Method and system for detecting credential stuffing attacks

A network access and path technology, applied in the field of network security, can solve problems such as user loss, achieve the effect of improving security and avoiding adverse consequences

Active Publication Date: 2017-09-19
SANGFOR TECH INC
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, ordinary users are not aware of this, and there is no correct method and way to know whether their user information has been leaked. Enterprises are helpless in the face of this kind of credential stuffing attack. Once the attacker successfully logs in through the credential stuffing attack The user system can be attacked with higher authority, causing huge losses to the user

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for detecting credential stuffing attacks
  • Method and system for detecting credential stuffing attacks
  • Method and system for detecting credential stuffing attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0034] Such as figure 1 As shown, the present invention provides a method for detecting credential stuffing attacks, the method comprising the following steps:

[0035] S11: The server receives the user's network access request and parses it to determine the source IP, destination IP, login attribute information and user information of the network access request. The user information includes user account number and password, and the login attribute information is the login that the network access request parses out path. Specifically, the network access request includes an HTTP request or an HTTPS request. If it is an HTTPS request, the client needs to preset a decryption certificate for the HTTPS request in the system to support the HTTPS decryption operation.

[0036] S12: The user configures a preset login path and a threshold of login times by himself. Specifically, the user can configure the preset login path by himself according to the configuration strategy, so that ...

Embodiment 2

[0045] Such as figure 2 As shown, the present invention provides another method for detecting credential stuffing attacks, which method includes the following steps:

[0046] S21: The server receives the user's network access request and parses it to determine the source IP, destination IP, login attribute information and user information of the network access request. The user information includes user account number and password, and the login attribute information is the login that the network access request resolves. The format of the path. Specifically, the network access request includes an HTTP request or an HTTPS request. If it is an HTTPS request, the client needs to preset a decryption certificate for the HTTPS request in the system to support the HTTPS decryption operation.

[0047] S22: By default, the system has built-in preset formats for identifying login paths and thresholds for login times. Specifically, the user does not need to configure the default login...

Embodiment 3

[0054] Such as image 3 As shown, the present invention also provides a system for detecting credential stuffing attacks, which includes:

[0055] The protocol analysis module 10 is used to receive and analyze the user's network access request to determine the source IP, destination IP, login attribute information and user information of the network access request. The user information includes user account number and password. Specifically, the network access request includes an HTTP request or an HTTPS request. If it is an HTTPS request, the client needs to preset a decryption certificate for the HTTPS request in the system to support the HTTPS decryption operation. Understandably, the login attribute information may be a login path or a format of a login path.

[0056] The user configuration module 20 can be used to configure the preset login path and the threshold of login times; the default format and the threshold of login times for identifying the login path can also b...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and system for detecting credential stuffing attacks. The method includes the following steps: receiving and analyzing a user's network access request to determine its source IP, destination IP, login attribute information and user information; configuring a preset login path and The threshold of login times, or the preset format and login times threshold of the system's default built-in identification of the login path; according to the destination IP and login attribute information, the preset login path or the preset format of the login path to identify whether to perform a login operation, and if so, record it Source IP, destination IP, and user information; count the number of logins received by the server with the same destination IP within the preset time with the same source IP but different user information, and determine whether the number of logins reaches the threshold of login times, and if so, it is considered a credential library Attack behavior; if not, it is considered as a normal access behavior. The invention can realize the monitoring of credential stuffing attack behavior, so as to improve the security of user information and avoid adverse consequences caused by leakage of user information.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and system for detecting credential stuffing attacks. Background technique [0002] At present, most of the websites that allow users to post speeches require users to register before posting speeches. This user registration mechanism is helpful for enterprises to manage users, such as monitoring the remarks and information shared by users; it is also beneficial for users to communicate with users. When users register on many websites, in order to facilitate memory, they often do not use different user accounts and passwords for each website, but usually only use 1 to 3 sets of user accounts and passwords. This situation often leads to serious security problems. When a website user information (including user account number and password) is leaked, the attacker may use the leaked user information to try to log in to other websites, and obtain correct authentica...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L9/32
Inventor 曾加良
Owner SANGFOR TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap