CN113760664B - Two-stage threshold attack detection method, computer and storage medium - Google Patents
Two-stage threshold attack detection method, computer and storage medium Download PDFInfo
- Publication number
- CN113760664B CN113760664B CN202111060878.0A CN202111060878A CN113760664B CN 113760664 B CN113760664 B CN 113760664B CN 202111060878 A CN202111060878 A CN 202111060878A CN 113760664 B CN113760664 B CN 113760664B
- Authority
- CN
- China
- Prior art keywords
- threshold
- node
- level
- access
- nodes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/3037—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a memory, e.g. virtual memory, cache
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3438—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment monitoring of user actions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2201/00—Indexing scheme relating to error detection, to error correction, and to monitoring
- G06F2201/805—Real-time
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2201/00—Indexing scheme relating to error detection, to error correction, and to monitoring
- G06F2201/81—Threshold
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2201/00—Indexing scheme relating to error detection, to error correction, and to monitoring
- G06F2201/885—Monitoring specific for caches
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Quality & Reliability (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Mathematical Physics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a two-stage threshold attack detection method, a computer and a storage medium, and belongs to the technical field of intelligent detection. A two-stage threshold attack detection method based on I-stage and II-stage comprises the steps of firstly reconstructing a pattern matching algorithm automaton, selecting all nodes with the layer being more than or equal to 4, increasing the number of times of access t and increasing a level I threshold L for each selected node 1 And a level II threshold L 2 Then executing the next step, secondly, receiving the data T to be matched by the automaton, and enabling the I-level threshold value L 1 Threshold node ratio p 1 And a level II threshold L 2 Threshold node ratio p 2 Setting the pointer to be 0, matching the first character of the pointer pointing to T, executing the next step, and finally counting the number of node accesses; judging whether the number of node accesses exceeds an I-level threshold value L or not 1 And a level II threshold L 2 Threshold node ratio p 1 And node ratio p 2 If the number of accesses exceeds the threshold, the determination is made as an attack. The technical problem that the DPI system cannot recognize the attack data received by the DPI system in the prior art is solved.
Description
Technical Field
The application relates to an attack detection method, in particular to a two-stage threshold attack detection method, a computer and a storage medium, and belongs to the technical field of intelligent detection.
Background
DDoS attacks are the most common and greatly influenced network security threats faced by internet users due to the characteristics of low cost, obvious attack effect and the like, and a large number of people participate in attack and defense countermeasures in national network battles, academic circles, enterprise circles, hacker circles and the like. Algorithm complexity attacks are typical application layer DDos attacks that cause algorithms that process application layer data to run at worst time complexity all the time by elaborating the packets, thereby consuming a lot of system space-time resources forcing the DPI to stop checking some or all of the traffic.
As a first line of defense of network security, a deep packet inspection system (DPI) is an important target of cache attack. An attacker uses a detection means to obtain a partial pattern as prior knowledge, then modifies partial characters of the known pattern according to a common pattern matching algorithm to be used as an attack sample, and finally, attacks are implemented through a large number of replay attack samples. When a network criminal implements cache attack, DPI may be destroyed, and as the system crashes or legitimate traffic drops, an attacker then sends a large amount of spam traffic or specifically designed attack data to a server protected by DPI.
The existing cache attack detection method is based on node threshold value to detect, namely all automaton nodes are divided into regular access nodes and infrequent access nodes, the proportion of the access times of the infrequent access nodes to the data length is counted according to a data packet, if the access times exceed a set threshold value, the data packet is identified as an attack packet, but if an attacker grasps a boundary between the regular access nodes and the infrequent access nodes, the attack data is very easy to construct, and the detection of the method is bypassed.
Disclosure of Invention
The following presents a simplified summary of the invention in order to provide a basic understanding of some aspects of the invention. It should be understood that this summary is not an exhaustive overview of the invention. It is not intended to determine the key or critical elements of the present invention, nor is it intended to limit the scope of the present invention. Its sole purpose is to present some concepts in a simplified form as a prelude to the more detailed description that is discussed later.
In view of this, the present invention provides a two-stage threshold attack detection method, a computer, and a storage medium scheme for identifying attack data to protect a DPI system from being attacked, in order to solve the technical problem that attack data cannot be identified in the prior art.
A two-stage threshold attack detection method comprises an I-stage threshold and a II-stage threshold, and comprises the following steps:
step one, reconstructing a pattern matching algorithm automaton, selecting all nodes with the layer being more than or equal to 4, and increasing the number of times of access t and the level I threshold value L for each selected node 1 And a level II threshold L 2 Then executing the step two;
step two, the automaton receives the data T to be matched and compares the level I threshold value L 1 Threshold node ratio p 1 And a level II threshold L 2 Threshold node ratio p 2 Setting the pointer to point to the first character of T, scanning the current character, and executing the third step;
step three, counting the access times of the nodes; judging whether the number of node accesses exceeds an I-level threshold value L or not 1 If the access times of the current node exceed the I-level threshold value L 1 If so, executing the step four; if the current node access times do not exceed the I-level threshold value L 1 Then, the current node access times and a II-level threshold value L are compared 2 Comparing, if the access times of the current node exceed the II-level threshold value L 2 If the access times of the current node do not exceed the II-level threshold value L, executing the step five 2 Pointing the matching pointer to the next character of the T, scanning the next character, and executing the current step;
step four, calculating the threshold value L exceeding the level I 1 Node access proportion p 1 (ii) a If the current node access times exceed the node access proportion p 1 Identifying the current node access as an attack; if the current node access times do not exceed the node access proportion p 1 Returning to the third step;
step five, calculating the threshold value L exceeding the II level 2 Node access proportion p 2 (ii) a If the current node access times exceed the node access proportion p 2 Identifying the current node access as an attack; if the current node access times do not exceed the node access proportion p 2 And returning to the step three.
Preferably, the calculation of step four exceeds a level I threshold L 1 Node access proportion p 1 The specific method comprises the following steps:
the method comprises the steps that t represents the number of access times of nodes, k represents the number of set threshold nodes, the threshold nodes are set on low-frequency access nodes, under the real flow, the high-frequency access nodes of the AC automaton are on the first 5 layers, the first 3 layers have the largest access, in order to prevent the high false negative rate, the first 3 layers are used as the high-frequency access nodes, and two levels of thresholds are set on all nodes more than or equal to 4 layers.
Preferably, the calculation of step five exceeds a level II threshold L 2 Node access proportion p 2 The specific method comprises the following steps:
wherein t represents the access times of the nodes, k represents the number of the set threshold nodes, the threshold nodes are set at the low-frequency access nodes, the high-frequency access nodes of the AC automaton are at the first 5 layers and the first 3 layers have the most access under the real flow, in order to prevent the false negative rate, the first 3 layers are used as the high-frequency access nodes, and the two-level thresholds are set at all the nodes of more than or equal to 4 layers.
A computer comprising a memory storing a computer program and a processor implementing the steps of a two-level threshold attack detection method when executing said computer program.
A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, implements a two-stage threshold attack detection method.
The invention has the following beneficial effects: the invention provides a two-stage threshold attack detection method, which judges whether the node access times exceed a threshold node proportion or not by counting the node access times, identifies and judges attack data, and solves the technical problems that the prior art cannot identify the attack data and a DPI system is attacked.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic flow chart of a detection method according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions and advantages of the embodiments of the present application more apparent, the following further detailed description of the exemplary embodiments of the present application with reference to the accompanying drawings makes it clear that the described embodiments are only a part of the embodiments of the present application, and are not exhaustive of all embodiments. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
Embodiment 1, referring to fig. 1, illustrates this embodiment, and the two-stage threshold attack detection method of this embodiment includes an I-stage threshold and a II-stage threshold, and includes the following steps:
step one, reconstructing a pattern matching algorithm automaton, selecting all nodes with the layer being more than or equal to 4, and increasing the number of times of access t and the level I threshold value L for each selected node 1 And a level II threshold L 2 Then executing the step two;
in particular, a level I threshold L 1 Taking the maximum value of each node after a certain time of normal flow; computingThe formula is as follows
L 1i =max{n i }
Wherein n represents an access node;
in particular, a class II threshold L 2 The level threshold value is calculated according to the following formula:
L 2i =(1+m)×L 1i ,where 0<m<2
where m denotes a preset threshold coefficient.
Step two, the automaton receives the data T to be matched and compares the level I threshold value L 1 Threshold node ratio p 1 And a level II threshold L 2 Threshold node ratio p 2 Setting the pointer to 0, scanning the current character by the first character of the matching pointer pointing to T, and executing the third step;
thirdly, counting the access times of the nodes; judging whether the number of node accesses exceeds an I-level threshold value L or not 1 If the access times of the current node exceed the I-level threshold value L 1 If so, executing the step four; if the current node access times do not exceed the I-level threshold value L 1 Then, the access times of the current node and a II-level threshold value L are compared 2 Comparing, if the access times of the current node exceed the II-level threshold value L 2 If the access times of the current node do not exceed the II-level threshold value L, executing the step five 2 Pointing the matching pointer to the next character of the T, scanning the next character, and executing the current step;
specifically, each time a selected node is accessed, the number of times the node is accessed is increased by 1.
In particular, until the matching pointer points to the end of T.
Step four, calculating the threshold value L exceeding the level I 1 Node access proportion p 1 (ii) a If the current node access times exceed the node access proportion p 1 Identifying the current node access as an attack; if the current node access times do not exceed the node access proportion p 1 Returning to the third step;
step five, calculating the threshold value L exceeding the II level 2 Node access proportion p 2 (ii) a If the current node access times exceed the node access proportion p 2 Identifying the current node access as an attack; if the current node access times do not exceed the nodePoint access ratio p 2 And returning to the step three.
Specifically, the two-stage threshold detection corresponds to a TCP flow or UDP packet from which data is to be sent as input to the DPI engine. The number of real-time accesses to the node will be updated as the pointer to the input data moves.
Specifically, the calculation of step four exceeds the level I threshold L 1 Node access proportion p 1 The specific method comprises the following steps:
wherein t represents the access times of the nodes, k represents the number of the set threshold nodes, the threshold nodes are set at the low-frequency access nodes, the high-frequency access nodes of the AC automaton are at the first 5 layers and the first 3 layers have the most access under the real flow, in order to prevent the false negative rate, the first 3 layers are used as the high-frequency access nodes, and the two-level thresholds are set at all the nodes of more than or equal to 4 layers.
Specifically, the calculation of step five exceeds a level II threshold L 2 Node access proportion p 2 The specific method comprises the following steps:
wherein t represents the access times of the nodes, k represents the number of the set threshold nodes, the threshold nodes are set at the low-frequency access nodes, the high-frequency access nodes of the AC automaton are at the first 5 layers and the first 3 layers have the most access under the real flow, in order to prevent the false negative rate, the first 3 layers are used as the high-frequency access nodes, and the two-level thresholds are set at all the nodes of more than or equal to 4 layers.
The computer device of the present invention may be a device including a processor, a memory, and the like, for example, a single chip microcomputer including a central processing unit and the like. And the processor is used for implementing the steps of the recommendation method capable of modifying the relationship-driven recommendation data based on the CREO software when executing the computer program stored in the memory.
The Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. In addition, the memory may include high speed random access memory, and may also include non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), at least one magnetic disk storage device, a Flash memory device, or other volatile solid state storage device.
Computer-readable storage medium embodiments
The computer readable storage medium of the present invention may be any form of storage medium that can be read by a processor of a computer device, including but not limited to non-volatile memory, ferroelectric memory, etc., and the computer readable storage medium has stored thereon a computer program that, when the computer program stored in the memory is read and executed by the processor of the computer device, can implement the above-mentioned steps of the CREO-based software that can modify the modeling method of the relationship-driven modeling data.
The computer program comprises computer program code which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.
While the invention has been described with respect to a limited number of embodiments, those skilled in the art, having benefit of this description, will appreciate that other embodiments can be devised which do not depart from the scope of the invention as described herein. Furthermore, it should be noted that the language used in the specification has been principally selected for readability and instructional purposes, and may not have been selected to delineate or circumscribe the inventive subject matter. Accordingly, many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the appended claims. The present invention has been disclosed in an illustrative rather than a restrictive sense, and the scope of the present invention is defined by the appended claims.
Claims (3)
1. A two-stage threshold attack detection method comprises a I-stage threshold and a II-stage threshold, and is characterized by comprising the following steps:
step one, reconstructing a pattern matching algorithm automaton, selecting all nodes with the layer being more than or equal to 4, and increasing the number of times of access t and the level I threshold value L for each selected node 1 And a level II threshold L 2 Then executing the step two;
level I threshold L 1 Taking the maximum value of normal flow passing through each node; the calculation formula is as follows:
L 1i =max{n i }
wherein n represents an access node;
in particular, a class II threshold L 2 The level threshold value is calculated according to the following formula:
L 2i =(1+m)×L 1i ,where 0<m<2
wherein m represents a preset threshold coefficient;
step two, the automaton receives the data T to be matched and compares the level I threshold value L 1 Threshold node ratio p 1 And a level II threshold L 2 Threshold node ratio p 2 Setting the pointer to 0, scanning the current character by the first character of the matching pointer pointing to T, and executing the third step;
thirdly, counting the access times of the nodes; judging whether the number of node accesses exceeds an I-level threshold value L or not 1 If the access times of the current node exceed the I-level threshold value L 1 If so, executing the step four; if the current node access times do not exceed the I-level threshold value L 1 Then, the access times of the current node and a II-level threshold value L are compared 2 Comparing, if the access times of the current node exceed the II-level threshold value L 2 If the access times of the current node do not exceed the II-level threshold value L, executing the step five 2 Scanning the next character of the T pointed by the matching pointer, executing the current step, and adding 1 to the accessed times of the node every time the selected node is accessed until the matching pointer points to the end of the T;
step four, calculating the threshold value L exceeding the level I 1 Node access proportion p 1 (ii) a If the current node access times exceed the node access proportion p 1 Identifying the current node access as an attack; if the current node access times do not exceed the node access proportion p 1 Returning to the third step; the two-stage threshold detection corresponds to a TCP flow or UDP packet from which data is to be sent as input to the DPI engine; when the pointer pointing to the input data moves, the real-time access times to the nodes are updated;
calculating exceeding a level I threshold L 1 Node access proportion p 1 The specific method comprises the following steps:
step five, calculating the threshold value L exceeding the II level 2 Node access ratioExample p 2 (ii) a If the current node access times exceed the node access proportion p 2 Identifying the current node access as an attack; if the current node access times do not exceed the node access proportion p 2 Returning to the third step;
calculating exceeding a level II threshold L 2 Node access proportion p 2 The specific method comprises the following steps:
wherein t represents the access times of the nodes, k represents the number of the set threshold nodes, the threshold nodes are set at the low-frequency access nodes, the high-frequency access nodes of the AC automaton are at the first 5 layers and the first 3 layers have the most access under the real flow, in order to prevent the false negative rate, the first 3 layers are used as the high-frequency access nodes, and the two-level thresholds are set at all the nodes of more than or equal to 4 layers.
2. A computer comprising a memory storing a computer program and a processor, the processor implementing the steps of a two-stage threshold attack detection method as claimed in claim 1 when executing the computer program.
3. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out a two-stage threshold attack detection method according to claim 1.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111060878.0A CN113760664B (en) | 2021-09-10 | 2021-09-10 | Two-stage threshold attack detection method, computer and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111060878.0A CN113760664B (en) | 2021-09-10 | 2021-09-10 | Two-stage threshold attack detection method, computer and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113760664A CN113760664A (en) | 2021-12-07 |
CN113760664B true CN113760664B (en) | 2022-09-27 |
Family
ID=78794695
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111060878.0A Active CN113760664B (en) | 2021-09-10 | 2021-09-10 | Two-stage threshold attack detection method, computer and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113760664B (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2009864A1 (en) * | 2007-06-28 | 2008-12-31 | Nibelung Security Systems GmbH | Method and apparatus for attack prevention |
CN102821081A (en) * | 2011-06-10 | 2012-12-12 | 中国电信股份有限公司 | Method and system for monitoring DDOS (distributed denial of service) attacks in small flow |
CN107360118A (en) * | 2016-05-09 | 2017-11-17 | 中国移动通信集团四川有限公司 | A kind of advanced constant threat attack guarding method and device |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104022924A (en) * | 2014-07-02 | 2014-09-03 | 浪潮电子信息产业股份有限公司 | Method for detecting HTTP (hyper text transfer protocol) communication content |
CN105991511A (en) * | 2015-01-27 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Method and device for detecting CC attack |
WO2018095192A1 (en) * | 2016-11-23 | 2018-05-31 | 腾讯科技(深圳)有限公司 | Method and system for website attack detection and prevention |
TWI617939B (en) * | 2016-12-01 | 2018-03-11 | 財團法人資訊工業策進會 | Attacking node detection apparatus, method, and computer program product thereof |
CN106790292A (en) * | 2017-03-13 | 2017-05-31 | 摩贝(上海)生物科技有限公司 | The web application layer attacks detection and defence method of Behavior-based control characteristic matching and analysis |
CN112989327A (en) * | 2019-12-18 | 2021-06-18 | 拓尔思天行网安信息技术有限责任公司 | Detection method, device, equipment and storage medium for stealing website data |
CN112019533A (en) * | 2020-08-20 | 2020-12-01 | 紫光云(南京)数字技术有限公司 | Method and system for relieving DDoS attack on CDN system |
CN112953938B (en) * | 2021-02-20 | 2023-04-28 | 百度在线网络技术(北京)有限公司 | Network attack defense method, device, electronic equipment and readable storage medium |
-
2021
- 2021-09-10 CN CN202111060878.0A patent/CN113760664B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2009864A1 (en) * | 2007-06-28 | 2008-12-31 | Nibelung Security Systems GmbH | Method and apparatus for attack prevention |
CN102821081A (en) * | 2011-06-10 | 2012-12-12 | 中国电信股份有限公司 | Method and system for monitoring DDOS (distributed denial of service) attacks in small flow |
CN107360118A (en) * | 2016-05-09 | 2017-11-17 | 中国移动通信集团四川有限公司 | A kind of advanced constant threat attack guarding method and device |
Non-Patent Citations (1)
Title |
---|
一种DHT安全性优化策略;史建焘等;《智能计算机与应用》;20121201;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN113760664A (en) | 2021-12-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11856021B2 (en) | Detecting and mitigating poison attacks using data provenance | |
US10574681B2 (en) | Detection of known and unknown malicious domains | |
US8205255B2 (en) | Anti-content spoofing (ACS) | |
US8533821B2 (en) | Detecting and defending against man-in-the-middle attacks | |
CN111552971B (en) | Malicious software family classification evasion method based on deep reinforcement learning | |
CN108337219B (en) | Method for preventing Internet of things from being invaded and storage medium | |
WO2021027831A1 (en) | Malicious file detection method and apparatus, electronic device and storage medium | |
WO2021017318A1 (en) | Cross-site scripting attack protection method and apparatus, device and storage medium | |
CN109600362B (en) | Zombie host recognition method, device and medium based on recognition model | |
CN113992444A (en) | Network attack traceability and anti-system based on host computer defense | |
CN110830490A (en) | Malicious domain name detection method and system based on area confrontation training deep network | |
CN115378733B (en) | Multi-step attack scene construction method and system based on dynamic graph embedding | |
CN114928452A (en) | Access request verification method, device, storage medium and server | |
CN115174160B (en) | Malicious encryption traffic classification method and device based on stream level and host level | |
CN113760664B (en) | Two-stage threshold attack detection method, computer and storage medium | |
CN112351002B (en) | Message detection method, device and equipment | |
CN113596044A (en) | Network protection method and device, electronic equipment and storage medium | |
CN115001866B (en) | Safety protection method based on immune mechanism, electronic equipment and storage medium | |
CN113779567B (en) | DPI cache loss attack oriented defense method, computer and storage medium | |
CN114726634B (en) | Knowledge graph-based hacking scene construction method and device | |
CN116527317A (en) | Access control method, system and electronic equipment | |
TW202311994A (en) | System and method of malicious domain query behavior detection | |
US10819683B2 (en) | Inspection context caching for deep packet inspection | |
CN107547547B (en) | TCP CC identification method based on edit distance | |
CN111914998A (en) | Training method and device for server attack information generator |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |