CN106302515A - A kind of method and apparatus of web portal security protection - Google Patents

A kind of method and apparatus of web portal security protection Download PDF

Info

Publication number
CN106302515A
CN106302515A CN201610811816.1A CN201610811816A CN106302515A CN 106302515 A CN106302515 A CN 106302515A CN 201610811816 A CN201610811816 A CN 201610811816A CN 106302515 A CN106302515 A CN 106302515A
Authority
CN
China
Prior art keywords
protection
subitem
classification
engine
vulnerability
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610811816.1A
Other languages
Chinese (zh)
Other versions
CN106302515B (en
Inventor
吴庆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPTech Technologies Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN201610811816.1A priority Critical patent/CN106302515B/en
Publication of CN106302515A publication Critical patent/CN106302515A/en
Application granted granted Critical
Publication of CN106302515B publication Critical patent/CN106302515B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides the method and apparatus that a kind of web portal security protects, and is applied to safety protection equipment, and described method includes: periodically the protection subitem of website is carried out vulnerability scanning;Based on vulnerability scanning result, described protection subitem is divided into different classification;Based on the protection engine corresponding with the classification of described protection subitem, described protection subitem is protected;Wherein, the protection engine that the protection subitem of different classification is corresponding is different.The technical scheme using the application to provide, preferably can carry out security protection to website.

Description

A kind of method and apparatus of web portal security protection
Technical field
The application relates to network communication technology field, the method and apparatus protected particularly to a kind of web portal security.
Background technology
Along with social informatization degree is more and more higher, website is in the environment of the such a opposing open in the Internet, respectively The complexity of class web application system and multiformity, cause the system vulnerability of website to emerge in an endless stream, virus wooden horse and malicious code Wreaking havoc on the net, hacker attacks and the security incident distorting website happen occasionally.
Summary of the invention
In view of this, the application provides a kind of web portal security means of defence and device, is applied to safety protection equipment.
Specifically, the application is achieved by the following technical solution:
The method of a kind of web portal security protection, is applied to safety protection equipment, including:
Periodically the protection subitem of website is carried out vulnerability scanning;
Based on vulnerability scanning result, described protection subitem is divided into different classification;
Based on the protection engine corresponding with the classification of described protection subitem, described protection subitem is protected;Wherein, no The protection engine corresponding with the protection subitem of classification is different.
The device of a kind of web portal security protection, is applied to safety protection equipment, including:
Scanning element, for periodically carrying out vulnerability scanning to the protection subitem of website;
Division unit, for based on vulnerability scanning result, is divided into different classification by described protection subitem;
Protective unit, for based on the protection engine corresponding with the classification of described protection subitem, entering described protection subitem Row protection;Wherein, the protection engine that the protection subitem of different classification is corresponding is different.
The technical scheme provided from above the application, carries out leak by periodically protection subitem to website and sweeps Retouch;Based on vulnerability scanning result, described protection subitem is divided into different classification;Based on right with the classification of described protection subitem The protection engine answered, protects described protection subitem;Wherein, the protection engine that the protection subitem of different classification is corresponding is not With.
Owing to website updates, the vulnerability scanning result of protection subitem generally also can change, thereby through the cycle Property ground the protection subitem of website is carried out vulnerability scanning, according to scanning result, the division dynamically protection subitem classified, And use corresponding protection engine that protection subitem is protected, more reasonably protection subitem can be carried out dynamic and prevent Protect, preferably website is protected.
Accompanying drawing explanation
Fig. 1 is the method flow diagram of a kind of web portal security protection shown in the application one exemplary embodiment;
Fig. 2 is the hardware structure diagram of the device of a kind of web portal security protection shown in the application one exemplary embodiment;
Fig. 3 is the device of a kind of web portal security protection shown in the application one exemplary embodiment.
Detailed description of the invention
Here will illustrate exemplary embodiment in detail, its example represents in the accompanying drawings.Explained below relates to During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represents same or analogous key element.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they are only with the most appended The example of the apparatus and method that some aspects that described in detail in claims, the application are consistent.
It is only merely for describing the purpose of specific embodiment at term used in this application, and is not intended to be limiting the application. " a kind of ", " described " and " being somebody's turn to do " of singulative used in the application and appended claims is also intended to include majority Form, unless context clearly shows that other implications.It is also understood that term "and/or" used herein refers to and wraps Any or all containing one or more projects of listing being associated may combination.
Although should be appreciated that in the application possible employing term first, second, third, etc. to describe various information, but this A little information should not necessarily be limited by these terms.These terms are only used for same type of information is distinguished from each other out.Such as, without departing from In the case of the application scope, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as One information.Depend on linguistic context, word as used in this " if " can be construed to " ... time " or " when ... Time " or " in response to determining ".
In the related, when website is protected, it is common that the web page code by timing probe website is deposited Leak, then generate corresponding protection rule according to the feature of leak detected, finally use the protection rule of generation Described website is protected.
Wherein, when whether the web page code detecting website exists leak, generally can be by the multiple detection sides collected Method 1 web page code described in a pair detects.
When web page code website being detected exists leak, can automatically generate according to the feature of leak and protect rule accordingly Then, and build virtual patch protection engine based on the protection rule generated, then use this virtual patch protection engine to described Website is protected.
But, although above scheme is capable of the leak existed by active detecting website, automatically generate corresponding Protection rule, carries out security protection, but judges net owing to whether existing active scan web page code changes website The mechanism whether content of standing changes, and do not take into account all situations that web site contents changes, web site contents is sent out sometimes Changing can't cause web page code also to change.If therefore web site contents changes, cause introducing new leak, Only use based on timing scan to leak automatically generate protection rule website is carried out security protection, website may be there is After content changes, it is impossible to the problem in time website protected.
In order to solve problem present in correlation technique, the method that this application provides the protection of a kind of web portal security.Pass through Periodically the protection subitem of website is carried out vulnerability scanning;Based on vulnerability scanning result, described protection subitem is divided into not Same classification;Based on the protection engine corresponding with the classification of described protection subitem, described protection subitem is protected;Wherein, The protection engine that the protection subitem of different classification is corresponding is different.
Owing to website updates (content or the web page code of such as website change), the leak of protection subitem is swept Retouch result generally also can change, thereby through periodically the protection subitem of website being carried out vulnerability scanning, according to leak Scanning result, dynamically classifies to protection subitem, and for different classification, is respectively adopted different protection engines to guarantor Protect subitem to protect, can more reasonably to protection subitem carry out security protection, to avoid in the prior art, only use with The protection rule that the leak scanned automatically generates carries out security protection to website, causes the content of website to change but webpage When code does not changes, it is impossible to the problem in time website protected.
Refer to the method flow that Fig. 1, Fig. 1 are a kind of web portal security protection shown in the application one exemplary embodiment Figure, is applied to safety protection equipment, specifically performs following steps:
Step 101: periodically the protection subitem of website is carried out vulnerability scanning;
Step 102: based on vulnerability scanning result, described protection subitem is divided into different classification;
Step 103: based on the protection engine corresponding with the classification of described protection subitem, described protection subitem is prevented Protect;Wherein, the protection engine that the protection subitem of different classification is corresponding is different.
Wherein, above-mentioned safety protection equipment, may refer to the server corresponding to targeted website, carry out setting of security protection Standby;Such as, in actual applications, this safety protection equipment specifically could be for Website server is carried out the another of security protection One security server.
Above-mentioned protection subitem, protects including the various urgent needs that may be attacked website by hacker as medium in targeted website The website item protected;Prevent for example, it may be the parameters of webpage, the content of webpage, and the needs in webpage carry out safety The code segment protected, etc..
When realizing, above-mentioned safety protection equipment can be by obtaining the protection subitem of website and each protection subitem Related data, generates portion and stores the tables of data of each protection subitem information of website;Wherein, each in this tables of data The most corresponding protection subitem of mesh.
After obtaining the tables of data about each protection subitem, the analysis program in safety protection equipment can be to data Each entry in table carries out Hole Detection successively;Wherein, described analysis program can comprise multiple detection method, in reality In the application of border, each detection method in above-mentioned multiple detection method can be used, successively each protection subitem is leaked Hole is detected, to determine whether each protection subitem exists leak.
In this example, after each protection subitem in tables of data having been carried out Hole Detection by analysis program, can obtain To corresponding testing result, described testing result is the leak situation of each protection subitem.
Wherein, in order to avoid website updates, the situation causing the vulnerability scanning result protecting subitem to change occurs, In actual application, a vulnerability scanning cycle can be preset, may then based on this vulnerability scanning cycle timing of setting Ground carries out vulnerability scanning to the protection subitem of website.
It addition, in order to avoid in the prior art, the protection rule that the leak only using and scanning automatically generates is to net Station carries out security protection, causes the problem cannot protected website in time, and in this example, safety protection equipment can also root According to vulnerability scanning result, dynamically protection subitem is classified, and for different classification, be respectively adopted different protection and draw Hold up and protection subitem is protected, such that it is able to more reasonably protection subitem to be carried out the protection of dynamic, it is achieved the most right Website carries out security protection.
In a kind of embodiment illustrated, after safety protection equipment obtains the vulnerability scanning result of each protection subitem, can With the leak situation existed according to each protection subitem, each protection subitem is divided into different classification.
If any one detection method in some protection analyzed program of subitem detects undesirable, show this There is leak, in such a case, it is possible to this protection subitem that there is leak is divided into leaky classification in protection subitem.
If all detection methods in some protection analyzed program of subitem detect meet the requirements, show this protection There is not leak situation in subitem, in such a case, it is possible to the protection subitem that this does not exist leak situation is divided into without leak Classification.
If after some protection subitem has been detected by all detection methods in analysis program, it is impossible to confirm this guarantor Protect whether subitem exists leak, in such a case, it is possible to this cannot be confirmed whether that the protection subitem that there is leak is divided into Unknown classification.
In a kind of embodiment illustrated, owing to website updates, the leak situation of protection subitem also can be corresponding Change.And hence it is also possible to for the leaky classification marked off with without the protection subitem of vulnerability classification, set respectively and preset The effective duration of classification, classifying in effective duration, the classification situation of protection subitem is constant, is classifying outside effective duration, dynamically Update the classification situation of protection subitem.
Wherein, the classification effective time that the protection subitem for leaky classification with without vulnerability classification sets respectively can phase With, it is also possible to differ, but the protection subitem that the cycle of vulnerability scanning is all higher than into leaky classification with without vulnerability classification is distinguished The classification effective time set.
When realizing, when protection subitem be divided into leaky classification or without vulnerability classification after, set classification have In the effect time, the protection subitem being divided into leaky classification is identified as leaky always, is divided into without vulnerability classification Protection subitem is identified as without leak always.
During this period, the content of protection subitem of leaky classification it is identified as it may happen that update (such as programmer Manual modification), therefore, in the next scan period, after there is the detection protecting subitem program by analysis updated, can Can be reclassified as without vulnerability classification;Similar, it is identified as the protection subitem without leak, it is also possible to because occurring before Change, by analysis after the detection of program, is divided into leaky classification.In addition, same protection subitem is different In application, leak situation also not exclusively as, the vulnerability classification therefore protecting subitem is not changeless.
In a kind of embodiment illustrated, if arbitrary leaky classification or without vulnerability classification protection subitem point Class effective duration time-out, then can switch to unknown classification by the classification of this protection subitem.
Wherein, owing to the described scan period is more than the effective duration of described classification, if arbitrary leaky classification or without leakage After classification effective duration time-out of the protection subitem classified in hole is switched to unknown classification, in such a case, it is possible to by certainly Move and the classification of this protection subitem is switched to unknown classification.
In this example, when by the leak situation according to each protection subitem, each protection subitem is divided into different classification Afterwards, for different classification, different protection engines can be used to carry out security protection, such that it is able to make up in prior art The protection rule that the leak only used and scan automatically generates carries out security protection to website, when causing website to occur to update, The defect in time website cannot protected.
In a kind of embodiment illustrated, for the protection subitem of leaky classification, can be protected by virtual patch Engine carries out security protection;For the protection subitem without vulnerability classification, can directly skip the place of web portal security protection engine Reason;For the protection subitem of the unknown classification, security protection can be carried out by general patch protection engine.
When realizing, after protection subitem is divided into leaky classification, then can be based on default virtual patch protection Engine carries out security protection for the protection subitem of leaky classification.Wherein, if described virtual patch protection engine includes butt In the virtual patch rule that the leak of the protection subitem scanned generates.
The generation of described virtual patch rule can be carried out by the means using analog hacker to attack.Concrete implementation Method can be first to be collected by the page detection method of the various means institutes foundation of assault, and described page detection method is such as Can be whether web page code verifies login account and the data type of password, field length etc..Assault each After the page detection method of kind means institute foundation collects, can be with each protection subitem of a pair website of described detection method 1 Detecting, generating protection rule for there is the protection subitem of security breaches.It is normal that wherein said protection rule is used to definition Or the website visiting behavior of exception or one group of data of feature.
When using virtual patch protection engine to carry out security protection for the protection subitem of leaky classification, by according to institute State protection rule the request accessing website is resolved, and draw the analysis result relevant to protecting rule, then by this solution Analysis result is compared with protection rule, if violating protection rule, just refuses described request, if not violating protection rule, the most just Often respond described request.
When realizing, after protection subitem is divided into without vulnerability classification, then any security protection engine can not be used Carry out security protection, can directly skip the process of web portal security protection engine.
When realizing, after protection subitem is divided into unknown classification, can be based on default general patch protection engine Protection subitem for the unknown classification carries out security protection;Wherein, if described general patch protection engine includes that dry systems is prewired The general patch rule put.
The pre-configured of described general patch rule can be system from local existing patch rule base, obtains for often See the patch rule of leak, carry out generating the patch rule protection engine including some common leaks, it is also possible to be that user is prewired The protection rule for particular vulnerability put.
Wherein it is desired to explanation, described general patch rule can be the void automatically generated based on the leak scanned Rule beyond quasi-complement fourth rule.
Finally, when described website being protected according to described general patch protection engine, by according to described protection The request accessing website is resolved by rule, and draws the analysis result relevant to protecting rule, then by this analysis result Comparing with protection rule, if violating protection rule, just refusing described request, if not violating protection rule, with regard to normal response Described request.
The technical scheme provided from above the application, carries out leak by periodically protection subitem to website and sweeps Retouch;Based on vulnerability scanning result, described protection subitem is divided into different classification;Based on right with the classification of described protection subitem The protection engine answered, protects described protection subitem;Wherein, the protection engine that the protection subitem of different classification is corresponding is not With.
Owing to website updates, the vulnerability scanning result of protection subitem generally also can change, thereby through the cycle Property ground the protection subitem of website is carried out vulnerability scanning, according to scanning result, dynamically protection subitem is carried out dividing class and draws Point, and use corresponding protection engine that protection subitem is protected, more reasonably protection subitem can be carried out dynamic Protection, it is achieved preferably website is carried out security protection.
Corresponding with the embodiment of the method for aforementioned a kind of web portal security protection, present invention also provides a kind of web portal security The embodiment of the device of protection.
The embodiment of the device of a kind of web portal security of the application protection can be applied on safety protection equipment.Device is implemented Example can be realized by software, it is also possible to realizes by the way of hardware or software and hardware combining.As a example by implemented in software, as Device on one logical meaning, is that the processor by its place safety protection equipment is by corresponding in nonvolatile memory Computer program instructions reads and runs formation in internal memory.For hardware view, as in figure 2 it is shown, be the application one net Stand a kind of hardware structure diagram of device place safety protection equipment of security protection, except the processor shown in Fig. 2, internal memory, net Outside network interface and nonvolatile memory, in embodiment, the safety protection equipment at device place is pacified generally according to this website The actual functional capability of full protection, it is also possible to include other hardware, this is repeated no more.
Refer to the device that Fig. 3, Fig. 3 are a kind of web portal security protection shown in the application one exemplary embodiment, application In safety protection equipment, described device includes: scanning element 310, division unit 320, protective unit 330, setup unit 340.
Wherein, scanning element 310, for periodically carrying out vulnerability scanning to the protection subitem of website;
Division unit 320, for based on vulnerability scanning result, is divided into different classification by described protection subitem;
Protective unit 330, for based on the protection engine corresponding with the classification of described protection subitem, to described protection subitem Protect;Wherein, the protection engine that the protection subitem of different classification is corresponding is different.
Setup unit 340, for for the leaky classification marked off with without the protection subitem of vulnerability classification, setting respectively The effective duration of classification preset.
In the present embodiment, described division unit 310, it is applied particularly to and the protection subitem that there is leak has been divided into leakage Classify in hole;The protection subitem not depositing leak is divided into without vulnerability classification;Will be unable to be confirmed whether to exist the protection subitem of leak It is divided into unknown classification.
Described protective unit 330, specifically for protecting the engine guarantor for leaky classification based on default virtual patch Protect subitem and carry out security protection;Wherein, described virtual patch protection engine includes some leakages based on the protection subitem scanned The virtual patch rule that hole generates;The protection subitem classified for the unknown based on default general patch protection engine carries out safety Protection;Wherein, if described general patch protection engine includes the general patch rule that dry systems is pre-configured.
Described setup unit 340, is further used for when arbitrary leaky classification or without the protection subitem of vulnerability classification Effective duration of classifying is overtime, then the classification of this protection subitem switches to unknown classification.
In said apparatus, the function of unit and the process that realizes of effect specifically refer to corresponding step in said method Realize process, do not repeat them here.
For device embodiment, owing to it corresponds essentially to embodiment of the method, so relevant part sees method in fact The part executing example illustrates.Device embodiment described above is only schematically, wherein said as separating component The unit illustrated can be or may not be physically separate, and the parts shown as unit can be or can also It not physical location, i.e. may be located at a place, or can also be distributed on multiple NE.Can be according to reality Need to select some or all of module therein to realize the purpose of the application scheme.Those of ordinary skill in the art are not paying In the case of going out creative work, i.e. it is appreciated that and implements.
The foregoing is only the preferred embodiment of the application, not in order to limit the application, all essences in the application Within god and principle, any modification, equivalent substitution and improvement etc. done, should be included within the scope of the application protection.

Claims (10)

1. a method for web portal security protection, is applied to safety protection equipment, it is characterised in that including:
Periodically the protection subitem of website is carried out vulnerability scanning;
Based on vulnerability scanning result, described protection subitem is divided into different classification;
Based on the protection engine corresponding with the classification of described protection subitem, described protection subitem is protected;Wherein, different points The protection engine that the protection subitem of class is corresponding is different.
Method the most according to claim 1, it is characterised in that described based on vulnerability scanning result, by described protection subitem It is divided into different classification, including:
The protection subitem that there is leak is divided into leaky classification;
The protection subitem that there will be no leak is divided into without vulnerability classification;
The protection subitem that will be unable to be confirmed whether to exist leak is divided into unknown classification.
Method the most according to claim 2, it is characterised in that described method also includes:
For the leaky classification marked off with without the protection subitem of vulnerability classification, set the effective duration of default classification respectively.
Method the most according to claim 3, it is characterised in that when the cycle of described vulnerability scanning is effective more than described classification Long;
Described method also includes:
If arbitrary leaky classification or classification effective duration time-out of the protection subitem without vulnerability classification, then by this protection The classification of item switches to unknown classification.
Method the most according to claim 1, it is characterised in that described based on corresponding the preventing of classifying with described protection subitem Protect engine, described protection subitem is protected, including:
Security protection is carried out for the protection subitem of leaky classification based on default virtual patch protection engine;Wherein, described Virtual patch protection engine includes the virtual patch rule that some leaks based on the protection subitem scanned generate;
The protection subitem classified for the unknown based on default general patch protection engine carries out security protection;Wherein, described logical If including, with patch protection engine, the general patch rule that dry systems is pre-configured.
6. a device for web portal security protection, is applied to safety protection equipment, it is characterised in that including:
Scanning element, for periodically carrying out vulnerability scanning to the protection subitem of website;
Division unit, for based on vulnerability scanning result, is divided into different classification by described protection subitem;
Protective unit, for based on the protection engine corresponding with the classification of described protection subitem, preventing described protection subitem Protect;Wherein, the protection engine that the protection subitem of different classification is corresponding is different.
Device the most according to claim 6, it is characterised in that including:
Described division unit specifically for:
The protection subitem that there is leak is divided into leaky classification;
The protection subitem that there will be no leak is divided into without vulnerability classification;
The protection subitem that will be unable to be confirmed whether to exist leak is divided into unknown classification.
Device the most according to claim 7, it is characterised in that described device also includes:
Setup unit, for for the leaky classification marked off with without the protection subitem of vulnerability classification, sets respectively and presets Classify effective duration.
Device the most according to claim 8, it is characterised in that including:
Described setup unit is further used for:
When arbitrary leaky classification or classification effective duration time-out of the protection subitem without vulnerability classification, then by this protection subitem Classification switch to unknown classification.
Device the most according to claim 6, it is characterised in that including:
Described protective unit specifically for:
Security protection is carried out for the protection subitem of leaky classification based on default virtual patch protection engine;Wherein, described Virtual patch protection engine includes the virtual patch rule that some leaks based on the protection subitem scanned generate;
The protection subitem classified for the unknown based on default general patch protection engine carries out security protection;Wherein, described logical If including, with patch protection engine, the general patch rule that dry systems is pre-configured.
CN201610811816.1A 2016-09-08 2016-09-08 A kind of method and apparatus of web portal security protection Active CN106302515B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610811816.1A CN106302515B (en) 2016-09-08 2016-09-08 A kind of method and apparatus of web portal security protection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610811816.1A CN106302515B (en) 2016-09-08 2016-09-08 A kind of method and apparatus of web portal security protection

Publications (2)

Publication Number Publication Date
CN106302515A true CN106302515A (en) 2017-01-04
CN106302515B CN106302515B (en) 2019-09-06

Family

ID=57711178

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610811816.1A Active CN106302515B (en) 2016-09-08 2016-09-08 A kind of method and apparatus of web portal security protection

Country Status (1)

Country Link
CN (1) CN106302515B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108063759A (en) * 2017-12-05 2018-05-22 西安交大捷普网络科技有限公司 Web vulnerability scanning methods
CN108337259A (en) * 2018-02-01 2018-07-27 南京邮电大学 A kind of suspicious web page identification method based on HTTP request Host information
CN108965254A (en) * 2018-06-11 2018-12-07 武汉般若互动科技有限公司 One kind being used for government website security protection scheme
CN113872918A (en) * 2020-06-30 2021-12-31 苏州三六零智能安全科技有限公司 Network traffic classification method, equipment, storage medium and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101808093A (en) * 2010-03-15 2010-08-18 北京安天电子设备有限公司 System and method for automatically detecting WEB security
CN102215222A (en) * 2011-05-09 2011-10-12 北京艾普优计算机***有限公司 Website protection method and device
CN102789502A (en) * 2012-07-17 2012-11-21 北京奇虎科技有限公司 Method and device for scanning website
CN104468563A (en) * 2014-12-03 2015-03-25 北京奇虎科技有限公司 Website bug protection method, device and system
CN104618176A (en) * 2014-12-29 2015-05-13 北京奇虎科技有限公司 Website security detection method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101808093A (en) * 2010-03-15 2010-08-18 北京安天电子设备有限公司 System and method for automatically detecting WEB security
CN102215222A (en) * 2011-05-09 2011-10-12 北京艾普优计算机***有限公司 Website protection method and device
CN102789502A (en) * 2012-07-17 2012-11-21 北京奇虎科技有限公司 Method and device for scanning website
CN104468563A (en) * 2014-12-03 2015-03-25 北京奇虎科技有限公司 Website bug protection method, device and system
CN104618176A (en) * 2014-12-29 2015-05-13 北京奇虎科技有限公司 Website security detection method and device

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108063759A (en) * 2017-12-05 2018-05-22 西安交大捷普网络科技有限公司 Web vulnerability scanning methods
CN108337259A (en) * 2018-02-01 2018-07-27 南京邮电大学 A kind of suspicious web page identification method based on HTTP request Host information
CN108965254A (en) * 2018-06-11 2018-12-07 武汉般若互动科技有限公司 One kind being used for government website security protection scheme
CN113872918A (en) * 2020-06-30 2021-12-31 苏州三六零智能安全科技有限公司 Network traffic classification method, equipment, storage medium and device

Also Published As

Publication number Publication date
CN106302515B (en) 2019-09-06

Similar Documents

Publication Publication Date Title
US10102372B2 (en) Behavior profiling for malware detection
US20210029156A1 (en) Security monitoring system for internet of things (iot) device environments
US11157300B2 (en) Managing virtual machine security resources
US10073970B2 (en) System and method for reverse command shell detection
Akiyama et al. Design and implementation of high interaction client honeypot for drive-by-download attacks
RU2726032C2 (en) Systems and methods for detecting malicious programs with a domain generation algorithm (dga)
US7774459B2 (en) Honey monkey network exploration
US11288090B1 (en) Methods, systems, and media for injecting code into embedded devices
Nadji et al. Automated remote repair for mobile malware
WO2017160765A1 (en) System and method for process hollowing detection
Tajalizadehkhoob et al. Herding vulnerable cats: a statistical approach to disentangle joint responsibility for web security in shared hosting
US11374964B1 (en) Preventing lateral propagation of ransomware using a security appliance that dynamically inserts a DHCP server/relay and a default gateway with point-to-point links between endpoints
US9853992B1 (en) Cloud service usage risk analysis based on user location
CN105939311A (en) Method and device for determining network attack behavior
CN106302515A (en) A kind of method and apparatus of web portal security protection
US11785044B2 (en) System and method for detection of malicious interactions in a computer network
US10771477B2 (en) Mitigating communications and control attempts
CN106341386B (en) It is determining and remedy for the threat assessment grade of multi-level safety framework based on cloud
CN103428212A (en) Malicious code detection and defense method
CN106250761B (en) Equipment, device and method for identifying web automation tool
Spring et al. Global adversarial capability modeling
CN111314370B (en) Method and device for detecting service vulnerability attack behavior
CN112583841A (en) Virtual machine safety protection method and system, electronic equipment and storage medium
CN112217770B (en) Security detection method, security detection device, computer equipment and storage medium
Hovmark et al. Towards Extending Probabilistic Attack Graphs with Forensic Evidence: An investigation of property list files in macOS

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building

Applicant after: Hangzhou Dipu Polytron Technologies Inc

Address before: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building

Applicant before: Hangzhou Dipu Technology Co., Ltd.

GR01 Patent grant
GR01 Patent grant