MX2020006422A - Metodo para detectar ataque de fuerza bruta y aparato relacionado. - Google Patents

Metodo para detectar ataque de fuerza bruta y aparato relacionado.

Info

Publication number
MX2020006422A
MX2020006422A MX2020006422A MX2020006422A MX2020006422A MX 2020006422 A MX2020006422 A MX 2020006422A MX 2020006422 A MX2020006422 A MX 2020006422A MX 2020006422 A MX2020006422 A MX 2020006422A MX 2020006422 A MX2020006422 A MX 2020006422A
Authority
MX
Mexico
Prior art keywords
session information
brute force
force attack
information sequence
related apparatus
Prior art date
Application number
MX2020006422A
Other languages
English (en)
Inventor
Duo Yang
Original Assignee
Huawei Tech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Tech Co Ltd filed Critical Huawei Tech Co Ltd
Publication of MX2020006422A publication Critical patent/MX2020006422A/es

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/29Graphical models, e.g. Bayesian networks
    • G06F18/295Markov models or related models, e.g. semi-Markov models; Markov random fields; Networks embedding Markov models
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Mining & Analysis (AREA)
  • Theoretical Computer Science (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Artificial Intelligence (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Evolutionary Computation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Esta solicitud proporciona un método para detectar un ataque de fuerza bruta y un aparato relacionado. El método de detección incluye: obtener tráfico duplicado que se va a detectar entre un cliente y un servidor; obtener una primera secuencia de información de sesión basada en el tráfico duplicado que se va a detectar, donde la primera secuencia de información de sesión incluye una pluralidad de piezas de información de sesión, la pluralidad de piezas de información de sesión tienen una correspondencia uno-a-uno con una pluralidad de sesiones de acceso y un orden de disposición de la pluralidad de piezas de información de sesión en la primera secuencia de información de sesión es consistente con un orden cronológico de la pluralidad de sesiones de acceso; usar la primera secuencia de información de sesión como una primera cadena Markov, y obtener un valor de probabilidad de cadena de estado de la primera cadena Markov, donde cada pieza de información de sesión en la primera secuencia de información de sesión se utiliza como un estado en la primera cadena Markov; y determinar con base en el valor de probabilidad de cadena de estado de la primera cadena Markov y un primer valor de probabilidad de referencia, si la pluralidad de sesiones de acceso es un ataque de fuerza bruta. El método para detectar un ataque de fuerza bruta y el aparato relacionado provistos en la presente solicitud son útiles para detectar el ataque de fuerza bruta.
MX2020006422A 2017-12-18 2018-08-29 Metodo para detectar ataque de fuerza bruta y aparato relacionado. MX2020006422A (es)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201711365840.8A CN109936545B (zh) 2017-12-18 2017-12-18 暴力破解攻击的检测方法和相关装置
PCT/CN2018/102881 WO2019119860A1 (zh) 2017-12-18 2018-08-29 暴力破解攻击的检测方法和相关装置

Publications (1)

Publication Number Publication Date
MX2020006422A true MX2020006422A (es) 2020-09-17

Family

ID=66982767

Family Applications (1)

Application Number Title Priority Date Filing Date
MX2020006422A MX2020006422A (es) 2017-12-18 2018-08-29 Metodo para detectar ataque de fuerza bruta y aparato relacionado.

Country Status (5)

Country Link
US (1) US11388189B2 (es)
EP (1) EP3720077B1 (es)
CN (1) CN109936545B (es)
MX (1) MX2020006422A (es)
WO (1) WO2019119860A1 (es)

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110324375B (zh) * 2018-03-29 2020-12-04 华为技术有限公司 一种信息备份方法及相关设备
CN110417747B (zh) * 2019-07-08 2021-11-05 新华三信息安全技术有限公司 一种暴力破解行为的检测方法及装置
CN112445785B (zh) * 2019-08-30 2024-05-31 深信服科技股份有限公司 一种账号爆破检测方法及相关装置
CN111770111A (zh) * 2020-01-06 2020-10-13 南京林业大学 一种攻击防御树的定量分析方法
US11876790B2 (en) * 2020-01-21 2024-01-16 The Boeing Company Authenticating computing devices based on a dynamic port punching sequence
CN113497789B (zh) * 2020-03-20 2024-03-15 北京观成科技有限公司 一种暴力破解攻击的检测方法、检测系统和设备
CN111355750B (zh) * 2020-04-23 2022-11-08 京东科技控股股份有限公司 用于识别暴力破解密码行为的方法和装置
CN112153033B (zh) * 2020-09-16 2023-04-07 杭州安恒信息技术股份有限公司 一种检测webshell的方法和装置
CN113114620B (zh) * 2021-03-02 2023-03-17 深信服科技股份有限公司 一种暴力破解的检测方法和装置,及存储介质
US12041088B2 (en) * 2021-03-24 2024-07-16 Corelight, Inc. System and method for identifying authentication method of secure shell (SSH) sessions
CN113676348B (zh) * 2021-08-04 2023-12-29 南京赋乐科技有限公司 一种网络通道破解方法、装置、服务器及存储介质
CN113938312B (zh) * 2021-11-12 2024-01-26 北京天融信网络安全技术有限公司 一种暴力破解流量的检测方法及装置
CN115459962B (zh) * 2022-08-22 2024-08-06 北京国瑞数智技术有限公司 一种基于统计的暴力破解检测方法和系统
CN115333858B (zh) * 2022-10-11 2022-12-23 北京华云安信息技术有限公司 登录页面破解方法、装置、设备以及存储介质
CN115865493B (zh) * 2022-11-30 2024-10-22 网易(杭州)网络有限公司 基于流量的分布式拒绝服务攻击检测方法、装置及介质
CN116318975B (zh) * 2023-03-16 2025-12-09 中国科学院信息工程研究所 一种基于多会话和多协议的恶意流量检测方法与系统
CN116319021B (zh) * 2023-03-23 2023-09-29 长扬科技(北京)股份有限公司 一种横向移动检测方法、装置、电子设备及存储介质

Family Cites Families (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070300300A1 (en) * 2006-06-27 2007-12-27 Matsushita Electric Industrial Co., Ltd. Statistical instrusion detection using log files
US9473529B2 (en) * 2006-11-08 2016-10-18 Verizon Patent And Licensing Inc. Prevention of denial of service (DoS) attacks on session initiation protocol (SIP)-based systems using method vulnerability filtering
KR100935861B1 (ko) * 2007-11-12 2010-01-07 한국전자통신연구원 네트워크 보안 위험도 예측 방법 및 장치
US20110158470A1 (en) * 2008-08-11 2011-06-30 Karl Martin Method and system for secure coding of arbitrarily shaped visual objects
US9438419B1 (en) * 2011-07-12 2016-09-06 The Florida State University Research Foundation, Inc. Probabilistic password cracking system
CN104052617A (zh) * 2013-03-13 2014-09-17 北京千橡网景科技发展有限公司 基于连续时间马尔可夫链进行用户行为分析的方法和设备
US9519775B2 (en) * 2013-10-03 2016-12-13 Qualcomm Incorporated Pre-identifying probable malicious behavior based on configuration pathways
US20150161389A1 (en) * 2013-12-11 2015-06-11 Prism Technologies Llc System and method for the detection and prevention of battery exhaustion attacks
WO2015171660A1 (en) * 2014-05-05 2015-11-12 Board Of Regents, The University Of Texas System Variant annotation, analysis and selection tool
US9529087B2 (en) * 2014-07-24 2016-12-27 GM Global Technology Operations LLC Curb detection using lidar with sparse measurements
US10382454B2 (en) * 2014-09-26 2019-08-13 Mcafee, Llc Data mining algorithms adopted for trusted execution environment
CN105024885A (zh) * 2015-07-29 2015-11-04 盛趣信息技术(上海)有限公司 反外挂的网络游戏系统
US10331429B2 (en) * 2015-09-04 2019-06-25 Siemens Aktiengesellschaft Patch management for industrial control systems
CN106936781B (zh) * 2015-12-29 2019-11-15 亿阳安全技术有限公司 一种用户操作行为的判定方法及装置
US10333968B2 (en) * 2016-02-10 2019-06-25 Verisign, Inc. Techniques for detecting attacks in a publish-subscribe network
CN107204965B (zh) * 2016-03-18 2020-06-05 阿里巴巴集团控股有限公司 一种密码破解行为的拦截方法及系统
CN107347047B (zh) * 2016-05-04 2021-10-22 阿里巴巴集团控股有限公司 攻击防护方法和装置
US10284580B2 (en) * 2016-05-04 2019-05-07 The University Of North Carolina At Charlotte Multiple detector methods and systems for defeating low and slow application DDoS attacks
CN107402921B (zh) * 2016-05-18 2021-03-30 创新先进技术有限公司 识别用户行为的事件时序数据处理方法、装置及系统
CN107454043A (zh) * 2016-05-31 2017-12-08 阿里巴巴集团控股有限公司 一种网络攻击的监控方法及装置
CN106330949B (zh) * 2016-09-13 2019-07-16 哈尔滨工程大学 一种基于马尔科夫链的入侵检测方法
US10652252B2 (en) * 2016-09-30 2020-05-12 Cylance Inc. Machine learning classification using Markov modeling
CN107070852B (zh) * 2016-12-07 2020-07-03 东软集团股份有限公司 网络攻击检测方法和装置

Also Published As

Publication number Publication date
EP3720077A1 (en) 2020-10-07
US11388189B2 (en) 2022-07-12
US20200322378A1 (en) 2020-10-08
EP3720077B1 (en) 2022-06-22
EP3720077A4 (en) 2020-11-25
CN109936545B (zh) 2020-07-24
CN109936545A (zh) 2019-06-25
WO2019119860A1 (zh) 2019-06-27

Similar Documents

Publication Publication Date Title
MX2020006422A (es) Metodo para detectar ataque de fuerza bruta y aparato relacionado.
MX2018010193A (es) Tecnicas para comunicaciones enriquecidas de robot de mensajeria.
SG11201803696QA (en) Service call information processing method and device
EP4398519A3 (en) Model driven intent policy conflict detection and resolution through graph analysis
WO2015047802A3 (en) Advanced persistent threat (apt) detection center
MX2017015263A (es) Sistema y metodo de verificacion de seguridad.
PH12019500383B1 (en) User identity verification method, apparatus and system
EP4513367A3 (en) Semi-active probing framework to gather threat intelligence for encrypted traffic and learn about devices
MX2016004500A (es) Metodo y dispositivo de alarma.
EP4708795A3 (en) Information communication method, user equipment, and network device
GB2569259A (en) Methods and apparatus to perform actions in public safety incidents based on actions performed in prior incidents
EP4502180A3 (en) Analytical systems and methods
BR112017017549A2 (pt) recepção descontínua estendida de modo conectado
SG11201803895RA (en) Voiceprint recognition method, device, storage medium and background server
EP4325958A3 (en) Beam-scan time indicator
WO2015160415A3 (en) Systems and methods for visual sentiment analysis
WO2016020750A3 (en) Methods and apparatuses for measurement enhancement in communication system
EP2903119A3 (en) Communications via wireless charging
SG11201900526WA (en) Risk identification method, risk identification apparatus, and cloud risk identification apparatus and system
WO2015129934A8 (ko) 명령제어채널 탐지장치 및 방법
MY203162A (en) Information sharing method, client, and computer storage medium
RU2018120870A (ru) Способ обнаружения сетевых служб отслеживания
SG11201810092UA (en) Method and device for processing group message
PH12018501123A1 (en) Information generation method and apparatus, information acquisition method and apparatus, information processing method and apparatus, and payment method and client
MX2016000595A (es) Metodo y aparato para detectar un dispositivo inteligente.