CN110519221A - A kind of pair of host carries out the method, apparatus and management system of safeguard protection - Google Patents
A kind of pair of host carries out the method, apparatus and management system of safeguard protection Download PDFInfo
- Publication number
- CN110519221A CN110519221A CN201910631950.7A CN201910631950A CN110519221A CN 110519221 A CN110519221 A CN 110519221A CN 201910631950 A CN201910631950 A CN 201910631950A CN 110519221 A CN110519221 A CN 110519221A
- Authority
- CN
- China
- Prior art keywords
- host
- information
- library
- message
- level
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 238000012545 processing Methods 0.000 claims description 8
- 241000700605 Viruses Species 0.000 claims description 5
- 230000002085 persistent effect Effects 0.000 abstract description 6
- 238000005457 optimization Methods 0.000 abstract description 4
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- UPLPHRJJTCUQAY-WIRWPRASSA-N 2,3-thioepoxy madol Chemical compound C([C@@H]1CC2)[C@@H]3S[C@@H]3C[C@]1(C)[C@@H]1[C@@H]2[C@@H]2CC[C@](C)(O)[C@@]2(C)CC1 UPLPHRJJTCUQAY-WIRWPRASSA-N 0.000 description 1
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000003612 virological effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/951—Indexing; Web crawling techniques
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention discloses method, apparatus and management system that a kind of pair of host carries out safeguard protection, which comprises constructs information bank, the second-level message library including primary information library and host local in management system with specific information;The host continues to monitor network access and is matched with the information in described information storehouse when discovery is there are when doubtful specific information;When the doubtful specific information is present in described information storehouse, the host determines that it is fallacious message and handles.The embodiment of the present invention establishes primary information library by persistent collection fallacious message, and after host is online, the local second-level message library of Continuous optimization adjustment, to realize that host quickly identifies and resists newest, most popular, most pregnable fallacious message.
Description
Technical field
The present invention relates to software security techniques, espespecially a kind of pair of host carries out method, apparatus and the management system of safeguard protection
System.
Background technique
With the rapid growth of Internet, many traditional information and Database Systems are being transplanted to internet
On, E-Government increases rapidly, and extensive, complicated Distributed Application just occurs in Web environment.In traditional security system
Under, pay attention to the Security Construction of network layer, data transfer layer, application layer etc., often ignores the safety measure of host itself.
Complexity, diversity and the system vulnerability of application system emerge one after another, and new viral wooden horse and malicious code are wreaked havoc on the net, pass
The products such as safety measure firewall, intrusion detection and the antivirus software of system are no longer satisfied current demand for security, according to system
Meter, the network management center that China 95% is connected with Internet is all by the attack or intrusion of local and overseas hackers, wherein political affairs
The mechanisms such as mansion, bank, finance are the emphasis of hacker attack.In addition, Gartner is counted, 70% attack is from internal therefore interior
The security risk in portion is even more serious.Therefore, the missing of host layer safety prevention measure has given the machine of virus, hacker attacks host
How meeting utilizes Initiative Defense, ensures that the safety of server host itself becomes urgent problem to be solved.
Summary of the invention
In order to solve the above-mentioned technical problem, the embodiment of the invention provides a kind of pair of host carry out safeguard protection method,
Device and management system can establish primary information library by persistent collection fallacious message, and after host is online, continue excellent
Change the local second-level message library of adjustment, to realize that host quickly identifies and resists the purpose of fallacious message.
In order to reach the object of the invention, on the one hand, the embodiment of the invention provides a kind of pair of hosts to carry out safeguard protection
Method, comprising:
Information bank, the second-level message including primary information library and host local in management system are constructed with specific information
Library;
The host continues to monitor network access, when discovery is there are when doubtful specific information, with the letter in described information storehouse
Breath is matched;
When the doubtful specific information is present in described information storehouse, the host determines that it is fallacious message and locates
Reason.
Further, the method also includes:
After the host booting, receives the primary information library from management system and choose the specific information building sent
At the second-level message library of the host;
The host carries out with the information in the second-level message library first when discovery is there are when doubtful specific information
Match;
When the doubtful specific information is present in the second-level message library, the host determines that it is fallacious message simultaneously
Processing.
Optionally, the method also includes:
When the doubtful specific information is not present in the second-level message library, then host is into the primary information library
It goes to search, and if it exists, be then determined as fallacious message and handle;And the fallacious message is added in the second-level message library.
Further, the method also includes: after the host determines the fallacious message, improve the fallacious message
Weight in the second-level message library.
Further, the method also includes: by weight in second level fallacious message library it is minimum fallacious message deletion.
Optionally, the method also includes:
The information in the primary information library in the management system of building includes that virus, the malice on the network persistently crawled interconnect
FidonetFido IP address, port easy to pollute and popular fallacious message.
On the other hand, the embodiment of the invention also provides the devices that a kind of pair of host carries out safeguard protection, comprising:
Reception device, for specific information construct information bank, including in management system primary information library and host sheet
The second-level message library on ground;
Coalignment continues to monitor network access for the host, and described when discovery is there are when doubtful specific information
Information in information bank is matched;
Processing unit is judged, for when the doubtful specific information is present in described information storehouse, the host to be determined
It is fallacious message and handles.
Further, described device is also used to:
After the host booting, receives the primary information library from management system and choose the specific information building sent
At the second-level message library of the host;
The host carries out with the information in the second-level message library first when discovery is there are when doubtful specific information
Match;
When the doubtful specific information is present in the second-level message library, the host determines that it is fallacious message simultaneously
Processing.
Further, described device is also used to:
When the doubtful specific information is not present in the second-level message library, then host is into the primary information library
It goes to search, and if it exists, be then determined as fallacious message and handle;And the fallacious message is added in the second-level message library.
Further, described device is also used to: after the host determines the fallacious message, improving the fallacious message
Weight in the second-level message library.
Further, described device is also used to: the minimum fallacious message of weight in second level fallacious message library is deleted.
The embodiment of the invention also provides the management system that a kind of pair of host carries out safeguard protection, the management system passes through
The primary information library of building is for realizing the method for carrying out safeguard protection to host.
The embodiment of the present invention by with specific information construct information bank, including in management system primary information library and host
Local second-level message library;The host continues to monitor network access, when discovery is there are when doubtful specific information, with the information
Information in library is matched;When the doubtful specific information is present in described information storehouse, the host determines that it is evil
Meaning information is simultaneously handled.The embodiment of the present invention establishes primary information library by persistent collection fallacious message, and after host is online,
The local second-level message library of Continuous optimization adjustment, to realize that host is quickly identified and resisted newest, most popular, most pregnable
Fallacious message.
Other features and advantages of the present invention will be illustrated in the following description, also, partly becomes from specification
It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention can be by specification, right
Specifically noted structure is achieved and obtained in claim and attached drawing.
Detailed description of the invention
Attached drawing is used to provide to further understand technical solution of the present invention, and constitutes part of specification, with this
The embodiment of application technical solution for explaining the present invention together, does not constitute the limitation to technical solution of the present invention.
Fig. 1 is the flow chart for the method that the embodiment of the present invention carries out safeguard protection to host;
Fig. 2 is the structure chart for the device that the embodiment of the present invention carries out safeguard protection to host.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention
Embodiment be described in detail.It should be noted that in the absence of conflict, in the embodiment and embodiment in the application
Feature can mutual any combination.
Step shown in the flowchart of the accompanying drawings can be in a computer system such as a set of computer executable instructions
It executes.Also, although logical order is shown in flow charts, and it in some cases, can be to be different from herein suitable
Sequence executes shown or described step.
Fig. 1 is the flow chart for the method that the embodiment of the present invention carries out safeguard protection to host, as shown in Figure 1, the present invention is real
Apply the method for example the following steps are included:
Step 101: constructing information bank with specific information, two including primary information library and host local in management system
Grade information bank;
In particular it relates to which a kind of in software security carry out safeguard protection to host by quickly identification fallacious message
Method.The embodiment of the present invention establishes level-one fallacious message library by persistent collection fallacious message, and after host is online, holds
It is continuous to optimize and revise local second level fallacious message library, to realize that host quickly identifies and resists newest, most popular, most easily attack
Fallacious message.
Wherein, the embodiment of the present invention is established and safeguards local second level fallacious message library;Network access is continued to monitor, detection is worked as
To the information matches in doubtful fallacious message, with fallacious message library, judge whether the information is determining fallacious message
Step 102: the host continues to monitor network access, when discovery is there are when doubtful specific information, with the information
Information in library is matched;
Specifically, host local second level fallacious message library is matched, judges that the doubtful fallacious message is all to exist, if deposited
It is then being confirmed as fallacious message and is handling;If it does not exist, then with level-one fallacious message storehouse matching;
Level-one fallacious message library is matched, judges that the doubtful fallacious message whether there is, is believed if it is present being confirmed as malice
It ceases and handles, and the fallacious message is stored to second level fallacious message library, while adjusting second level fallacious message library, delete weight most
Low fallacious message;If it does not exist, then being confirmed as non-malicious information;
Step 103: when the doubtful specific information is present in described information storehouse, the host, which determines that it is malice, to be believed
It ceases and handles.
Further, the method also includes:
After the host booting, receives the primary information library from management system and choose the specific information building sent
At the second-level message library of the host;
The host carries out with the information in the second-level message library first when discovery is there are when doubtful specific information
Match;
When the doubtful specific information is present in the second-level message library, the host determines that it is fallacious message simultaneously
Processing.
Optionally, the method also includes:
When the doubtful specific information is not present in the second-level message library, then host is into the primary information library
It goes to search, and if it exists, be then determined as fallacious message and handle;And the fallacious message is added in the second-level message library.
Further, the method also includes: after the host determines the fallacious message, improve the fallacious message
Weight in the second-level message library.
Further, the method also includes: by weight in second level fallacious message library it is minimum fallacious message deletion.
Optionally, the method also includes:
The information in the primary information library in the management system of building includes that virus, the malice on the network persistently crawled interconnect
FidonetFido IP address, port easy to pollute and popular fallacious message.
Wherein, the embodiment of the present invention carries out safeguard protection to host by quickly identification fallacious message, is constantly to crawl receipts
Collect fallacious message, Lai Jianli level-one fallacious message library.
Specifically, the realization process of the embodiment of the present invention is as follows:
Firstly, establish level-one fallacious message library in the hosted environment as management end, persistently crawl virus on network,
Malice internet protocol address (Internet Protocol Address), port easy to pollute and other popular malice are believed
Breath.
Then, after normal hosts booting, management end chooses most popular fixed quantity from level-one fallacious message library
Fallacious message be handed down to the normal hosts, become the second level fallacious message library of the normal hosts.
Normal hosts continuous monitoring system, when discovery has doubtful fallacious message, actively the doubtful fallacious message and second level
Fallacious message library is compared, if the fallacious message is present in second-level message library, it is determined that for fallacious message and is handled, and corresponding
Improve weight of the fallacious message in second level fallacious message library.
If the doubtful fallacious message is not present in second level fallacious message library, go in level-one fallacious message library to go to search,
If it exists, it is determined that for fallacious message and handle, while the fallacious message being added in second level fallacious message library, further
Ground, the minimum fallacious message of weight will be deleted in corresponding second level fallacious message library, to guarantee that second level fallacious message library is small but excellent.
Wherein, if the doubtful fallacious message is not also in level-one fallacious message library, it is confirmed as non-malicious information, no longer
Processing.
In this way, making host be enough actively, quickly to identify and resist by the second level fallacious message library of continuous adjusting and optimizing
Newest, most popular, most pregnable fallacious message.
Persistent collection of the embodiment of the present invention simultaneously establishes level-one fallacious message library;Continuous optimization adjusts local second level fallacious message
Library, to realize that host quickly identifies and resists newest, most popular, most pregnable fallacious message.
Fig. 2 is the structure chart for the device that the embodiment of the present invention carries out safeguard protection to host, as shown in Fig. 2, the present invention is real
Apply the device that on the other hand a kind of pair of host that example provides carries out safeguard protection, comprising:
Reception device 201, for specific information construct information bank, including in management system primary information library and host
Local second-level message library;
Coalignment 202 continues to monitor network access for the host, when discovery is there are when doubtful specific information, with
Information in described information storehouse is matched;
Processing unit 203 is judged, for when the doubtful specific information is present in described information storehouse, the host to be true
Fixed its is fallacious message and handles.
Further, described device is also used to:
After the host booting, receives the primary information library from management system and choose the specific information building sent
At the second-level message library of the host;
The host carries out with the information in the second-level message library first when discovery is there are when doubtful specific information
Match;
When the doubtful specific information is present in the second-level message library, the host determines that it is fallacious message simultaneously
Processing.
Further, described device is also used to:
When the doubtful specific information is not present in the second-level message library, then host is into the primary information library
It goes to search, and if it exists, be then determined as fallacious message and handle;And the fallacious message is added in the second-level message library.
Further, described device is also used to: after the host determines the fallacious message, improving the fallacious message
Weight in the second-level message library.
Further, described device is also used to: the minimum fallacious message of weight in second level fallacious message library is deleted.
The embodiment of the invention also provides the management system that a kind of pair of host carries out safeguard protection, the management system passes through
The primary information library of building is for realizing the method for carrying out safeguard protection to host.
In conclusion the embodiment of the present invention constructs information bank with specific information, including the primary information library in management system
With the second-level message library of host local;The host continues to monitor network access, when discovery is there are when doubtful specific information, with institute
The information stated in information bank is matched;When the doubtful specific information is present in described information storehouse, the host is determined
It is fallacious message and handles.The embodiment of the present invention establishes primary information library by persistent collection fallacious message, and on host
After line, the local second-level message library of Continuous optimization adjustment, to realize that host is quickly identified and resisted newest, most popular, most
Pregnable fallacious message.
Although disclosed herein embodiment it is as above, the content only for ease of understanding the present invention and use
Embodiment is not intended to limit the invention.Technical staff in any fields of the present invention is taken off not departing from the present invention
Under the premise of the spirit and scope of dew, any modification and variation, but the present invention can be carried out in the form and details of implementation
Scope of patent protection, still should be subject to the scope of the claims as defined in the appended claims.
Claims (10)
1. the method that a kind of pair of host carries out safeguard protection characterized by comprising
Information bank, the second-level message library including primary information library and host local in management system are constructed with specific information;
The host continues to monitor network access, when discovery is there are when doubtful specific information, with the information in described information storehouse into
Row matching;
When the doubtful specific information is present in described information storehouse, the host determines that it is fallacious message and handles.
2. the method according to claim 1 for carrying out safeguard protection to host, which is characterized in that further include:
After the host booting, receives the specific information that the primary information library selection from management system is sent and be built into institute
State the second-level message library of host;
The host is matched first with the information in the second-level message library when discovery is there are when doubtful specific information;
When the doubtful specific information is present in the second-level message library, the host determines that it is fallacious message and locates
Reason.
3. the method according to claim 1 for carrying out safeguard protection to host, which is characterized in that further include:
When the doubtful specific information is not present in the second-level message library, then host is looked into the primary information library
It looks for, and if it exists, be then determined as fallacious message and handle;And the fallacious message is added in the second-level message library.
4. the method according to claim 2 or 3 for carrying out safeguard protection to host, which is characterized in that further include: when described
After host determines the fallacious message, weight of the fallacious message in the second-level message library is improved.
5. according to right want 4 described in host carry out safeguard protection method, which is characterized in that further include: by the second level
The fallacious message that weight is minimum in fallacious message library is deleted.
6. the method according to claim 1 for carrying out safeguard protection to host, which is characterized in that further include:
The information in the primary information library in the management system of building includes virus on the network persistently crawled, malice internet protocol
Discuss IP address, port easy to pollute and popular fallacious message.
7. the device that a kind of pair of host carries out safeguard protection characterized by comprising
Reception device, for constructing information bank with specific information, including in management system primary information library and host it is local
Second-level message library;
Coalignment continues to monitor network access for the host, when discovery is there are when doubtful specific information, with the information
Information in library is matched;
Processing unit is judged, for when the doubtful specific information is present in described information storehouse, the host to be determined that it is
Fallacious message is simultaneously handled.
8. the device according to claim 7 for carrying out safeguard protection to host, which is characterized in that described device is also used to:
After the host booting, receives the specific information that the primary information library selection from management system is sent and be built into institute
State the second-level message library of host;
The host is matched first with the information in the second-level message library when discovery is there are when doubtful specific information;
When the doubtful specific information is present in the second-level message library, the host determines that it is fallacious message and locates
Reason.
9. the device according to claim 7 for carrying out safeguard protection to host, which is characterized in that described device is also used to:
When the doubtful specific information is not present in the second-level message library, then host is looked into the primary information library
It looks for, and if it exists, be then determined as fallacious message and handle;And the fallacious message is added in the second-level message library.
10. the management system that a kind of pair of host carries out safeguard protection, which is characterized in that the level-one that the management system passes through building
Information bank is for realizing method described in claim 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910631950.7A CN110519221A (en) | 2019-07-12 | 2019-07-12 | A kind of pair of host carries out the method, apparatus and management system of safeguard protection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910631950.7A CN110519221A (en) | 2019-07-12 | 2019-07-12 | A kind of pair of host carries out the method, apparatus and management system of safeguard protection |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110519221A true CN110519221A (en) | 2019-11-29 |
Family
ID=68623412
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910631950.7A Pending CN110519221A (en) | 2019-07-12 | 2019-07-12 | A kind of pair of host carries out the method, apparatus and management system of safeguard protection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110519221A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101567888A (en) * | 2008-12-29 | 2009-10-28 | 郭世泽 | Safety protection method of network feedback host computer |
| CN103632097A (en) * | 2013-12-13 | 2014-03-12 | 扬州永信计算机有限公司 | Security threat processing method of portable mobile terminal |
| US20160019377A1 (en) * | 2014-06-18 | 2016-01-21 | Storagecraft Technology Corporation | Software revalidation |
| CN106302484A (en) * | 2016-08-22 | 2017-01-04 | 浪潮电子信息产业股份有限公司 | Method for centralized management of strategies |
| CN108769045A (en) * | 2018-06-07 | 2018-11-06 | 深圳市风云实业有限公司 | Acl rule configuration method, device and the network equipment |
| CN109413045A (en) * | 2018-09-26 | 2019-03-01 | 中国联合网络通信集团有限公司 | A kind of access control system and method |
-
2019
- 2019-07-12 CN CN201910631950.7A patent/CN110519221A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101567888A (en) * | 2008-12-29 | 2009-10-28 | 郭世泽 | Safety protection method of network feedback host computer |
| CN103632097A (en) * | 2013-12-13 | 2014-03-12 | 扬州永信计算机有限公司 | Security threat processing method of portable mobile terminal |
| US20160019377A1 (en) * | 2014-06-18 | 2016-01-21 | Storagecraft Technology Corporation | Software revalidation |
| CN106302484A (en) * | 2016-08-22 | 2017-01-04 | 浪潮电子信息产业股份有限公司 | Method for centralized management of strategies |
| CN108769045A (en) * | 2018-06-07 | 2018-11-06 | 深圳市风云实业有限公司 | Acl rule configuration method, device and the network equipment |
| CN109413045A (en) * | 2018-09-26 | 2019-03-01 | 中国联合网络通信集团有限公司 | A kind of access control system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11057404B2 (en) | Method and apparatus for defending against DNS attack, and storage medium | |
| US7464407B2 (en) | Attack defending system and attack defending method | |
| CN110730175B (en) | Botnet detection method and detection system based on threat information | |
| CN110602100B (en) | DNS tunnel flow detection method | |
| JP6014280B2 (en) | Information processing apparatus, method, and program | |
| US8943586B2 (en) | Methods of detecting DNS flooding attack according to characteristics of type of attack traffic | |
| US7768921B2 (en) | Identification of potential network threats using a distributed threshold random walk | |
| KR101231975B1 (en) | Method of defending a spoofing attack using a blocking server | |
| US8561188B1 (en) | Command and control channel detection with query string signature | |
| CN101589595A (en) | A containment mechanism for potentially contaminated end systems | |
| JP2003527793A (en) | Method for automatic intrusion detection and deflection in a network | |
| JP4768020B2 (en) | Method of defending against DoS attack by target victim self-identification and control in IP network | |
| KR101553264B1 (en) | System and method for preventing network intrusion | |
| KR20080028381A (en) | Method for defending against denial of service attacks in ip networks by target victim self-identification and control | |
| JP2016146114A (en) | Management method of blacklist | |
| US7596808B1 (en) | Zero hop algorithm for network threat identification and mitigation | |
| US20210266331A1 (en) | Malicious C&C channel to fixed IP detection | |
| CN110493253B (en) | Botnet analysis method of home router based on raspberry group design | |
| Shin et al. | Unsupervised multi-stage attack detection framework without details on single-stage attacks | |
| CN108810008A (en) | Transmission control protocol traffic filtering method, apparatus, server and storage medium | |
| Priyadharshini et al. | Prevention of DDOS attacks using new cracking algorithm | |
| JP6106861B1 (en) | Network security device, security system, network security method, and program | |
| Samineni et al. | Stealth and semi-stealth MITM attacks, detection and defense in IPv4 networks | |
| CN114745142A (en) | Abnormal flow processing method and device, computer equipment and storage medium | |
| Subbulakshmi et al. | A unified approach for detection and prevention of DDoS attacks using enhanced support vector machines and filtering mechanisms |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191129 |