Network attack behavior detection method and device and readable storage medium

Network attack behavior detection method and device and readable storage medium

The invention discloses a network attack behavior detection method and device and a readable storage medium, and relates to the network security technology. According to the specific scheme, the method comprises the steps of obtaining a log file and hypertext transfer protocol HTTP message data in a...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: LU XIN, CHEN LINGXIANG, YU CHAOCHEN, HU QINGCHAO, MA SHUAI, HU XINGRU
Format: Patent
Sprache:chi ; eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention discloses a network attack behavior detection method and device and a readable storage medium, and relates to the network security technology. According to the specific scheme, the method comprises the steps of obtaining a log file and hypertext transfer protocol HTTP message data in a domain name system DNS server within a preset time range; judging whether a risk domain name existsin the log file or not according to each blacklist domain name; for each piece of HTTP message data, comparing the HTTP message data with each obtained risk domain name one by one, and calculating the probability that the HTTP message data contains the compared risk domain names; and if the risk domain name of which the probability contained in the HTTP message data is greater than a preset probability threshold exists, storing the HTTP message data as an attack detection result. According to the method, the defect that only Web attack modes with obvious attack features and echo features canbe detected in the prior a