CN106385413A - Intruding message flow processing method and device - Google Patents

Intruding message flow processing method and device Download PDF

Info

Publication number
CN106385413A
CN106385413A CN201610817190.5A CN201610817190A CN106385413A CN 106385413 A CN106385413 A CN 106385413A CN 201610817190 A CN201610817190 A CN 201610817190A CN 106385413 A CN106385413 A CN 106385413A
Authority
CN
China
Prior art keywords
message flow
invasion
grade
ips
default
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610817190.5A
Other languages
Chinese (zh)
Inventor
翟世兴
张宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPTech Technologies Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN201610817190.5A priority Critical patent/CN106385413A/en
Publication of CN106385413A publication Critical patent/CN106385413A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to an intruding message flow processing method and device, and the method comprises the steps: determining an intruding message flow from received intruding message flows based on a preset intrusion prevention strategy; performing quantity statistics on hit logs of the intruding message flow based on a preset period; when a statistical result exceeding a preset quantity threshold value, promoting an intruding level of the intruding message flow based on the statistical result; and performing prevention processing on the intruding message flow based on the intruding level of the intruding message flow. According to the invention, the intrusion prevention strategy can be automatically updated according to the quantity of the intruding message flow hit logs in the preset period, and a problem that prevention efficiency for the intruding message flow is low caused by manually updating the intrusion prevention strategy in relevant technologies can be solved.

Description

The processing method and processing device of invasion message flow
Technical field
The present invention relates to communication technical field, more particularly, to a kind of processing method and processing device of invasion message flow.
Background technology
Developing rapidly with computer network, network also brings various safety while band gives people huge convenient Problem.IPS (Intrusion Prevention System, IPS) is that one kind can monitor that network or network set The computer network security technology of standby network data transport behavior, it can interrupt, adjusts or isolate some exceptions or have Nocuous network data transport behavior, thus reach the effect blocking network intrusions.IPS can be preset on IPS equipment Strategy.IPS equipment can realize the identification to intrusion behavior and process based on IPS strategy.
In correlation technique, relevant staff needs to carry out statistics and analysis to the hit daily record of intrusion behavior, and is based on Statistics and analysis result are carried out manual configuration and are updated default IPS strategy.Due to intrusion behavior Invasion type with And invasion number of times is more, therefore, can produce more hit daily record, so that relevant staff cannot count in time and divide Analyse all hit daily records, also cannot in time based on to hit daily record statistics and invasion result come manual configuration and update into Invade prevention policies.Therefore, correlation technique updates the poor in timeliness of IPS strategy, thus leading to correlation technique to intrusion behavior Protection efficiency low.
Content of the invention
In view of this, the present invention provides a kind of processing method and processing device of invasion message flow, to solve correlation technique because needing Want the problem low to invasion message protection efficiency that relevant staff's artificial regeneration IPS strategy leads to.
Specifically, the present invention is achieved through the following technical solutions:
The present invention provides a kind of processing method of invasion message flow, and methods described is applied to IPS IPS equipment, Methods described includes:
Invasion message flow is determined from the message flow receiving based on default IPS strategy;
Quantity statistics is carried out based on the hit daily record that the default cycle is directed to described invasion message flow;
When statistics exceedes default amount threshold, based on entering of described statistics lifting described invasion message flow Invade grade;
Invasion grade based on described invasion message flow carries out protective treatment to described invasion message flow.
Optionally, the described invasion grade based on described invasion message flow carries out protective treatment bag to described invasion message flow Include:
When the current invasion grade of described invasion message flow reaches predetermined level, the process of lifting described invasion message flow Grade;
Process grade based on described invasion message flow carries out protective treatment to described invasion message flow.
Optionally, the described process grade based on described invasion message flow carries out protective treatment to described invasion message flow, Including:
Based on acquiescence corresponding in the current process grade of described IPS stream and described default IPS strategy Process grade come to determine described invasion message flow target process grade;
Grade is processed based on the target of described invasion message flow protective treatment is carried out to described invasion message flow.
Optionally, after being switched to by the previous default cycle during a default cycle, by described previous default week The statistics of phase resets.
Present invention simultaneously provides a kind of processing meanss of invasion message flow, described device is applied to IPS IPS Equipment, described device includes:
Invasion message flow determining module, for based on default IPS strategy determine from the message flow receiving into Invade message flow;
Quantity statistics module, the hit daily record for being directed to described invasion message flow based on the default cycle carries out quantity system Meter;
Invasion grade hoisting module, for when statistics exceedes default amount threshold, based on described statistics The invasion grade of lifting described invasion message flow;
Protective treatment module, protects to described invasion message flow for the invasion grade based on described invasion message flow Process.
Optionally, described protective treatment module includes:
Process grade lifting submodule, for when the described invasion current invasion grade of message flow reaches predetermined level, The process grade of lifting described invasion message flow;
Protective treatment submodule, prevents to described invasion message flow for the process grade based on described invasion message flow Shield is processed.
Optionally, described protective treatment submodule specifically for:
Based on acquiescence corresponding in the current process grade of described IPS stream and described default IPS strategy Process grade come to determine described invasion message flow target process grade;
Grade is processed based on the target of described invasion message flow protective treatment is carried out to described invasion message flow.
Optionally, after being switched to by the previous default cycle during a default cycle, by described previous default week The statistics of phase resets.
In the present invention, IPS equipment is after receiving message flow, can be based on default IPS strategy from receiving Message flow in determine invasion message flow, then, IPS equipment can based on the default cycle be directed to this invasion message flow hit Daily record carries out quantity statistics, and when statistics exceedes default amount threshold, lifts this invasion report based on this statistics The process grade of civilian stream, after lifting corresponding process grade, IPS equipment can be based on corresponding process of this invasion message flow etc. Level to carry out protective treatment to this invasion message flow.
In the present invention, IPS equipment can based in predetermined period to invasion message flow hit daily record statistics Lai It is dynamically determined this invasion message flow corresponding process grade, update IPS strategy such that it is able to dynamic.Due to applying this Bright do not need relevant staff by hit daily record statistics and analysis update IPS strategy, therefore, it can solve Certainly because needing the low problem of the protection efficiency to invasion message flow that artificial regeneration IPS strategy leads in correlation technique.
Brief description
Fig. 1 is a kind of embodiment flow chart of the processing method of invasion message flow shown in the present invention;
Fig. 2 is a kind of hardware structure diagram of the processing meanss place equipment that the present invention invades message flow;
Fig. 3 is an embodiment block diagram of the processing meanss that the present invention invades message flow.
Specific embodiment
Here will in detail exemplary embodiment be illustrated, its example is illustrated in the accompanying drawings.Explained below is related to During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with the present invention.On the contrary, they be only with such as appended The example of the consistent apparatus and method of some aspects being described in detail in claims, the present invention.
It is the purpose only merely for description specific embodiment in terminology used in the present invention, and be not intended to be limiting the present invention. " a kind of ", " described " and " being somebody's turn to do " of singulative used in the present invention and appended claims is also intended to including most Form, unless context clearly shows that other implications.It is also understood that term "and/or" used herein refers to and wraps Containing one or more associated any or all possible combination listing project.
It will be appreciated that though various information may be described using term first, second, third, etc. in the present invention, but this A little information should not necessarily be limited by these terms.These terms are only used for same type of information is distinguished from each other out.For example, without departing from In the case of the scope of the invention, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as One information.Depending on linguistic context, word as used in this " if " can be construed to " ... when " or " when ... When " or " in response to determining ".
Refer to Fig. 1, be a kind of embodiment flow chart of the processing method of invasion message flow shown in the present invention, the method It is applied to IPS equipment, comprise the following steps:
Step 101:Invasion message flow is determined from the message flow receiving based on default IPS strategy.
In the present invention, IPS equipment can preset IPS strategy, wherein, this IPS strategy can include into Invade the characteristic ID of message flow, Invasion type, invasion resource, invasion grade and corresponding process grade etc..
In one embodiment, the part list item of IPS equipment default IPS strategy can be as shown in table 1:
Table 1
It should be noted that IPS equipment default IPS strategy can be the IPS strategy of equipment acquiescence, and In this IPS strategy, process grade corresponding with all invasion grades is all alarm grade.Wherein, invade message flow Invasion grade according to invasion danger from big to small put in order can include fatal grade, menace level, general grade and Alert level;The process grade of invasion message flow can include blocking grade and alarm grade, and blocks the process level of grade Grade Gao Yu not alerted.
In the present invention, IPS equipment can receive message flow, and based on default IPS strategy from receiving Invasion message flow is determined in message flow.Specifically, IPS equipment can obtain attribute information from the message flow receiving, and base In this message flow attribute information mate default IPS strategy, when the match is successful it may be determined that this message flow be into Invade message flow.Wherein, the attribute information of this message flow can include the characteristic ID of this message flow.
In one embodiment it can be assumed that the characteristic ID that IPS equipment gets from the message flow receiving is 4, then Can determine that this message flow is invasion message flow according to IPS strategy as shown in table 1, and this invasion message flow is executed Alarming processing.
Step 102:Quantity statistics is carried out based on the hit daily record that the default cycle is directed to described invasion message flow.
In the present invention, invasion message flow is being determined from the message flow receiving based on default IPS strategy Afterwards, IPS equipment can carry out quantity statistics based on the hit daily record that the default cycle is directed to this invasion message flow.
Wherein, this default cycle can be equipment default value or by the self-defined setting of relevant staff, for example, it is possible to For one day.
In the present invention, IPS equipment can characteristic ID based on above-mentioned invasion message flow and invasion IP address come to this The hit daily record of invasion message flow carries out quantity statistics.
In one embodiment it can be assumed that producing the characteristic ID of the invasion message flow of hit daily record within the default cycle And invasion IP address is as shown in table 2:
Characteristic ID Invasion IP address
4 192.168.3.5
7 192.168.3.5
4 192.163.3.5
4 192.168.3.5
Table 2
As shown in Table 2, characteristic ID be 4 invasion message flow produces within the default cycle hit daily record quantity be 3, Wherein, the quantity of the hit daily record producing for same invasion IP address is 2, and therefore, IPS equipment is based on default cycle pin When carrying out quantity statistics to the hit daily record of this invasion message flow, the statistics obtaining can be 2.
Step 103:When statistics exceedes default amount threshold, based on described statistics lifting described invasion report The invasion grade of literary composition stream.
In the present invention, after quantity statistics is carried out to the hit daily record of invasion message flow based on the default cycle, permissible Determine the invasion grade of corresponding invasion message flow based on statistics, specifically, when statistics exceedes default quantity threshold During value, IPS equipment can lift the invasion grade of this invasion message flow based on this statistics;When statistics is not less than default Amount threshold when, IPS equipment can keep the invasion grade of this invasion message flow.
Wherein, above-mentioned default amount threshold can be equipment default value, or by the self-defined setting of relevant staff.Example As being 200.
In one embodiment it can be assumed that above-mentioned statistics is 280, then when default amount threshold is 200, can To determine that this statistics exceedes default amount threshold, at this point it is possible to lift the invasion grade of this invasion message flow.Can be false If the invasion grade before the lifting of this invasion message flow is general grade, then the grade after being lifted can be menace level.
In another embodiment it can be assumed that above-mentioned statistics is 180, then when default amount threshold is similarly It may be determined that this statistics is not less than default amount threshold when 200, at this point it is possible to keep the invasion of this invasion message flow Grade.Assume that this invasion message flow invasion grade be general grade, then can keep invasion of this invasion message flow etc. Level, that is, the invasion grade of this invasion message flow remains as general grade.
It should be noted that when the invasion grade invading message flow changes, relevant staff can be from correspondence Device page (DPAGE) in check this change.
In the present invention, after being switched to by the previous default cycle during a default cycle, IPS equipment can will be somebody's turn to do The statistics in previous default cycle resets.
Step 104:Invasion grade based on described invasion message flow carries out protective treatment to described invasion message flow.
In the present invention, after determining the current invasion grade of invasion message flow, IPS equipment can be based on this invasion Grade to carry out protective treatment to this invasion message flow.
In one embodiment, to may determine that whether the invasion current invasion grade of message flow reaches default etc. for IPS equipment Level, when reaching predetermined level, IPS equipment can lift the process grade of this invasion message flow;When not up to predetermined level, IPS equipment can keep the process grade of this invasion message flow.
Wherein, this predetermined level can be for equipment default value or by the self-defined setting of relevant staff, for example, it is possible to be Severity level.
It can be assumed that the current invasion grade of above-mentioned invasion message flow is general grade in the embodiment illustrating, Then when default grade is menace level it may be determined that the current invasion grade of invasion message flow is not up to predetermined level, then IPS equipment can keep the process grade of this invasion message flow;When default grade is general grade it may be determined that invasion is reported The current invasion grade of literary composition stream reaches predetermined level, then IPS equipment can lift the process grade of this invasion message flow, for example, Blocking-up grade can be promoted to processing grade from alarm grade.
In the present invention, IPS equipment, can be current based on this after determining the current process grade of invasion message flow Process the mesh to determine this invasion message flow for the corresponding process grade given tacit consent in grade and above-mentioned default IPS strategy Mark processes grade, specifically, when there is blocking-up grade in the process grade of above-mentioned current process grade and acquiescence, permissible Determining that the target of this invasion message flow processes grade is to block grade;Process when above-mentioned current process grade and acquiescence etc. Do not exist in level when blocking grade it may be determined that it is to block grade that the target of this invasion message flow processes grade.
Wherein, when the target invading message flow processes grade and changes, relevant staff can set from corresponding This change is checked in the standby page.
After the target determining invasion message flow processes grade, IPS equipment can target based on this invasion message flow Process grade to carry out protective treatment to this invasion message flow.Specifically, when it is to alert grade that this target processes grade, IPS Equipment can execute alarming processing to this invasion message flow;When it is to block grade that this target processes grade, IPS equipment can be right This invasion message flow executes blocking processing.
In the present invention, IPS equipment is after receiving message flow, can be based on default IPS strategy from receiving Message flow in determine invasion message flow, then, IPS equipment can based on the default cycle be directed to this invasion message flow hit Daily record carries out quantity statistics, and when statistics exceedes default amount threshold, lifts this invasion report based on this statistics The process grade of civilian stream, after lifting corresponding process grade, IPS equipment can be based on corresponding process of this invasion message flow etc. Level to carry out protective treatment to this invasion message flow.
In the present invention, IPS equipment can based in predetermined period to invasion message flow hit daily record statistics Lai It is dynamically determined this invasion message flow corresponding process grade, update IPS strategy such that it is able to dynamic.Due to applying this Bright do not need relevant staff by hit daily record statistics and analysis update IPS strategy, therefore, it can solve Certainly because needing the low problem of the protection efficiency to invasion message flow that artificial regeneration IPS strategy leads in correlation technique.
Corresponding with the embodiment of the processing method of aforementioned invasion message flow, present invention also offers the place of invasion message flow The embodiment of reason device.
The embodiment that the present invention invades the processing meanss of message flow can be applied on IPS equipment.Device embodiment is permissible Realized it is also possible to realize by way of by hardware or software and hardware combining by software.As a example implemented in software, patrol as one Device in volume meaning, is by computer program instructions corresponding in nonvolatile memory by the processor of its place equipment Read and in internal memory, run formation.For hardware view, as shown in Fig. 2 invade the processing meanss of message flow for the present invention A kind of hardware structure diagram of place equipment, except the processor shown in Fig. 2, internal memory, network interface and nonvolatile memory Outside, the network equipment that in embodiment, device is located generally can also include other hardware, is such as responsible for processing the forwarding core of message Piece etc..
Refer to Fig. 3, be an embodiment block diagram of the processing meanss that the present invention invades message flow.
This device can include:Invasion message flow determining module 310, quantity statistics module 320, invasion grade hoisting module 330 and protective treatment module 340.
Invasion message flow determining module 310, for true from the message flow receiving based on default IPS strategy It is incorporated into and invade message flow;
Quantity statistics module 320, line number is entered in the hit daily record for being directed to described invasion message flow based on the default cycle Amount statistics;
Invasion grade hoisting module 330, for when statistics exceedes default amount threshold, based on described statistics knot Fruit lifts the invasion grade of described invasion message flow;
Protective treatment module 340, is carried out to described invasion message flow for the invasion grade based on described invasion message flow Protective treatment.
In an optional implementation, described protective treatment module 340 can include (not shown in Fig. 3):
Process grade lifting submodule, for when the described invasion current invasion grade of message flow reaches predetermined level, The process grade of lifting described invasion message flow;
Protective treatment submodule, prevents to described invasion message flow for the process grade based on described invasion message flow Shield is processed.
In an optional implementation, described protective treatment submodule can be specifically for:
Based on acquiescence corresponding in the current process grade of described IPS stream and described default IPS strategy Process grade come to determine described invasion message flow target process grade;
Grade is processed based on the target of described invasion message flow protective treatment is carried out to described invasion message flow.
In an optional implementation, after being switched to by the previous default cycle during a default cycle, can So that the statistics in described previous default cycle to be reset.
In the present invention, IPS equipment is after receiving message flow, can be based on default IPS strategy from receiving Message flow in determine invasion message flow, then, IPS equipment can based on the default cycle be directed to this invasion message flow hit Daily record carries out quantity statistics, and when statistics exceedes default amount threshold, lifts this invasion report based on this statistics The process grade of civilian stream, after lifting corresponding process grade, IPS equipment can be based on corresponding process of this invasion message flow etc. Level to carry out protective treatment to this invasion message flow.
In the present invention, IPS equipment can based in predetermined period to invasion message flow hit daily record statistics Lai It is dynamically determined this invasion message flow corresponding process grade, update IPS strategy such that it is able to dynamic.Due to applying this Bright do not need relevant staff by hit daily record statistics and analysis update IPS strategy, therefore, it can solve Certainly because needing the low problem of the protection efficiency to invasion message flow that artificial regeneration IPS strategy leads in correlation technique.
In said apparatus, the process of realizing of the function of unit and effect specifically refers to corresponding step in said method Realize process, will not be described here.
For device embodiment, because it corresponds essentially to embodiment of the method, thus real referring to method in place of correlation The part applying example illustrates.Device embodiment described above is only schematically, wherein said as separating component The unit illustrating can be or may not be physically separate, as the part that unit shows can be or can also It is not physical location, you can with positioned at a place, or can also be distributed on multiple NEs.Can be according to actual Need to select the purpose to realize the present invention program for some or all of module therein.Those of ordinary skill in the art are not paying In the case of going out creative work, you can to understand and to implement.
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all essences in the present invention Within god and principle, any modification, equivalent substitution and improvement done etc., should be included within the scope of protection of the invention.

Claims (8)

1. a kind of invasion message flow processing method it is characterised in that methods described is applied to IPS IPS equipment, Methods described includes:
Invasion message flow is determined from the message flow receiving based on default IPS strategy;
Quantity statistics is carried out based on the hit daily record that the default cycle is directed to described invasion message flow;
When statistics exceedes default amount threshold, invasion based on described statistics lifting described invasion message flow etc. Level;
Invasion grade based on described invasion message flow carries out protective treatment to described invasion message flow.
2. method according to claim 1 is it is characterised in that the described invasion grade based on described invasion message flow is to institute State invasion message flow to carry out protective treatment and include:
When the current invasion grade of described invasion message flow reaches predetermined level, process of lifting described invasion message flow etc. Level;
Process grade based on described invasion message flow carries out protective treatment to described invasion message flow.
3. method according to claim 2 is it is characterised in that the described process grade based on described invasion message flow is to institute State invasion message flow and carry out protective treatment, including:
Place based on acquiescence corresponding in the current process grade of described IPS stream and described default IPS strategy Reason grade processes grade come the target to determine described invasion message flow;
Grade is processed based on the target of described invasion message flow protective treatment is carried out to described invasion message flow.
4. method according to claim 1 is it is characterised in that one default after being switched to by the previous default cycle During the cycle, the statistics in described previous default cycle is reset.
5. a kind of invasion message flow processing meanss it is characterised in that described device is applied to IPS IPS equipment, Described device includes:
Invasion message flow determining module, for determining invasion report based on default IPS strategy from the message flow receiving Wen Liu;
Quantity statistics module, the hit daily record for being directed to described invasion message flow based on the default cycle carries out quantity statistics;
Invasion grade hoisting module, for when statistics exceedes default amount threshold, based on the lifting of described statistics The invasion grade of described invasion message flow;
Protective treatment module, is carried out at protection to described invasion message flow for the invasion grade based on described invasion message flow Reason.
6. device according to claim 5 is it is characterised in that described protective treatment module includes:
Process grade lifting submodule, for when the current invasion grade of described invasion message flow reaches predetermined level, being lifted The process grade of described invasion message flow;
Protective treatment submodule, is carried out at protection to described invasion message flow for the process grade based on described invasion message flow Reason.
7. device according to claim 6 it is characterised in that described protective treatment submodule specifically for:
Place based on acquiescence corresponding in the current process grade of described IPS stream and described default IPS strategy Reason grade processes grade come the target to determine described invasion message flow;
Grade is processed based on the target of described invasion message flow protective treatment is carried out to described invasion message flow.
8. device according to claim 5 is it is characterised in that one default after being switched to by the previous default cycle During the cycle, the statistics in described previous default cycle is reset.
CN201610817190.5A 2016-09-12 2016-09-12 Intruding message flow processing method and device Pending CN106385413A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610817190.5A CN106385413A (en) 2016-09-12 2016-09-12 Intruding message flow processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610817190.5A CN106385413A (en) 2016-09-12 2016-09-12 Intruding message flow processing method and device

Publications (1)

Publication Number Publication Date
CN106385413A true CN106385413A (en) 2017-02-08

Family

ID=57935553

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610817190.5A Pending CN106385413A (en) 2016-09-12 2016-09-12 Intruding message flow processing method and device

Country Status (1)

Country Link
CN (1) CN106385413A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110430170A (en) * 2019-07-16 2019-11-08 上海有孚网络股份有限公司 A kind of intrusion prevention method and system
CN110505206A (en) * 2019-07-19 2019-11-26 广东电网有限责任公司信息中心 A kind of internet threat monitoring defence method based on dynamic joint defence
CN112995216A (en) * 2021-04-29 2021-06-18 湖南三湘银行股份有限公司 Safety processor for online financial information

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101610174A (en) * 2009-07-24 2009-12-23 深圳市永达电子股份有限公司 A kind of log correlation analysis system and method
CN101808078A (en) * 2009-02-13 2010-08-18 北京启明星辰信息技术股份有限公司 Intrusion defence system having active defence capability and method thereof
CN105409265A (en) * 2013-08-29 2016-03-16 诺基亚技术有限公司 Adaptive security indicator for wireless devices
US20160255110A1 (en) * 2013-06-04 2016-09-01 Verint Systems, Ltd. System and method for malware detection learning

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101808078A (en) * 2009-02-13 2010-08-18 北京启明星辰信息技术股份有限公司 Intrusion defence system having active defence capability and method thereof
CN101610174A (en) * 2009-07-24 2009-12-23 深圳市永达电子股份有限公司 A kind of log correlation analysis system and method
US20160255110A1 (en) * 2013-06-04 2016-09-01 Verint Systems, Ltd. System and method for malware detection learning
CN105409265A (en) * 2013-08-29 2016-03-16 诺基亚技术有限公司 Adaptive security indicator for wireless devices

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110430170A (en) * 2019-07-16 2019-11-08 上海有孚网络股份有限公司 A kind of intrusion prevention method and system
CN110430170B (en) * 2019-07-16 2021-08-06 上海有孚网络股份有限公司 Intrusion protection method and system
CN110505206A (en) * 2019-07-19 2019-11-26 广东电网有限责任公司信息中心 A kind of internet threat monitoring defence method based on dynamic joint defence
CN112995216A (en) * 2021-04-29 2021-06-18 湖南三湘银行股份有限公司 Safety processor for online financial information
CN112995216B (en) * 2021-04-29 2021-08-10 湖南三湘银行股份有限公司 Safety processor for online financial information

Similar Documents

Publication Publication Date Title
CN105049592B (en) Mobile intelligent terminal voice safety protection method and system
CN105243252B (en) A kind of method and device of account risk assessment
US10250630B2 (en) System and method for providing computer network security
CN112787992A (en) Method, device, equipment and medium for detecting and protecting sensitive data
US20090013407A1 (en) Intrusion detection system/intrusion prevention system with enhanced performance
JP2005526311A (en) Method and apparatus for monitoring a database system
CN110113315B (en) Service data processing method and device
US20210075816A1 (en) Method and system for managing security vulnerability in host system using artificial neural network
CN109450893B (en) Network protection software method and system based on linux kernel
KR102462128B1 (en) Systems and methods for reporting computer security incidents
JP2012129999A (en) Intelligent system and method for mitigating cyber attacks in critical systems through controlling latency of messages in communications network
CN110351277A (en) Electric power monitoring system security protection alarm method
CN106385413A (en) Intruding message flow processing method and device
CN108234426B (en) APT attack warning method and APT attack warning device
US20210051178A1 (en) Determination and autocorrection of modified security policies
CN107563192A (en) A kind of means of defence for extorting software, device, electronic equipment and storage medium
CN111949421B (en) SDK calling method, device, electronic equipment and computer readable storage medium
CN114584391B (en) Method, device, equipment and storage medium for generating abnormal flow processing strategy
CN107612755A (en) The management method and its device of a kind of cloud resource
CN106899977B (en) Abnormal flow detection method and device
CN106209839B (en) Invade the means of defence and device of message
CN107818260B (en) Method and device for guaranteeing system safety
CN104052852B (en) Communication means and device
CN114124453A (en) Network security information processing method and device, electronic equipment and storage medium
CN115208601A (en) Method and system for actively defending malicious scanning

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
CB02 Change of applicant information

Address after: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building

Applicant after: Hangzhou Dipu Polytron Technologies Inc

Address before: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building

Applicant before: Hangzhou Dipu Technology Co., Ltd.

COR Change of bibliographic data
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170208

RJ01 Rejection of invention patent application after publication