Method and device for detecting network attack

An attack detection and network attack technology, applied in the Internet field, can solve the problems of unproposed solutions, reduce the accuracy and effectiveness of WEB attack detection, and not take into account the immune function of webserver, so as to improve the accuracy and effectiveness, and solve the problems less accurate effect

Inactive Publication Date: 2017-08-15
ALIBABA GRP HLDG LTD
View PDF7 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] However, the above-mentioned method of legality detection only for traffic in the direction of the HTTP request has the following defects: this solution can only unilaterally determine whether the HTTP request contains attack information, and does not consider the response of the attacked object webserver. In other words, the solution does not take into account whether the webserver is inherently immune to these attacks
Therefore, this attack detection method is likely to lead to a large number of attack alerts or interceptions, and most of these alerted or intercepted attacks are invalid attacks, thereby reducing the accuracy and effectiveness of WEB attack detection
[0010] For the above problems, no effective solution has been proposed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting network attack
  • Method and device for detecting network attack
  • Method and device for detecting network attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0037] According to an embodiment of the present invention, a method embodiment of a method for detecting a network attack is also provided. It should be noted that the steps shown in the flowcharts of the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions , and, although a logical order is shown in the flowcharts, in some cases the steps shown or described may be performed in an order different from that shown or described herein.

[0038] The method embodiment provided in Embodiment 1 of the present application may be executed in a mobile terminal, a computer terminal, or a similar computing device. Take running on a computer terminal as an example, figure 1 It is a block diagram of the hardware structure of a computer terminal of a network attack detection method according to an embodiment of the present invention. Such as figure 1 As shown, the computer terminal 10 may include one or more (only one is shown in the f...

Embodiment 2

[0089] According to an embodiment of the present invention, a structural block diagram of a detection device for implementing the above-mentioned network attack is also provided. The intermediate bridge between the end and the receiving end is similar in nature to an agent, and the device can be located in the terminal or, of course, in the server. Such as Figure 4 As shown, the device includes: a receiving module 10, configured to receive a network request from the sending end; an obtaining module 20, configured to forward the network request to the The receiving end obtains a network response corresponding to the network request; the processing module 30 is configured to detect the network response by using a set of attack detection rules, and select a processing method for the network response according to the detection result.

[0090] By using the attack detection rule set to perform two-way network attack detection on the network request received from the sender and th...

Embodiment 3

[0101] Embodiments of the present invention may provide a computer terminal, and the computer terminal may be any computer terminal device in a group of computer terminals. Optionally, in this embodiment, the foregoing computer terminal may also be replaced with a terminal device such as a mobile terminal.

[0102] Optionally, in this embodiment, the foregoing computer terminal may be located in at least one network device among multiple network devices of the computer network.

[0103] Optionally, Image 6 It is a structural block diagram of a computer terminal according to an embodiment of the present invention. Such as Image 6 As shown, the computer terminal may include: one or more (only one is shown in the figure) processors and memory.

[0104] Among them, the memory can be used to store software programs and modules, such as the program instructions / modules and attack detection rule sets corresponding to the network attack detection method and device in the embodime...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and device for detecting network attacks. The method comprises the following steps: receiving a network request from a sender; when determining that the type of the network request is an attack request by adopting an attack detection rule set, forwarding the network request to a receiver, and acquiring a network response corresponding to the network request; and detecting the network response by adopting the attack detection rule set, and selecting a processing mode of the network response according to a detection result. By adopting the method and device disclosed by the invention, the technical problem that a one-way network attack detection method adopted in related technologies is relatively low in accuracy can be solved.

Description

technical field [0001] The invention relates to the field of the Internet, in particular to a method and device for detecting network attacks. Background technique [0002] World Wide Web (WEB) attack refers to the use of Hypertext Transfer Protocol (HTTP) to send maliciously constructed HTTP requests to "deceive" the World Wide Web server (webserver) to deviate from the normal execution logic. [0003] WEB attack is the most common HTTP request on the Internet. Almost all websites suffer from different degrees of WEB attacks every day, but this does not mean that all WEB attacks will be successful. The reason is that whether a WEB attack can be successful depends on Whether there are corresponding defects or loopholes in the web server. For example: For a webserver that is only responsible for returning static pages (Hypertext Markup Language (HTML) pages, images, etc.) and does not use any database technology, any Structured Query Language (SQL) injection attack will obvi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416
Inventor 张峰
Owner ALIBABA GRP HLDG LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap