Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Base collision attack detecting method and system

A network access and path technology, applied in the field of network security, can solve problems such as user losses, achieve the effect of improving security and avoiding adverse consequences

Active Publication Date: 2015-07-29
SANGFOR TECH INC
View PDF5 Cites 42 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, ordinary users are not aware of this, and there is no correct method and way to know whether their user information has been leaked. Enterprises are helpless in the face of this kind of credential stuffing attack. Once the attacker successfully logs in through the credential stuffing attack The user system can be attacked with higher authority, causing huge losses to the user

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Base collision attack detecting method and system
  • Base collision attack detecting method and system
  • Base collision attack detecting method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0035] Such as figure 1 As shown, the present invention provides a method for detecting credential stuffing attacks, the method comprising the following steps:

[0036] S11: The server receives the user's network access request and parses it to determine the source IP, destination IP, login attribute information and user information of the network access request. The user information includes user account number and password, and the login attribute information is the login that the network access request parses out path. Specifically, the network access request includes an HTTP request or an HTTPS request. If it is an HTTPS request, the client needs to preset a decryption certificate for the HTTPS request in the system to support the HTTPS decryption operation.

[0037] S12: The user configures a preset login path and a threshold of login times by himself. Specifically, the user can configure the preset login path by himself according to the configuration strategy, so that ...

Embodiment 2

[0046] Such as figure 2 As shown, the present invention provides another method for detecting credential stuffing attacks, which method includes the following steps:

[0047] S21: The server receives the user's network access request and parses it to determine the source IP, destination IP, login attribute information and user information of the network access request. The user information includes user account number and password, and the login attribute information is the login that the network access request resolves. The format of the path. Specifically, the network access request includes an HTTP request or an HTTPS request. If it is an HTTPS request, the client needs to preset a decryption certificate for the HTTPS request in the system to support the HTTPS decryption operation.

[0048] S22: By default, the system has built-in preset formats for identifying login paths and thresholds for login times. Specifically, the user does not need to configure the default login...

Embodiment 3

[0055] Such as image 3 As shown, the present invention also provides a system for detecting credential stuffing attacks, which includes:

[0056] The protocol analysis module 10 is used to receive and analyze the user's network access request to determine the source IP, destination IP, login attribute information and user information of the network access request. The user information includes user account number and password. Specifically, the network access request includes an HTTP request or an HTTPS request. If it is an HTTPS request, the client needs to preset a decryption certificate for the HTTPS request in the system to support the HTTPS decryption operation. Understandably, the login attribute information may be a login path or a format of a login path.

[0057] The user configuration module 20 can be used to configure the preset login path and the threshold of login times; the default format and the threshold of login times for identifying the login path can also b...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a base collision attack detecting method and system. The method includes the following steps: receiving a network access request of a user and analyzing the network access request to determine an source IP, a target IP, login attribute information and user information; configuring a preset login route and a login times threshold or preset format and a login times threshold of a system default built-in login route; conducting identification to determine whether to conduct login operation according to the target IP, the login attribute information and the preset format of the preset login route or the login route, on yes judgment, recording the source IP, the target IP and user information; recording the times of login that servers of the same target IP receives identical source IP but different user information in the preset time, judging if the times of login reach the login times threshold, on yes judgment, assuming the base collision attack behavior, on no judgment, assuming normal access behavior. The method and system can monitor the base collision attack behavior to improve user information safety and avoid poor result caused by user information leakage.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and system for detecting credential stuffing attacks. Background technique [0002] At present, most of the websites that allow users to post speeches require users to register before posting speeches. This user registration mechanism is helpful for enterprises to manage users, such as monitoring the remarks and information shared by users; it is also beneficial for users to communicate with users. When users register on many websites, in order to facilitate memory, they often do not use different user accounts and passwords for each website, but usually only use 1 to 3 sets of user accounts and passwords. This situation often leads to serious security problems. When a website user information (including user account number and password) is leaked, the attacker may use the leaked user information to try to log in to other websites, and obtain correct authentica...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L9/32
Inventor 曾加良
Owner SANGFOR TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products