single embodiment before inventive aspect is to be less than.Therefore, the claims following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and adaptively can change the module in the equipment in embodiment and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or unit be mutually repel except, any combination can be adopted to combine all processes of all features disclosed in this specification (comprising adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment or unit.Unless expressly stated otherwise, each feature disclosed in this specification (comprising adjoint claim, summary and accompanying drawing) can by providing identical, alternative features that is equivalent or similar object replaces.
In addition, those skilled in the art can understand, although embodiments more described herein to comprise in other embodiment some included feature instead of further feature, the combination of the feature of different embodiment means and to be within scope of the present invention and to form different embodiments.Such as, in the following claims, the one of any of embodiment required for protection can use with arbitrary compound mode.
All parts embodiment of the present invention with hardware implementing, or can realize with the software module run on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that and microprocessor or digital signal processor (DSP) can be used in practice to realize carrying out the some or all functions of the some or all parts in the equipment of malicious attack according to the docking port service that prevents of the embodiment of the present invention.The present invention can also be embodied as part or all equipment for performing method as described herein or device program (such as, computer program and computer program).Realizing program of the present invention and can store on a computer-readable medium like this, or the form of one or more signal can be had.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form.
The present invention will be described instead of limit the invention to it should be noted above-described embodiment, and those skilled in the art can design alternative embodiment when not departing from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and does not arrange element in the claims or step.Word "a" or "an" before being positioned at element is not got rid of and be there is multiple such element.The present invention can by means of including the hardware of some different elements and realizing by means of the computer of suitably programming.In the unit claim listing some devices, several in these devices can be carry out imbody by same hardware branch.Word first, second and third-class use do not represent any order.Can be title by these word explanations.
Claims (10)
1. prevent docking port service from carrying out a method for malicious attack, described method comprises:
The access times of statistics access end docking port service in default timing statistics;
Described access times and default threshold limit are compared, judges whether described access times exceed default threshold limit;
When described access times exceed default threshold limit, forbid that interface service is served access end.
2. method according to claim 1, wherein, described method also comprises:
When described access times exceed default threshold limit, send the announcement information comprising access times and exceeded the prompting of restriction to access end.
3. method according to claim 1, wherein, described method also comprises:
When described access times do not exceed default threshold limit, interface service is allowed to serve access end.
4. method according to claim 1, wherein, the access times of described statistics access end docking port service in default timing statistics, comprising:
When access end access interface is served, judge whether the time interval of the initial time of current time and statistics exceedes default timing statistics;
When the described time interval does not exceed default timing statistics, the access times of access end docking port service are counted;
When the described time interval exceedes default timing statistics, the initial time upgrading statistics is current time, and the access times of access end docking port service are re-started counting.
5. method according to claim 1, wherein, described method also comprises:
Before the access times of statistics access end docking port service in default timing statistics, judge whether the structure stored corresponding to interface service and access end, described structure comprises the variable for record access end access times of docking port service in default timing statistics;
When not having to store the structure corresponding to interface service and access end, creating the structure corresponding to interface service and access end, variable in described structure being carried out initialization, and stores described structure.
6. prevent docking port service from carrying out a device for malicious attack, described device comprises:
Statistical module, is suitable for the access times of adding up access end docking port service in default timing statistics;
Comparison module, is suitable for described access times and default threshold limit to compare, judges whether described access times exceed default threshold limit;
Executive Module, is suitable for, when described access times exceed default threshold limit, forbidding that interface service is served access end.
7. device according to claim 6, wherein, described device also comprises:
Sending module, is suitable for when described access times exceed default threshold limit, sends the announcement information comprising access times and exceeded the prompting of restriction to access end.
8. device according to claim 6, wherein, described Executive Module is also suitable for when described access times do not exceed default threshold limit, allows interface service to serve access end.
9. device according to claim 6, wherein, described statistical module, comprising:
Judge submodule, be suitable for, when access end access interface is served, judging whether the time interval of the initial time of current time and statistics exceedes default timing statistics;
Statistics submodule, is suitable for, when the described time interval does not exceed default timing statistics, the access times of access end docking port service being counted; When the described time interval exceedes default timing statistics, the initial time upgrading statistics is current time, and the access times of access end docking port service are re-started counting.
10. device according to claim 6, wherein, described device, also comprises:
Initialization module, be suitable for before the access times of statistical module counts access end docking port service in default timing statistics, judge whether the structure stored corresponding to interface service and access end, described structure comprises the variable for record access end access times of docking port service in default timing statistics; When not having to store the structure corresponding to interface service and access end, creating the structure corresponding to interface service and access end, variable in described structure being carried out initialization, and stores described structure.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510370116.9A CN105100070A (en) | 2015-06-29 | 2015-06-29 | Method and device for preventing malicious attacks to interface service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510370116.9A CN105100070A (en) | 2015-06-29 | 2015-06-29 | Method and device for preventing malicious attacks to interface service |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105100070A true CN105100070A (en) | 2015-11-25 |
Family
ID=54579617
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510370116.9A Pending CN105100070A (en) | 2015-06-29 | 2015-06-29 | Method and device for preventing malicious attacks to interface service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105100070A (en) |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105471892A (en) * | 2015-12-28 | 2016-04-06 | 湖南蚁坊软件有限公司 | User behavior frequency limiting method based on system resources |
| CN105553996A (en) * | 2015-12-23 | 2016-05-04 | 北京奇虎科技有限公司 | Method and device for processing data access request |
| CN105933785A (en) * | 2016-05-23 | 2016-09-07 | 武汉斗鱼网络科技有限公司 | Method and device for controlling game operation direction with live commenting |
| CN106777042A (en) * | 2016-12-09 | 2017-05-31 | 广州华多网络科技有限公司 | A kind of entry extracting method and device |
| CN107277008A (en) * | 2017-06-16 | 2017-10-20 | 福建中金在线信息科技有限公司 | It is a kind of to limit method, device and the electronic equipment for accessing network interface |
| CN107958165A (en) * | 2016-10-18 | 2018-04-24 | 国民技术股份有限公司 | A kind of anti-attack system, method and electronic equipment |
| CN108234341A (en) * | 2018-01-25 | 2018-06-29 | 北京搜狐新媒体信息技术有限公司 | The passive current-limiting method of Nginx dynamics and system based on device-fingerprint |
| CN108234342A (en) * | 2018-01-25 | 2018-06-29 | 北京搜狐新媒体信息技术有限公司 | Nginx dynamic active current-limiting methods and system based on device-fingerprint |
| CN108306874A (en) * | 2018-01-29 | 2018-07-20 | 口碑(上海)信息技术有限公司 | Service interface accesses current-limiting method and device |
| CN108874948A (en) * | 2018-06-05 | 2018-11-23 | 中国农业银行股份有限公司 | A kind of site resource access method and device |
| CN108965158A (en) * | 2017-05-17 | 2018-12-07 | 互联网域名***北京市工程研究中心有限公司 | A kind of cybersquatting current-limiting method, apparatus and system |
| CN109150290A (en) * | 2018-10-23 | 2019-01-04 | 中国科学院信息工程研究所 | A kind of satellite lightweight data transmission protection and ground safety service system |
| CN109743295A (en) * | 2018-12-13 | 2019-05-10 | 平安科技(深圳)有限公司 | Access thresholds method of adjustment, device, computer equipment and storage medium |
| CN109784065A (en) * | 2018-12-04 | 2019-05-21 | 北京达佳互联信息技术有限公司 | Access control method, device, server and storage medium |
| CN109784045A (en) * | 2017-11-14 | 2019-05-21 | 厦门雅迅网络股份有限公司 | Dual system communications access control method and computer readable storage medium |
| CN110177075A (en) * | 2019-04-15 | 2019-08-27 | 深圳壹账通智能科技有限公司 | Abnormal access hold-up interception method, device, computer equipment and storage medium |
| CN111064677A (en) * | 2019-11-11 | 2020-04-24 | 福建天泉教育科技有限公司 | Flow control method based on back-end access quantity and storage medium |
| CN111224939A (en) * | 2019-11-15 | 2020-06-02 | 上海钧正网络科技有限公司 | Task request intercepting method and device, computer equipment and storage medium |
| CN111866101A (en) * | 2020-07-08 | 2020-10-30 | 深圳市欢太科技有限公司 | Access request processing method and device, storage medium and electronic equipment |
| CN111953635A (en) * | 2019-05-15 | 2020-11-17 | 福建天晴数码有限公司 | Interface request processing method and computer-readable storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102325148A (en) * | 2011-05-25 | 2012-01-18 | 重庆新媒农信科技有限公司 | WebService service calling method |
| CN102769549A (en) * | 2011-05-05 | 2012-11-07 | 腾讯科技(深圳)有限公司 | Network security monitoring method and device |
| CN104346563A (en) * | 2013-08-09 | 2015-02-11 | 联想(北京)有限公司 | Information processing method and electronic equipment |
| CN104683457A (en) * | 2015-02-13 | 2015-06-03 | 小米科技有限责任公司 | Concurrency control method and device |
-
2015
- 2015-06-29 CN CN201510370116.9A patent/CN105100070A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102769549A (en) * | 2011-05-05 | 2012-11-07 | 腾讯科技(深圳)有限公司 | Network security monitoring method and device |
| CN102325148A (en) * | 2011-05-25 | 2012-01-18 | 重庆新媒农信科技有限公司 | WebService service calling method |
| CN104346563A (en) * | 2013-08-09 | 2015-02-11 | 联想(北京)有限公司 | Information processing method and electronic equipment |
| CN104683457A (en) * | 2015-02-13 | 2015-06-03 | 小米科技有限责任公司 | Concurrency control method and device |
Cited By (32)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105553996A (en) * | 2015-12-23 | 2016-05-04 | 北京奇虎科技有限公司 | Method and device for processing data access request |
| CN105553996B (en) * | 2015-12-23 | 2019-07-26 | 北京奇虎科技有限公司 | Handle the method and device of data access request |
| CN105471892B (en) * | 2015-12-28 | 2018-11-20 | 湖南蚁坊软件股份有限公司 | A kind of user behavior frequency method for limiting based on system resource |
| CN105471892A (en) * | 2015-12-28 | 2016-04-06 | 湖南蚁坊软件有限公司 | User behavior frequency limiting method based on system resources |
| CN105933785A (en) * | 2016-05-23 | 2016-09-07 | 武汉斗鱼网络科技有限公司 | Method and device for controlling game operation direction with live commenting |
| CN107958165A (en) * | 2016-10-18 | 2018-04-24 | 国民技术股份有限公司 | A kind of anti-attack system, method and electronic equipment |
| CN106777042A (en) * | 2016-12-09 | 2017-05-31 | 广州华多网络科技有限公司 | A kind of entry extracting method and device |
| CN106777042B (en) * | 2016-12-09 | 2019-10-18 | 广州华多网络科技有限公司 | A kind of entry extracting method and device |
| CN108965158A (en) * | 2017-05-17 | 2018-12-07 | 互联网域名***北京市工程研究中心有限公司 | A kind of cybersquatting current-limiting method, apparatus and system |
| CN107277008A (en) * | 2017-06-16 | 2017-10-20 | 福建中金在线信息科技有限公司 | It is a kind of to limit method, device and the electronic equipment for accessing network interface |
| CN109784045B (en) * | 2017-11-14 | 2023-08-22 | 厦门雅迅网络股份有限公司 | Dual system communication access control method and computer readable storage medium |
| CN109784045A (en) * | 2017-11-14 | 2019-05-21 | 厦门雅迅网络股份有限公司 | Dual system communications access control method and computer readable storage medium |
| CN108234342A (en) * | 2018-01-25 | 2018-06-29 | 北京搜狐新媒体信息技术有限公司 | Nginx dynamic active current-limiting methods and system based on device-fingerprint |
| CN108234342B (en) * | 2018-01-25 | 2021-08-13 | 北京搜狐新媒体信息技术有限公司 | Nginx dynamic active current limiting method and system based on equipment fingerprint |
| CN108234341B (en) * | 2018-01-25 | 2021-06-11 | 北京搜狐新媒体信息技术有限公司 | Nginx dynamic passive current limiting method and system based on equipment fingerprint |
| CN108234341A (en) * | 2018-01-25 | 2018-06-29 | 北京搜狐新媒体信息技术有限公司 | The passive current-limiting method of Nginx dynamics and system based on device-fingerprint |
| CN108306874A (en) * | 2018-01-29 | 2018-07-20 | 口碑(上海)信息技术有限公司 | Service interface accesses current-limiting method and device |
| CN108306874B (en) * | 2018-01-29 | 2020-03-10 | 口碑(上海)信息技术有限公司 | Service interface access current limiting method and device |
| CN108874948A (en) * | 2018-06-05 | 2018-11-23 | 中国农业银行股份有限公司 | A kind of site resource access method and device |
| CN108874948B (en) * | 2018-06-05 | 2021-04-02 | 中国农业银行股份有限公司 | Website resource access method and device |
| CN109150290B (en) * | 2018-10-23 | 2020-09-15 | 中国科学院信息工程研究所 | Satellite lightweight data transmission protection method and ground safety service system |
| CN109150290A (en) * | 2018-10-23 | 2019-01-04 | 中国科学院信息工程研究所 | A kind of satellite lightweight data transmission protection and ground safety service system |
| CN109784065A (en) * | 2018-12-04 | 2019-05-21 | 北京达佳互联信息技术有限公司 | Access control method, device, server and storage medium |
| CN109743295B (en) * | 2018-12-13 | 2022-04-12 | 平安科技(深圳)有限公司 | Access threshold adjusting method and device, computer equipment and storage medium |
| CN109743295A (en) * | 2018-12-13 | 2019-05-10 | 平安科技(深圳)有限公司 | Access thresholds method of adjustment, device, computer equipment and storage medium |
| CN110177075A (en) * | 2019-04-15 | 2019-08-27 | 深圳壹账通智能科技有限公司 | Abnormal access hold-up interception method, device, computer equipment and storage medium |
| CN110177075B (en) * | 2019-04-15 | 2023-08-22 | 深圳壹账通智能科技有限公司 | Abnormal access interception method, device, computer equipment and storage medium |
| CN111953635A (en) * | 2019-05-15 | 2020-11-17 | 福建天晴数码有限公司 | Interface request processing method and computer-readable storage medium |
| CN111064677A (en) * | 2019-11-11 | 2020-04-24 | 福建天泉教育科技有限公司 | Flow control method based on back-end access quantity and storage medium |
| CN111224939A (en) * | 2019-11-15 | 2020-06-02 | 上海钧正网络科技有限公司 | Task request intercepting method and device, computer equipment and storage medium |
| CN111866101B (en) * | 2020-07-08 | 2023-05-26 | 深圳市欢太科技有限公司 | Access request processing method and device, storage medium and electronic equipment |
| CN111866101A (en) * | 2020-07-08 | 2020-10-30 | 深圳市欢太科技有限公司 | Access request processing method and device, storage medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105100070A (en) | Method and device for preventing malicious attacks to interface service | |
| US11271955B2 (en) | Platform and method for retroactive reclassification employing a cybersecurity-based global data store | |
| US10133870B2 (en) | Customizing a security report using static analysis | |
| US9531746B2 (en) | Generating accurate preemptive security device policy tuning recommendations | |
| US11240275B1 (en) | Platform and method for performing cybersecurity analyses employing an intelligence hub with a modular architecture | |
| US9736182B1 (en) | Context-aware compromise assessment | |
| US20130055401A1 (en) | Terminal and method for providing risk of application using the same | |
| CN103701795A (en) | Identification method and device for attack source of denial of service attack | |
| CN103368904A (en) | Mobile terminal, and system and method for suspicious behavior detection and judgment | |
| CN105095788A (en) | Method, device and system for private data protection | |
| CN101931557B (en) | User behaviour auditing method and system | |
| CN111212031A (en) | Control method and device for interface access frequency, electronic equipment and storage medium | |
| CN110889132A (en) | Distributed application permission verification method and device | |
| CN111861465A (en) | Detection method and device based on intelligent contract, storage medium and electronic device | |
| CN105528251A (en) | Application notification information processing method and device and mobile terminal | |
| US10003602B2 (en) | Determining email authenticity | |
| CN105099766A (en) | Method and device for preventing interface from occupying resource excessively | |
| US11836269B2 (en) | Protection of data of database clients from persistent adversaries | |
| CN108345793A (en) | A kind of extracting method and device of software detection feature | |
| US10897483B2 (en) | Intrusion detection system for automated determination of IP addresses | |
| CN104052720A (en) | Information authentication method and system thereof | |
| Choi et al. | Large-scale analysis of remote code injection attacks in android apps | |
| WO2021099959A1 (en) | Cluster security based on virtual machine content | |
| CN105653904A (en) | Application screen-locking processing method and apparatus as well as mobile terminal | |
| CN108471422B (en) | Method, device, server and medium for judging remote login |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20151125 |
|
| RJ01 | Rejection of invention patent application after publication |