CN114172831B - Brute force cracking method, system, computer and storage medium - Google Patents
Brute force cracking method, system, computer and storage medium Download PDFInfo
- Publication number
- CN114172831B CN114172831B CN202111470950.7A CN202111470950A CN114172831B CN 114172831 B CN114172831 B CN 114172831B CN 202111470950 A CN202111470950 A CN 202111470950A CN 114172831 B CN114172831 B CN 114172831B
- Authority
- CN
- China
- Prior art keywords
- time
- cracking
- attempt
- brute force
- violent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000005336 cracking Methods 0.000 title claims abstract description 125
- 238000000034 method Methods 0.000 title claims abstract description 55
- 238000003860 storage Methods 0.000 title claims abstract description 12
- 238000012544 monitoring process Methods 0.000 claims description 16
- 238000004590 computer program Methods 0.000 claims description 10
- 238000004458 analytical method Methods 0.000 claims description 3
- 230000007547 defect Effects 0.000 abstract 1
- 238000004891 communication Methods 0.000 description 13
- 238000010586 diagram Methods 0.000 description 10
- 230000009172 bursting Effects 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 6
- 230000007123 defense Effects 0.000 description 5
- 230000008901 benefit Effects 0.000 description 4
- 230000007774 longterm Effects 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000001133 acceleration Effects 0.000 description 1
- 230000002411 adverse Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 239000006185 dispersion Substances 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Environmental & Geological Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Alarm Systems (AREA)
Abstract
The application relates to a brute force cracking method, a system, a computer and a storage medium, wherein the brute force cracking method comprises the following steps: step one: acquiring input signals of a starting point time T, a time window period T and an alarm threshold N; acquiring the flow in the starting time T to the time t+T and acquiring a message; step two: counting the number N of the messages according to a preset rule and judging whether N is more than N; if yes, outputting a brute force cracking attempt; meanwhile, whether the violent cracking attempt is successful or not is monitored; step three: if the violent cracking is not successful, taking the output time of the violent cracking attempt as the starting point time, repeating the second step until the sliding time length reaches the time length of the time window period T, and settling the violent cracking attempt after the expiration of the time window period T when the violent cracking is monitored to be successful. The application solves the defects of the comparison method and the problem of missing report of defending safety in the existing method for preventing login information from being cracked by violence.
Description
Technical Field
The application relates to the technical field of network security data, in particular to a brute force cracking method, a system, a computer and a storage medium.
Background
While the economy is rapidly developed, the science and technology are continuously improved, and the network becomes an indispensable important component in the current social production and life, thereby bringing great convenience to users. At the same time, the network system also suffers from a certain security threat, which brings adverse effects to normal use of the network system. Particularly in the big data age, a great amount of important information is stored in the network system, and once the network system has a security problem, great loss is caused. Network security events refer to unfair behaviors affecting computer system and network security, which generally occur in a short time and cause huge losses, and the key of network events is speed and efficiency, and network security emergency response is to clearly know network security, estimate and prepare the network security, so that when sudden network security events occur, the network security events are orderly handled and properly processed.
With the development of networks, the current network security situation is very serious. Weak passwords and long-term account numbers without changing passwords bring great security threat to the information system. The information system should strengthen the management and security consciousness of various network accounts of individuals, change the password into a strong password and maintain regularly, but attack and defense are always in existence. The login authentication mode of the global wide area network service has no unified standard, and the violent cracking is the preferred attack means of most hackers due to the characteristics of simple operation and low utilization cost, so that how to prevent login information from being violently cracked is more important. Brute force cracking attacks refer to cracking sensitive information such as account names, passwords and the like of users by systematically combining all possibilities and trying all the possibilities. Although brute force attacks are not very complex types of attacks, if they cannot be effectively monitored and analyzed for flow, then it is still possible that the attacks are successful. Such as the number of attempted logins of the same IP, which may exist in the previous window and the next window, and the number of times of dispersion in the two windows, does not satisfy the brute force cracking condition; the times of the two windows are overlapped, and the times of violent cracking can be met, so that the missing report can occur. Therefore, the personal defense on the one hand can not completely solve the account safety problem, and some intelligent means are needed for defending and early warning.
At present, no effective solution is proposed for solving the technical problem of the violent cracking and defending safety missing report in the related technology.
Disclosure of Invention
The embodiment of the application provides a violent cracking method, a violent cracking system, a computer and a storage medium, which at least solve the technical problem of the violent cracking defending safety report missing in the related technology.
In a first aspect, an embodiment of the present application provides a brute force cracking method, including:
acquiring an input signal of a starting point time T, a time window period T and an alarm threshold value N set according to a preset rule in the time window period T;
Acquiring the flow in the starting point time T to the time t+T, and analyzing the flow to obtain a message;
counting the number N of the messages according to the preset rule, and judging whether N is more than N;
If yes, outputting a violent cracking attempt and sending a prompt signal;
meanwhile, monitoring whether the brute force cracking attempt is successful;
If the violent cracking is not successful, the output time of the violent cracking attempt is taken as the starting point time, the steps of obtaining the flow in the starting point time T to the time t+T and analyzing the flow to obtain the message are repeated until the sliding duration reaches the duration of the time window period T, and when the violent cracking is monitored to be successful, the violent cracking attempt is settled after the time window period T expires.
In some embodiments, after the step of counting the number N of the messages according to the preset rule and determining whether N > N is true, the method further includes:
if N > N is judged to be not established, the step of obtaining the flow in the starting point time T to the time t+T is repeated by taking the time t+T as the starting point, and the flow is analyzed to obtain the message until the sliding duration reaches the duration of the time window period T, and when the success of the violent cracking is monitored, the violent cracking attempt is settled after the expiration of the time window period T.
In some embodiments, after the step of concurrently monitoring whether the brute force cracking attempt was successful, the method further comprises:
if the violent cracking attempt is monitored to be successful, the violent cracking attempt is settled.
In some embodiments, the preset rule refers to a message having the same message characteristics; the message feature of this embodiment refers to the login IP message format.
In some of these embodiments, the traffic includes different numbers of logins to the IP and the same number of logins to the IP.
In a second aspect, an embodiment of the present application provides a brute force cracking system, including:
The acquisition module is used for acquiring the starting point time T, the time window period T and input signals of the alarm threshold N set according to a preset rule in the time window period T;
The analysis module is used for obtaining the flow in the starting point time T to the time t+T and analyzing the flow to obtain a message;
The judging module is used for counting the number N of the messages according to the preset rule and judging whether N is more than N or not;
and an output module: if N is more than N, outputting a brute force cracking attempt and sending a prompt signal;
the monitoring module is used for simultaneously monitoring whether the violent cracking attempt is successful;
And the first settlement module is used for repeating the steps of acquiring the flow from the starting time T to the time t+T by taking the output time of the violent cracking attempt as the starting time under the condition that the cracking is not successful, analyzing the flow to obtain a message until the sliding duration reaches the duration of the time window period T, and settling the violent cracking attempt after the expiration of the time window period T when the success of the violent cracking is monitored.
In some of these embodiments, the system further comprises:
And a second settlement module: and if N is not greater than N, repeating the steps of acquiring the flow from the starting point time T to the time t+T by taking the time t+T as the starting point, analyzing the flow to obtain the message until the sliding duration reaches the duration of the time window period T, and settling the violent cracking attempt after the expiration of the time window period T when the success of the violent cracking is monitored.
In some of these embodiments, the system further comprises:
and a third settlement module: and if the violent cracking attempt is monitored to be successful, the violent cracking attempt is settled.
In a third aspect, an embodiment of the present application provides a computer, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the brute force cracking method according to the first aspect.
In a fourth aspect, an embodiment of the present application provides a storage medium having stored thereon a computer program which, when executed by a processor, implements a brute force cracking method as described in the first aspect above.
Compared with the related art, the violence cracking method, system, computer and storage medium provided by the embodiment of the application are used for monitoring violence cracking attempts based on the sliding window. If the violent cracking exists, synchronously monitoring whether the violent cracking is successful or not, specifically, when the number N of messages with the same message characteristics reaches an alarm threshold value N in a time window, immediately outputting a violent cracking attempt, continuing to carry out the violent cracking detection by taking the output time of the alarm as a starting point, and continuing sliding the time window, if the violent cracking is still carried out, outputting the violent cracking attempt only when the settlement is carried out after the expiration of the time window, thereby solving the technical problem of the violent cracking defense safety missing messages in the related art, and realizing the functional characteristics of visible breaking process, judgment of breaking results, high real-time of breaking success and the like in the operation of breaking attempts.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the other features, objects, and advantages of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings:
FIG. 1 is a flow chart of a brute force method provided in accordance with an embodiment of the present invention;
FIG. 2 is a block diagram of a brute force cracking system according to a method of the second embodiment of the present invention;
FIG. 3 is a flow chart of a brute force method provided by a third embodiment of the present invention;
FIG. 4 is a block diagram of a brute force cracking system according to a third embodiment of the invention;
FIG. 5 is a flow chart of a brute force method provided in a fifth embodiment of the present invention;
FIG. 6 is a block diagram of a brute force cracking system according to a fifth method of the sixth embodiment of the present invention;
fig. 7 is a schematic hardware structure of a computer according to a seventh embodiment of the present invention.
Reference numerals illustrate:
10-an acquisition module;
20-an analysis module;
30-judging module;
40-an output module;
50-a monitoring module;
60-a first settlement module;
70-a second settlement module;
80-a third settlement module;
90-bus; 91-a processor; 92-memory; 93-communication interface.
Detailed Description
The present application will be described and illustrated with reference to the accompanying drawings and examples in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application. All other embodiments, which can be made by a person of ordinary skill in the art based on the embodiments provided by the present application without making any inventive effort, are intended to fall within the scope of the present application.
It is apparent that the drawings in the following description are only some examples or embodiments of the present application, and it is possible for those of ordinary skill in the art to apply the present application to other similar situations according to these drawings without inventive effort. Moreover, it should be appreciated that while such a development effort might be complex and lengthy, it would nevertheless be a routine undertaking of design, fabrication, or manufacture for those of ordinary skill having the benefit of this disclosure, and thus should not be construed as having the benefit of this disclosure.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is to be expressly and implicitly understood by those of ordinary skill in the art that the described embodiments of the application can be combined with other embodiments without conflict.
Unless defined otherwise, technical or scientific terms used herein should be given the ordinary meaning as understood by one of ordinary skill in the art to which this application belongs. The terms "a," "an," "the," and similar referents in the context of the application are not to be construed as limiting the quantity, but rather as singular or plural. The terms "comprising," "including," "having," and any variations thereof, are intended to cover a non-exclusive inclusion; for example, a process, method, system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to only those steps or elements but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. The terms "connected," "coupled," and the like in connection with the present application are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. The term "plurality" as used herein means two or more. "and/or" describes an association relationship of an association object, meaning that there may be three relationships, e.g., "a and/or B" may mean: a exists alone, A and B exist together, and B exists alone. The character "/" generally indicates that the context-dependent object is an "or" relationship. The terms "first," "second," "third," and the like, as used herein, are merely distinguishing between similar objects and not representing a particular ordering of objects.
The various techniques described in this disclosure may be used for various wireless communication systems such as 2G, 3G, 4G, 5G communication systems and next generation communication systems, as well as global system for mobile communications (Global System for Mobile communications, abbreviated GSM), code division multiple access (Code Division Multiple Access, abbreviated CDMA) systems, time division multiple access (Time Division Multiple Access, abbreviated TDMA) systems, wideband code division multiple access (Wideband Code Division Multiple ACCESS WIRELESS, abbreviated WCDMA), frequency division multiple access (Frequency Division Multiple Addressing, abbreviated FDMA) systems, orthogonal frequency division multiple access (Orthogonal Frequency-Division Multiple Access, abbreviated OFDMA) systems, single carrier FDMA (SC-FDMA) systems, general packet Radio Service (GENERAL PACKET Service, abbreviated GPRS) systems, long term evolution (Long Term Evolution, abbreviated LTE) systems, new air interface (New Radio, abbreviated NR) systems, and other such communication systems.
The brute force cracking system provided in this embodiment may be integrated in a base station, a remote radio unit (Radio Remote Unit, abbreviated as RRU), or any other network element device that needs to perform radio frequency transceiving. A base station in this context may be a device in an access network that communicates over the air-interface, through one or more sectors, with wireless terminals. The base station may be configured to convert received air frames to and from internet protocol (Internet Protocol, abbreviated IP) packets as a router between the wireless terminal and the rest of the access network, which may include an IP network. The base station may also coordinate attribute management for the air interface. For example, the base station may be a base station (Base Transceiver Station, abbreviated as BTS) in GSM or CDMA, a base station (Node B) in WCDMA, an evolved base station (evolutional Node B, abbreviated as eNB or e-Node B) in LTE, or a base station (generation Node B, abbreviated as gNB) in 5G NR, which is not limited by the present application.
Example 1
The embodiment provides a brute force cracking method. FIG. 1 is a flow chart of a brute force method according to an embodiment of the application, as shown in FIG. 1, the flow comprising the steps of:
Step S101, acquiring an input signal of a starting point time T, a time window period T and an alarm threshold value N set according to a preset rule in the time window period T.
The preset rule refers to a message with the same message characteristics, and the message characteristics refer to a login IP message format.
Step S102, obtaining the flow in the starting time T to the time t+T, and analyzing the flow to obtain the message.
Wherein, the flow includes the times of different login IP and the same IP login times.
Step S103, counting the number N of the messages according to the preset rule, and judging whether N > N is true or not.
Step S104, if yes, outputting a brute force cracking attempt and sending a prompt signal.
Step S105, at the same time, monitors whether the brute force cracking attempt is successful.
And step S106, if the violent cracking is not successful, repeating the steps of acquiring the flow from the starting time T to the time t+T by taking the output time of the violent cracking attempt as the starting time, analyzing the flow to obtain a message until the sliding duration reaches the duration of the time window period T, and settling the violent cracking attempt after the expiration of the time window period T when the violent cracking is monitored to be successful.
According to the method, on the basis of a selected time starting point T, messages of the time period from the time starting point T to a time window period T are collected, the number N of the messages of the preset rule is counted through making the preset rule of the messages with the same message characteristics, and by comparing the relation between N and N, when N is larger than N, the condition that the breaking attempt exists in the messages of the time period is indicated, meanwhile, the fact that the breaking attempt is not successful is monitored, the output time of the breaking attempt is taken as the starting point time, step S102 is repeated until the sliding time reaches the time of the time window period T, and when the breaking attempt of the violence is monitored to be successful, the settlement is carried out on the breaking attempt of the violence after the expiration of the time window period T. Therefore, the technical problem of the violent cracking defense safety missing report in the related technology is solved, and the functional characteristics of visible bursting process, judgment of bursting results, high real-time bursting success and the like are realized in the operation of bursting attempts.
Example two
The present embodiment provides a block diagram of a system corresponding to the method described in the first embodiment. FIG. 2 is a block diagram of a brute force system according to an embodiment of the application, as shown in FIG. 2, comprising:
an acquisition module 10, configured to acquire an input signal of a start time T, a time window period T, and an alarm threshold N set according to a preset rule in the time window period T;
The parsing module 20 is configured to obtain a flow from a start time T to a time t+t, and parse the flow to obtain a message;
the judging module 30 is configured to count N of the messages according to the preset rule, and judge whether N > N is true;
The output module 40: if N is more than N, outputting a brute force cracking attempt and sending a prompt signal;
A monitoring module 50 for simultaneously monitoring whether the brute force cracking attempt is successful;
The first settlement module 60 is configured to repeat the steps of obtaining the flow from the start time T to the time t+t and analyzing the flow to obtain the message if the output time of the brute force cracking attempt is taken as the start time under the condition that the cracking is not successful, until the sliding duration reaches the duration of the time window period T, and settle the brute force cracking attempt after the expiration of the time window period T when the success of the brute force cracking is detected.
The above-described respective modules may be functional modules or program modules, and may be implemented by software or hardware. For modules implemented in hardware, the various modules described above may be located in the same processor; or the above modules may be located in different processors in any combination.
Example III
The implementation provides a brute force cracking method. FIG. 3 is a flow chart of another brute force cracking method according to an embodiment of the application, as shown in FIG. 3, the flow comprising the steps of:
step S201, acquiring an input signal of a starting point time T, a time window period T, and an alarm threshold N set according to a preset rule in the time window period T.
Step S202, obtaining the flow in the starting time T to the time t+T, and analyzing the flow to obtain the message.
Step 203, counting the number N of the messages according to the preset rule, and judging whether N > N is true.
Step S204, if not, repeating the steps of obtaining the flow from the starting point time T to the time t+T by taking the time t+T as the starting point, analyzing the flow to obtain the message until the sliding duration reaches the duration of the time window period T, and settling the violent cracking attempt after the expiration of the time window period T when the success of the violent cracking is monitored.
Through the steps, on the basis of the selected time starting point T, messages of the time period from the time starting point T to the time window period T are collected, the number N of the messages of the preset rule is counted through making the preset rule of the messages with the same message characteristics, and by comparing the relation between N and N, when N is not more than N, the condition that no cracking attempt exists in the messages of the time period is indicated, the time of t+T is taken as the starting point time, the step S202 is repeated until the sliding duration reaches the duration of the time window period T, and when the success of the violent cracking is monitored, the settlement is carried out on the violent cracking attempt after the expiration of the time window period T. Therefore, the technical problem of the violent cracking defense safety missing report in the related technology is solved, and the functional characteristics of visible bursting process, judgment of bursting results, high real-time bursting success and the like are realized in the operation of bursting attempts.
Example IV
The present embodiment provides a block diagram of a system corresponding to the method described in the third embodiment. FIG. 4 is a block diagram of a brute force system according to an embodiment of the application, as shown in FIG. 4, comprising:
an acquisition module 10, configured to acquire an input signal of a start time T, a time window period T, and an alarm threshold N set according to a preset rule in the time window period T;
The parsing module 20 is configured to obtain a flow from a start time T to a time t+t, and parse the flow to obtain a message;
the judging module 30 is configured to count N of the messages according to the preset rule, and judge whether N > N is true;
the second settlement module 70: and if N is not greater than N, repeating the steps of acquiring the flow from the starting point time T to the time t+T by taking the time t+T as the starting point, analyzing the flow to obtain the message until the sliding duration reaches the duration of the time window period T, and settling the violent cracking attempt after the expiration of the time window period T when the success of the violent cracking is monitored.
The above-described respective modules may be functional modules or program modules, and may be implemented by software or hardware. For modules implemented in hardware, the various modules described above may be located in the same processor; or the above modules may be located in different processors in any combination.
Example five
The implementation provides a brute force cracking method. FIG. 5 is a flow chart of another brute force cracking method according to an embodiment of the application, as shown in FIG. 5, the flow comprising the steps of:
Step S301, acquiring a starting point time T, a time window period T and an input signal of an alarm threshold N set according to a preset rule in the time window period T;
step S302, obtaining the flow in the starting time T to the time t+T, and analyzing the flow to obtain a message;
step S303, counting the number N of the messages according to the preset rule, and judging whether N > N is true or not;
Step S304, if yes, outputting a brute force cracking attempt and sending a prompt signal;
Step S305, monitoring whether the violent cracking attempt is successful;
and step S306, if yes, settling the brute force cracking attempt.
By the steps, on the basis of the selected time starting point T, messages in the period from the time starting point T to the time window period T are collected, the number N of the messages in the preset rule is counted by making the preset rule of the messages with the same message characteristics, and under the condition that N is larger than N, the condition that the relationship between N and N is compared, the condition that the breaking attempt exists in the messages in the period is explained, meanwhile, the success of the breaking attempt is monitored, and the violent breaking attempt is settled. Therefore, the technical problems of the comparison method and the security omission of the method for preventing the login information from being broken by violence in the related technology are solved, and the method has the functional characteristics of visible breaking process, judgment of breaking result, high real-time breaking success and the like in the operation of breaking attempt.
Example six
The present embodiment provides a block diagram of a system corresponding to the method described in the fifth embodiment. FIG. 6 is a block diagram of a brute force system according to an embodiment of the application, as shown in FIG. 6, comprising:
an acquisition module 10, configured to acquire an input signal of a start time T, a time window period T, and an alarm threshold N set according to a preset rule in the time window period T;
The parsing module 20 is configured to obtain a flow from a start time T to a time t+t, and parse the flow to obtain a message;
the judging module 30 is configured to count N of the messages according to the preset rule, and judge whether N > N is true;
The output module 40: if N is more than N, outputting a brute force cracking attempt and sending a prompt signal;
A monitoring module 50 for simultaneously monitoring whether the brute force cracking attempt is successful;
Third settlement module 80: and if the violent cracking attempt is monitored to be successful, the violent cracking attempt is settled.
The above-described respective modules may be functional modules or program modules, and may be implemented by software or hardware. For modules implemented in hardware, the various modules described above may be located in the same processor; or the above modules may be located in different processors in any combination.
Example seven
The brute force cracking method of the embodiments of the application described in connection with fig. 1, 3, 5 may be implemented by a computer device. Fig. 7 is a schematic diagram of a hardware structure of a computer device according to an embodiment of the present application.
The computer device may include a processor 91 and a memory 92 storing computer program instructions.
In particular, the processor 91 may include a Central Processing Unit (CPU), or an Application SPECIFIC INTEGRATED Circuit, referred to as an ASIC, or may be configured as one or more integrated circuits that implement embodiments of the present application.
Memory 92 may include, among other things, mass storage for data or instructions. By way of example, and not limitation, memory 92 may comprise a hard disk drive (HARD DISK DRIVE, abbreviated HDD), a floppy disk drive, a Solid state drive (Solid STATE DRIVE, abbreviated SSD), flash memory, an optical disk, a magneto-optical disk, a magnetic tape, or a universal serial bus (Universal Serial Bus, abbreviated USB) drive, or a combination of two or more of these. The memory 92 may include removable or non-removable (or fixed) media, where appropriate. The memory 92 may be internal or external to the data processing apparatus, where appropriate. In a particular embodiment, the memory 92 is a Non-Volatile (Non-Volatile) memory. In particular embodiments, memory 92 includes Read-Only Memory (ROM) and random access Memory (Random Access Memory, RAM). Where appropriate, the ROM may be a mask-programmed ROM, a programmable ROM (Programmable Read-Only Memory, abbreviated PROM), an erasable PROM (Erasable Programmable Read-Only Memory, abbreviated EPROM), an electrically erasable PROM (ELECTRICALLY ERASABLE PROGRAMMABLE READ-Only Memory, abbreviated EEPROM), an electrically rewritable ROM (ELECTRICALLY ALTERABLE READ-Only Memory, abbreviated EAROM), or a FLASH Memory (FLASH), or a combination of two or more of these. The RAM may be a Static Random-Access Memory (SRAM) or a dynamic Random-Access Memory (Dynamic Random Access Memory DRAM), where the DRAM may be a fast page mode dynamic Random-Access Memory (Fast Page Mode Dynamic Random Access Memory, FPMDRAM), an extended data output dynamic Random-Access Memory (Extended Date Out Dynamic Random Access Memory, EDODRAM), a synchronous dynamic Random-Access Memory (Synchronous Dynamic Random-Access Memory, SDRAM), or the like, as appropriate.
Memory 92 may be used to store or cache various data files that need to be processed and/or communicated, as well as possible computer program instructions for execution by processor 91.
The processor 91 implements any of the brute force cracking methods of the above embodiments by reading and executing computer program instructions stored in the memory 92.
In some of these embodiments, the computer device may also include a communication interface 93 and a bus 90. As shown in fig. 7, the processor 91, the memory 92, and the communication interface 93 are connected to each other via the bus 90 and perform communication with each other.
The communication interface 93 is used to enable communication between modules, devices, units and/or units in embodiments of the application. The communication interface 93 may also enable communication with other components such as: and the external equipment, the image/data acquisition equipment, the database, the external storage, the image/data processing workstation and the like are used for data communication.
Bus 90 includes hardware, software, or both, coupling components of a computer device to each other. Bus 90 includes, but is not limited to, at least one of: data Bus (Data Bus), address Bus (Address Bus), control Bus (Control Bus), expansion Bus (Expansion Bus), local Bus (Local Bus). By way of example, and not limitation, bus 90 may include a graphics acceleration interface (ACCELERATED GRAPHICS Port, abbreviated as AGP) or other graphics Bus, an enhanced industry standard architecture (Extended Industry Standard Architecture, abbreviated as EISA) Bus, a Front Side Bus (Front Side Bus, abbreviated as FSB), a HyperTransport (abbreviated as HT) interconnect, an industry standard architecture (Industry Standard Architecture, abbreviated as ISA) Bus, a wireless bandwidth (InfiniBand) interconnect, a Low Pin Count (LPC) Bus, a memory Bus, a micro channel architecture (Micro Channel Architecture, abbreviated as MCA) Bus, a peripheral component interconnect (PERIPHERAL COMPONENT INTERCONNECT, abbreviated as PCI) Bus, a PCI-Express (PCI-X) Bus, a serial advanced technology attachment (SERIAL ADVANCED Technology Attachment, abbreviated as SATA) Bus, a video electronics standards Association local (Video Electronics Standards Association Local Bus, abbreviated as VLB) Bus, or other suitable Bus, or a combination of two or more of these. Bus 90 may include one or more buses, where appropriate. Although embodiments of the application have been described and illustrated with respect to a particular bus, the application contemplates any suitable bus or interconnect.
The computer device can execute the brute force cracking method in the embodiment of the application based on the obtained brute force cracking system, thereby realizing the brute force cracking method described in connection with figures 1,3 and 5.
In addition, in combination with the brute force cracking method in the above embodiment, the embodiment of the present application may be implemented by providing a storage medium. The storage medium having stored thereon computer program instructions; the computer program instructions, when executed by a processor, implement the brute force cracking method of any one of the first, third and fifth embodiments described above.
The technical features of the above-described embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above-described embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples illustrate only a few embodiments of the application, which are described in detail and are not to be construed as limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of protection of the present application is to be determined by the appended claims.
Claims (10)
1. A method of brute force cracking, comprising:
acquiring an input signal of a starting point time T, a time window period T and an alarm threshold value N set according to a preset rule in the time window period T;
Acquiring the flow in the starting point time T to the time t+T, and analyzing the flow to obtain a message;
counting the number N of the messages according to the preset rule, and judging whether N is more than N;
If yes, outputting a violent cracking attempt and sending a prompt signal;
meanwhile, monitoring whether the brute force cracking attempt is successful;
If the violent cracking is not successful, the output time of the violent cracking attempt is taken as the starting point time, the steps of obtaining the flow in the starting point time T to the time t+T and analyzing the flow to obtain the message are repeated until the sliding duration reaches the duration of the time window period T, and when the violent cracking is monitored to be successful, the violent cracking attempt is settled after the time window period T expires.
2. The brute force method according to claim 1, wherein after the step of counting the number N of the messages according to the preset rule and determining whether N > N is satisfied, the method further comprises:
if N > N is judged to be not established, the step of obtaining the flow in the starting point time T to the time t+T is repeated by taking the time t+T as the starting point, and the flow is analyzed to obtain the message until the sliding duration reaches the duration of the time window period T, and when the success of the violent cracking is monitored, the violent cracking attempt is settled after the expiration of the time window period T.
3. The brute force method of claim 1, wherein said step of concurrently monitoring whether the brute force attempt is successful further comprises:
if the violent cracking attempt is monitored to be successful, the violent cracking attempt is settled.
4. The brute force cracking method of claim 1, wherein said predetermined rules refer to messages having the same message characteristics.
5. The brute force method of claim 1, wherein said traffic includes different numbers of logins of IP and the same number of logins of IP.
6. A brute force cracking system, comprising:
The acquisition module is used for acquiring the starting point time T, the time window period T and input signals of the alarm threshold N set according to a preset rule in the time window period T;
The analysis module is used for obtaining the flow in the starting point time T to the time t+T and analyzing the flow to obtain a message;
The judging module is used for counting the number N of the messages according to the preset rule and judging whether N is more than N or not;
and an output module: if N is more than N, outputting a brute force cracking attempt and sending a prompt signal;
the monitoring module is used for simultaneously monitoring whether the violent cracking attempt is successful;
And the first settlement module is used for repeating the steps of acquiring the flow from the starting time T to the time t+T by taking the output time of the violent cracking attempt as the starting time under the condition that the cracking is not successful, analyzing the flow to obtain a message until the sliding duration reaches the duration of the time window period T, and settling the violent cracking attempt after the expiration of the time window period T when the success of the violent cracking is monitored.
7. The brute force cracking system of claim 6, further comprising:
And a second settlement module: and if N is not greater than N, repeating the steps of acquiring the flow from the starting point time T to the time t+T by taking the time t+T as the starting point, analyzing the flow to obtain the message until the sliding duration reaches the duration of the time window period T, and settling the violent cracking attempt after the expiration of the time window period T when the success of the violent cracking is monitored.
8. The brute force cracking system of claim 6, further comprising:
and a third settlement module: and if the violent cracking attempt is monitored to be successful, the violent cracking attempt is settled.
9. A computer comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the brute force cracking method of any one of claims 1 to 5 when the computer program is executed.
10. A storage medium having stored thereon a computer program, which when executed by a processor implements the brute force cracking method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111470950.7A CN114172831B (en) | 2021-12-03 | 2021-12-03 | Brute force cracking method, system, computer and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111470950.7A CN114172831B (en) | 2021-12-03 | 2021-12-03 | Brute force cracking method, system, computer and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114172831A CN114172831A (en) | 2022-03-11 |
| CN114172831B true CN114172831B (en) | 2024-05-28 |
Family
ID=80482960
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111470950.7A Active CN114172831B (en) | 2021-12-03 | 2021-12-03 | Brute force cracking method, system, computer and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114172831B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115208789B (en) * | 2022-07-14 | 2023-06-09 | 上海斗象信息科技有限公司 | Method and device for determining directory blasting behavior, electronic equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016045347A1 (en) * | 2014-09-25 | 2016-03-31 | 中兴通讯股份有限公司 | Malicious attack detection method, terminal, and computer storage medium |
| CN108494735A (en) * | 2018-02-13 | 2018-09-04 | 北京明朝万达科技股份有限公司 | It is a kind of illegally to crack login analysis alarm method and device |
| CN109743325A (en) * | 2019-01-11 | 2019-05-10 | 北京中睿天下信息技术有限公司 | A kind of Brute Force attack detection method, system, equipment and storage medium |
| CN112688930A (en) * | 2020-12-18 | 2021-04-20 | 深圳前海微众银行股份有限公司 | Brute force cracking detection method, system, equipment and medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8024782B2 (en) * | 2008-04-09 | 2011-09-20 | Zscaler, Inc. | Cumulative login credit |
-
2021
- 2021-12-03 CN CN202111470950.7A patent/CN114172831B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016045347A1 (en) * | 2014-09-25 | 2016-03-31 | 中兴通讯股份有限公司 | Malicious attack detection method, terminal, and computer storage medium |
| CN108494735A (en) * | 2018-02-13 | 2018-09-04 | 北京明朝万达科技股份有限公司 | It is a kind of illegally to crack login analysis alarm method and device |
| CN109743325A (en) * | 2019-01-11 | 2019-05-10 | 北京中睿天下信息技术有限公司 | A kind of Brute Force attack detection method, system, equipment and storage medium |
| CN112688930A (en) * | 2020-12-18 | 2021-04-20 | 深圳前海微众银行股份有限公司 | Brute force cracking detection method, system, equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114172831A (en) | 2022-03-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109831461B (en) | Distributed denial of service (DDoS) attack defense method and device | |
| CN107046468B (en) | Physical layer authentication threshold determination method and system | |
| US11671402B2 (en) | Service resource scheduling method and apparatus | |
| CN108173812B (en) | Method, device, storage medium and equipment for preventing network attack | |
| CN105142146B (en) | Authentication method, device and system for WIFI hotspot access | |
| EP3281462B1 (en) | Methods, wireless communication device and radio network node for managing paging | |
| WO2020088598A1 (en) | Method and device for determining category information | |
| WO2015018303A1 (en) | Method and device for detecting distributed denial of service attack | |
| US20150131445A1 (en) | Similarity matching method and related device and communication system | |
| CN106790299B (en) | Wireless attack defense method and device applied to wireless Access Point (AP) | |
| CN114172831B (en) | Brute force cracking method, system, computer and storage medium | |
| CN111314328A (en) | Network attack protection method and device, storage medium and electronic equipment | |
| CN110958245B (en) | Attack detection method, device, equipment and storage medium | |
| EP4293550A1 (en) | Traffic processing method and protection system | |
| CN111355817B (en) | Domain name resolution method, device, security server and medium | |
| CN110022319B (en) | Attack data security isolation method and device, computer equipment and storage equipment | |
| CN113765846A (en) | Intelligent detection and response method and device for network abnormal behavior and electronic equipment | |
| WO2012113245A1 (en) | Service access method, device, and system | |
| CN113660260B (en) | Message detection method, system, computer equipment and readable storage medium | |
| CN110198294B (en) | Security attack detection method and device | |
| CN115567243A (en) | Switch monitoring method based on keywords | |
| CN115633359A (en) | PFCP session security detection method, device, electronic equipment and storage medium | |
| Lu et al. | Traffic-driven intrusion detection for massive MTC towards 5G networks | |
| CN114024838A (en) | Log processing method and device and electronic equipment | |
| CN107948331B (en) | Big data information processing method and system and information collection equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |