CN111478892A - Attacker portrait multi-dimensional analysis method based on browser fingerprints - Google Patents
Attacker portrait multi-dimensional analysis method based on browser fingerprints Download PDFInfo
- Publication number
- CN111478892A CN111478892A CN202010254790.1A CN202010254790A CN111478892A CN 111478892 A CN111478892 A CN 111478892A CN 202010254790 A CN202010254790 A CN 202010254790A CN 111478892 A CN111478892 A CN 111478892A
- Authority
- CN
- China
- Prior art keywords
- attacker
- browser
- fingerprint
- information
- dimension
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 24
- 238000004141 dimensional analysis Methods 0.000 title description 2
- 238000004458 analytical method Methods 0.000 claims abstract description 21
- 230000007123 defense Effects 0.000 abstract description 3
- 230000005540 biological transmission Effects 0.000 abstract description 2
- 230000008859 change Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 238000003384 imaging method Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 241000287828 Gallus gallus Species 0.000 description 1
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000004140 cleaning Methods 0.000 description 1
- 235000014510 cooky Nutrition 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012358 sourcing Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Collating Specific Patterns (AREA)
Abstract
The invention discloses an attacker portrait multidimensional analysis method based on browser fingerprints, and relates to the technical field of digital information transmission with a protocol as a characteristic. The method comprises the following steps: s1, acquiring IP information of an attacker as a first dimension of an attacker identifier; s2, acquiring browser fingerprint information of an attacker as a second dimension of the attacker identification; s3, the browser generates a uuid identity fingerprint as a third dimension of the attacker identification; and S4, portraying the attacker based on the first dimension, the second dimension and the third dimension. The invention combines IP, browser fingerprint and uuid identity fingerprint to perform multidimensional analysis on the attacker portrait, can perform summary analysis on the attackers with multiple IPs and multiple browsers, and provides a basis for the next defense.
Description
Technical Field
The invention relates to the technical field of transmission of digital information with a protocol as a characteristic, in particular to an attacker portrait multidimensional analysis method based on browser fingerprints.
Background
The browser fingerprint refers to various information of the browser, such as system font, screen resolution, browser plug-in and the like. By means of browser fingerprints, a user can be located without techniques such as cookies.
The attacker portrait is divided into a local portrait and a network behavior portrait, wherein the local portrait mainly reflects the characteristics of a machine used by the attacker and the physical characteristics of hardware, and the network portrait tries to acquire a data information set related to the attacker through clues left by the network attacker in the process of crime implementation, wherein the data information set comprises an attack technique, an attack preference, a used hacker tool, a crime background, a purpose to be achieved and the like. By portraying the attacker, the attack purpose, the attack thought, the attack technology and tactical combination and the like of the attacker can be further guessed, and the defense capability is improved.
Most current research into attacker sourcing has focused on locating and tracking the attacker's IP.
Chinese invention CN109873811A, "a network security protection method based on attack IP portrait and a network security protection system thereof", provides a network security protection method based on attack IP portrait and a network security protection system thereof, wherein the network security protection method comprises: processing the acquired historical attack traffic data record generated by the network security system to generate attack IP portraits, wherein each attack IP portraits comprises a threat degree of a corresponding attack IP, and the threat degree of the attack IP is generated based on the activity of each attack IP, the attack packet rate and the attack traffic rate. Responding to the detection of the attack flow by the network security system, and matching an attack IP portrait corresponding to the attack flow; and responding to the fact that the threat degree in the attack IP image corresponding to the attack flow is larger than a preset threshold value, and performing protection processing on the attack flow. Therefore, corresponding protective measures are taken based on the threat degree grade in the attack IP portrait, the efficiency is high, and the pertinence is strong.
However, it is not surprising that an attacker owns multiple IPs, such as VPN, broiler chicken, etc., and multiple attack source IPs mislead a security officer to analyze behavior information of the attacker by mistake, so that a real attacker cannot take a picture.
The invention discloses a method and a device for intercepting a malicious Web access request, and provides a method and a device for intercepting a malicious Web access request, which is disclosed by China with the bulletin number of CN 107426181B. The method comprises the following steps: receiving a Web access request; judging whether the Web access request carries a Token access Token or not; if the Token access Token is not carried, acquiring browser fingerprint information, and generating a fingerprint information code according to the browser fingerprint information; verifying the validity of the fingerprint information code; and if the validity check of the fingerprint information code fails, determining that the Web access request is a malicious Web access request, and intercepting the Web access request. The method and the device can accurately and quickly determine the illegal access request, implement interception, effectively identify the IP deception behavior and cannot cause mistaken killing.
The method intercepts the malicious Web access request based on the Token access Token and the browser fingerprint. However, different browsers possess different browser fingerprints, and for an attacker using multiple browsers on a single host, the traceability of the browser fingerprints does not provide a complete picture of the attacker.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a browser fingerprint-based attacker portrait multidimensional analysis method for portrait by combining IP, browser fingerprint and identity fingerprint.
In order to solve the problems, the technical scheme of the invention is as follows:
an attacker portrait multidimensional analysis method based on browser fingerprints comprises the following steps:
s1, acquiring IP information of an attacker as a first dimension of an attacker identifier;
s2, acquiring browser fingerprint information of an attacker as a second dimension of the attacker identification;
s3, the browser generates a uuid identity fingerprint as a third dimension of the attacker identification;
and S4, portraying the attacker based on the first dimension, the second dimension and the third dimension.
Further, in step S1, the browser sends data to the honeypot collection interface, and acquires the IP information of the attacker through the interface.
Further, in step S2, the browser fingerprint information of the attacker is obtained in the browser through JavaScript.
Further, in step S2, the browser fingerprint information includes Canvas fingerprint information.
Further, in step S2, the browser fingerprint information includes AudioContext fingerprint information.
Further, in the step S2, the browser fingerprint information includes a hardware type, an operating system, a User-Agent, a system font, a system language, a screen resolution, and system time zone information.
Further, in step S3, the uuid identity fingerprint is generated for the browser by JavaScript, and is stored in localStorage.
Further, in step S4, the attacker profile information includes the IP of the attacker, browser information and identity fingerprint.
Further, the method also comprises a step S5 of analyzing the behavior of the attacker.
Compared with the prior art, the invention has the following beneficial effects:
1. the invention adopts the mode of attack source IP plus browser fingerprint to portray the attacker, and can also portray the attacker who replaces the IP or uses a plurality of browsers;
2. the invention also adopts the unique uuid identity fingerprint to carry out the drawing of the attacker, and corrects the change of the fingerprint of the browser caused by the slight data change of the browser in the process of data analysis;
3. after the IP, the browser fingerprint and the identity fingerprint are adopted to portray the attacker, the purpose of further analyzing the attacker can be achieved, and the next defense is facilitated;
4. the method adopts the IP, the browser fingerprint and the identity fingerprint to portray the attacker, and treats a plurality of IPs or a plurality of browsers as the same person during analysis, so that the analyzable data is increased, and the analysis effect is better;
5. the browser fingerprint adopts Canvas fingerprint information, and the identification accuracy can reach more than 99%.
Drawings
The following describes embodiments of the present invention in further detail with reference to the accompanying drawings.
FIG. 1 is a schematic flow diagram of the present invention;
FIG. 2 is a schematic diagram of an attacker;
fig. 3 is a schematic diagram of the behavior of an attacker according to the present invention.
Detailed Description
In order to make the technical means, the original characteristics, the achieved purpose and the efficacy of the invention easy to understand, the invention is further described with reference to the specific drawings.
Example (b):
fig. 1-3 show a browser fingerprint-based attacker portrait multidimensional analysis method, which includes the following steps:
s1, acquiring IP information of an attacker as a first dimension of an attacker identifier;
s2, acquiring browser fingerprint information of an attacker as a second dimension of the attacker identification;
s3, the browser generates a uuid identity fingerprint as a third dimension of the attacker identification;
s4, portraying the attacker based on the first dimension, the second dimension and the third dimension;
and S5, analyzing the behavior of the attacker.
In step S1, the browser sends the data to the honeypot collection interface, and acquires the IP information of the attacker through the interface.
In step S2, browser fingerprint information of the attacker is obtained in the browser through JavaScript, where the browser fingerprint information includes a hardware type, an operating system, a User-Agent, a system font, a system language, a screen resolution and a system time zone, Canvas fingerprint information, and AudioContext fingerprint information.
In step S3, the uuid identity fingerprint is generated for the browser by JavaScript, and stored in localStorage.
In step S4, the attacker profile information includes the attacker' S IP, browser information, and identification fingerprint.
The browser information and the browser fingerprints are in one-to-one correspondence, and each fingerprint can see specific information of the browser.
FIG. 1 shows the flow of attacker profiling:
an attacker attacks the web honeypot system;
acquiring detailed information of the browser through JavaScript and generating a browser fingerprint and a uuid identity fingerprint;
the web honeypot system acquires the IP, attack data and fingerprint information of an attacker;
the data acquisition system records and stores some attack behavior data, sample data and the like of an attacker;
imaging the attacker based on the attacker IP, the browser fingerprint information and the uuid identity fingerprint;
the behavior of the attacker is analyzed.
The IP and fingerprint information acquisition process comprises the following steps:
the browser accesses the honeypot: JavaScript acquires information of a browser and generates a browser fingerprint and an identity fingerprint;
sending data to the honeypot: all collected data are sent to a WEB honeypot monitoring program in an Ajax mode through JavaScript;
the honeypot obtains data information: the request IP is parsed and two fingerprint information are obtained.
And obtaining an IP: the browser sends data to the honeypot collection interface, and IP data of the attacker can be obtained through the interface, such as PHP language: and $ SERVER [ 'REMOTE _ ADDR' ], Nginx access log, and the like, the position information can be acquired from the IP information.
Acquiring browser fingerprint information:
operating the system: navigator. platform;
User-Agent:navigator.userAgent;
CPU information: navigator. cpuClass, navigator. hardwareConcurrenty;
system language: navigator. language;
screen resolution: screen, window;
system time zone: new Date (), getTimezoneOffset ();
browser color quality: window.
Sound card information: audio context;
audiocontext, destination, samplerate, etc.;
canvas fingerprint information: the browser can draw a blank drawing board in a hidden mode and fill some basic data, drawing results of the picture are slightly different on different machines, each machine can convert data into the image and can be different from the image according to factors such as resolution, pixel points and the like of a screen, the difference is difficult to distinguish by naked eyes, the machine can recognize the difference, if the data are converted into the image, the drawn image is the same, drawing content is obtained, the method returns base64 coded character strings of the picture content, the last block is 32-bit CRC, and the CRC is extracted and can be used for unique identification of a user. The following is a sample code:
var canvas=document.createElement('canvas');
var ctx=canvas.getContext('2d');
var txt='123456';
ctx.textBaseline="top";
ctx.font="14px'Arial'";
ctx.textBaseline="111";
ctx.fillStyle="#f60";
ctx.fillRect(125,1,62,20);
ctx.fillStyle="#069";
ctx.fillText(txt,2,15);
ctx.fillStyle="rgba(102,204,0,0.7)";
ctx.fillText(txt,4,17);
var b64=canvas.toDataURL().replace("data:image/png;base64,","");
var bin=atob(b64);
var crc=bin2hex(bin.slice(-16,-12));
console.log(crc);
and when the Canvas fingerprint is added, the uniqueness of the device fingerprint can reach more than 99 percent and even reach 99.9 percent.
Acquiring the identity fingerprint: checking if the identity fingerprint already exists, if not, the browser generates a unique identity fingerprint by using a uuid algorithm, and the unique identity fingerprint is stored in the attacker machine.
In the data acquisition system, the data collected by the data acquisition server are independent and have no correlation with each other. The attacker IP may own multiple or be forged, such as using VPN or constantly redialing to obtain new IP, etc., which may require additional information to aggregate the data.
Generally, the machine change of a user is not too frequent, each piece of attack data can be distinguished according to the Canvas fingerprint, and if data of multiple IPs have the same fingerprint, the attack data of the IPs are all from the same machine. Thus, multiple IPs can be classified as an attacker using a Canvas fingerprint.
The browser Canvas fingerprint also has some influence factors, such as browser language, CPU information of a system where the browser is located, device screen replacement, multiple display cards and the like, and if the information changes, the browser Canvas fingerprint changes, and meanwhile attack data is disordered.
The identity fingerprint is stored in the machine, the fingerprint is unique, and it can be confirmed that each time an attacker generates one attack data, the attacker carries an identity (if the attacker does not perform file cleaning on the system and the like, the fingerprint always exists in the same browser), and based on the fact, the attack data generated in the two dimensions can be aggregated more effectively.
Finally, the aggregation can be completed for all the attack data generated by an attacker, and then the attacker is subjected to portrayal and analysis.
The above process of imaging an attacker based on three dimensions is shown in fig. 2:
the attacker is performed on the collected data with the information of (2.2.2.2, browser _ id _10, identity _ id _10), (1.1.1.1, browser _ id _1, identity _ id _1), (1.1.1.2, browser _ id _2, identity _ id _2), (1.1.1.2, browser _ id _3, identity _ id _1), (1.1.1.1.2, browser _ id _3, identity _ id _1), (1.1.1.3, browser _ id _3, identity _ id _1), wherein 2.2.2 represents IP, browser _ id represents browser fingerprint information, and identity _ id represents identity fingerprint information.
Wherein, (2.2.2.2, browser _ id _10, identity _ id _10) is the attacker _ 1.
The attacker, attacker _2, is classified based on the same identity fingerprint identity _ id _1 and the same ip address 1.1.1.2.
As shown in fig. 3, after the attacker is portrayed, the behavior analysis can be performed on the attack data of the attacker.
The attacker, attester _1, is constantly scanning for port 22 ssh and attempting to log on.
The attacker _2 tries to change the IP and the equipment for access during the period of trying to log in the background and searching for a bug, finally finds out a hidden log-in address and executes a server script command.
It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, and that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the appended claims. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (9)
1. The browser fingerprint-based attacker portrait multidimensional analysis method is characterized by comprising the following steps of:
s1, acquiring IP information of an attacker as a first dimension of an attacker identifier;
s2, acquiring browser fingerprint information of an attacker as a second dimension of the attacker identification;
s3, the browser generates a uuid identity fingerprint as a third dimension of the attacker identification;
and S4, portraying the attacker based on the first dimension, the second dimension and the third dimension.
2. The browser fingerprint-based attacker portrait multidimensional analysis method according to claim 1, wherein in the step S1, the browser sends data to a honeypot collection interface, and acquires the IP information of the attacker through the interface.
3. The browser fingerprint-based attacker portrait multidimensional analysis method according to claim 1, wherein in the step S2, browser fingerprint information of the attacker is obtained in the browser through JavaScript.
4. The method for multidimensional browser fingerprint-based attacker representation analysis according to claim 1, wherein in the step S2, the browser fingerprint information comprises Canvas fingerprint information.
5. The method for multidimensional analysis of attacker portrait based on browser fingerprint as recited in claim 1, wherein in step S2, the browser fingerprint information comprises AudioContext fingerprint information.
6. The method for multidimensional analysis of attacker portrait based on browser fingerprint as recited in claim 1, wherein in the step S2, the browser fingerprint information includes hardware type, operating system, User-Agent, system font, system language, screen resolution and system time zone information.
7. The method for multidimensional analysis of attacker portrait based on browser fingerprint as recited in claim 1, wherein in step S3, uuid identity fingerprint is generated for the browser by JavaScript and stored in localStorage.
8. The browser fingerprint-based attacker portrait multidimensional analysis method according to claim 1, wherein in the step S4, the attacker portrait information comprises an IP of the attacker, browser information and identity fingerprint.
9. The browser fingerprint-based attacker portrait multidimensional analysis method according to claim 1, further comprising a step S5. performing behavior analysis on the attacker.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010254790.1A CN111478892A (en) | 2020-04-02 | 2020-04-02 | Attacker portrait multi-dimensional analysis method based on browser fingerprints |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010254790.1A CN111478892A (en) | 2020-04-02 | 2020-04-02 | Attacker portrait multi-dimensional analysis method based on browser fingerprints |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111478892A true CN111478892A (en) | 2020-07-31 |
Family
ID=71749866
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010254790.1A Pending CN111478892A (en) | 2020-04-02 | 2020-04-02 | Attacker portrait multi-dimensional analysis method based on browser fingerprints |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111478892A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112565226A (en) * | 2020-11-27 | 2021-03-26 | 深信服科技股份有限公司 | Request processing method, device, equipment and system and user portrait generation method |
| CN113098865A (en) * | 2021-03-31 | 2021-07-09 | 广州锦行网络科技有限公司 | Browser fingerprint acquisition method and device, electronic equipment and storage medium |
| CN113992435A (en) * | 2021-12-27 | 2022-01-28 | 北京微步在线科技有限公司 | Attack detection tracing method, device and system |
| CN114205161A (en) * | 2021-12-13 | 2022-03-18 | 北京影安电子科技有限公司 | Network attacker discovering and tracking method |
| CN115134139A (en) * | 2022-06-27 | 2022-09-30 | 中国工商银行股份有限公司 | Network attack processing method and device |
| CN115664855A (en) * | 2022-12-22 | 2023-01-31 | 北京市大数据中心 | Network attack defense method, electronic equipment and computer readable medium |
| CN116167800A (en) * | 2021-11-22 | 2023-05-26 | 百融云创科技股份有限公司 | Advertisement recommendation method and device, electronic device and storage medium |
| CN119603029A (en) * | 2024-11-28 | 2025-03-11 | 武汉船舶通信研究所(中国船舶集团有限公司第七二二研究所) | A network attack behavior detection method based on fingerprint, and computer equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107239491A (en) * | 2017-04-25 | 2017-10-10 | 广州阿里巴巴文学信息技术有限公司 | For realizing method, equipment, browser and electronic equipment that user behavior is followed the trail of |
| CN107509200A (en) * | 2017-09-30 | 2017-12-22 | 北京奇虎科技有限公司 | Equipment localization method and device based on wireless network invasion |
| CN107612924A (en) * | 2017-09-30 | 2018-01-19 | 北京奇虎科技有限公司 | Attacker's localization method and device based on wireless network invasion |
| US10158657B1 (en) * | 2015-08-06 | 2018-12-18 | Microsoft Technology Licensing Llc | Rating IP addresses based on interactions between users and an online service |
| CN109104456A (en) * | 2018-06-07 | 2018-12-28 | 北京本邦科技股份有限公司 | A kind of user tracking based on browser fingerprint and propagating statistics analysis method |
-
2020
- 2020-04-02 CN CN202010254790.1A patent/CN111478892A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10158657B1 (en) * | 2015-08-06 | 2018-12-18 | Microsoft Technology Licensing Llc | Rating IP addresses based on interactions between users and an online service |
| CN107239491A (en) * | 2017-04-25 | 2017-10-10 | 广州阿里巴巴文学信息技术有限公司 | For realizing method, equipment, browser and electronic equipment that user behavior is followed the trail of |
| CN107509200A (en) * | 2017-09-30 | 2017-12-22 | 北京奇虎科技有限公司 | Equipment localization method and device based on wireless network invasion |
| CN107612924A (en) * | 2017-09-30 | 2018-01-19 | 北京奇虎科技有限公司 | Attacker's localization method and device based on wireless network invasion |
| CN109104456A (en) * | 2018-06-07 | 2018-12-28 | 北京本邦科技股份有限公司 | A kind of user tracking based on browser fingerprint and propagating statistics analysis method |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112565226A (en) * | 2020-11-27 | 2021-03-26 | 深信服科技股份有限公司 | Request processing method, device, equipment and system and user portrait generation method |
| CN113098865A (en) * | 2021-03-31 | 2021-07-09 | 广州锦行网络科技有限公司 | Browser fingerprint acquisition method and device, electronic equipment and storage medium |
| CN116167800A (en) * | 2021-11-22 | 2023-05-26 | 百融云创科技股份有限公司 | Advertisement recommendation method and device, electronic device and storage medium |
| CN114205161A (en) * | 2021-12-13 | 2022-03-18 | 北京影安电子科技有限公司 | Network attacker discovering and tracking method |
| CN114205161B (en) * | 2021-12-13 | 2024-03-29 | 北京影安电子科技有限公司 | Network attacker discovery and tracking method |
| CN113992435A (en) * | 2021-12-27 | 2022-01-28 | 北京微步在线科技有限公司 | Attack detection tracing method, device and system |
| CN115134139A (en) * | 2022-06-27 | 2022-09-30 | 中国工商银行股份有限公司 | Network attack processing method and device |
| CN115664855A (en) * | 2022-12-22 | 2023-01-31 | 北京市大数据中心 | Network attack defense method, electronic equipment and computer readable medium |
| CN119603029A (en) * | 2024-11-28 | 2025-03-11 | 武汉船舶通信研究所(中国船舶集团有限公司第七二二研究所) | A network attack behavior detection method based on fingerprint, and computer equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111478892A (en) | Attacker portrait multi-dimensional analysis method based on browser fingerprints | |
| CN111818103B (en) | Traffic-based tracing attack path method in network target range | |
| US9451036B2 (en) | Method and apparatus for fingerprinting systems and operating systems in a network | |
| Najafabadi et al. | User behavior anomaly detection for application layer ddos attacks | |
| Paxson et al. | Practical comprehensive bounds on surreptitious communication over {DNS} | |
| US20160063541A1 (en) | Method for detecting brand counterfeit websites based on webpage icon matching | |
| CN112929390B (en) | Network intelligent monitoring method based on multi-strategy fusion | |
| CN102880830B (en) | A kind of acquisition method of original test data and device | |
| CN111865925A (en) | Network traffic based fraud group identification method, controller and medium | |
| Grill et al. | Malware detection using http user-agent discrepancy identification | |
| US20220141252A1 (en) | System and method for data filtering in machine learning model to detect impersonation attacks | |
| CN110611640A (en) | DNS protocol hidden channel detection method based on random forest | |
| CN110650156B (en) | Method and device for clustering relationships of network entities and method for identifying network events | |
| CN105635064B (en) | CSRF attack detection method and device | |
| CN109257393A (en) | XSS attack defence method and device based on machine learning | |
| CN116015800B (en) | Scanner identification method, device, electronic device and storage medium | |
| CN106911665B (en) | Method and system for identifying malicious code weak password intrusion behavior | |
| CN106790073B (en) | Blocking method and device for malicious attack of Web server and firewall | |
| CN117354024A (en) | DNS malicious domain name detection system and method based on big data | |
| Koukis et al. | On the privacy risks of publishing anonymized IP network traces | |
| CN117040779A (en) | Network abnormal access information acquisition method and device | |
| JP7131704B2 (en) | Extraction device, extraction method and extraction program | |
| CN114124892A (en) | A method for automatic detection of malicious domain names in cyberspace | |
| Nie et al. | Intrusion detection using a graphical fingerprint model | |
| Tellenbach | Detection, classification and visualization of anomalies using generalized entropy metrics |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200731 |
|
| RJ01 | Rejection of invention patent application after publication |