[go: up one dir, main page]

CN103685171A - Attack control method for protecting account system - Google Patents

Attack control method for protecting account system Download PDF

Info

Publication number
CN103685171A
CN103685171A CN201210331667.0A CN201210331667A CN103685171A CN 103685171 A CN103685171 A CN 103685171A CN 201210331667 A CN201210331667 A CN 201210331667A CN 103685171 A CN103685171 A CN 103685171A
Authority
CN
China
Prior art keywords
account
control
attack
engine
accounts
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201210331667.0A
Other languages
Chinese (zh)
Inventor
赵象元
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CHENGDU CHINAFIRST TECHNOLOGY CO., LTD.
Original Assignee
JIANGSU ZHONGKE HUICHUANG INFORMATION SAFETY TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by JIANGSU ZHONGKE HUICHUANG INFORMATION SAFETY TECHNOLOGY Co Ltd filed Critical JIANGSU ZHONGKE HUICHUANG INFORMATION SAFETY TECHNOLOGY Co Ltd
Priority to CN201210331667.0A priority Critical patent/CN103685171A/en
Publication of CN103685171A publication Critical patent/CN103685171A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses an attack control method for protecting an account system. The method comprises the following steps: (1) an initiative deception system is established for pre-defense of a network defense system, wherein the initiative deception system comprises an attack control engine in a core system and used for defense in the aspects of an account database, an account authentication system, an account authorization system and an account audit system; (2) the attack control engine reinforces the security of the account system automatically; (3) control activities such as creating, concealing and cloning of accounts are prevented, functions of the activities are inhibited, and then all the activities are deleted from the account system; (4) the attack control engine prevents the control activities for decoding and gives an alarm; (5) an account attack is controlled. According to the invention, the method can judge whether an activity is a control activity or not, resist malicious code attacks in the aspects of the account database, the account authentication system, the account authorization system, the account audit system and the like, and reinforce the security of the account system automatically, so as to prevent malicious codes from creating anonymous accounts, concealed accounts, cloned accounts and other illegal accounts.

Description

The attack control method of protection account system
Technical field
The present invention is specifically related to protect the attack control method of account system, for controlling the controlled malicious act of assailant to account system core position, and the authority control system of protection operating system.
Background technology
Nowadays along with the extensive use of network technology, assault emerges in an endless stream, network security becomes the focus of current study hotspot and social concerns, and existing network safe practice lags behind various attack technologies conventionally with defense techniques such as fire compartment wall, antivirus protection technology, intruding detection system, authentication and digital signature technologies.
As the authority control system of operating system, account and Verification System are the safety-valves of whole operating system, need high Security Techniques.
Data Control technology is exactly one of existing Security Techniques.Take the method for " wide-in and strict-out ", can the data that flow out be monitored and be followed the trail of.
The unknown attack of the non-feature formula of current appearance to existing Prevention-Security System forming serious threat.Unknown attack is exactly unknown threat, refers to not yet foundly to have unknown characteristics and information system is existed the Activity Type of potential threat simultaneously.Unknown threat may be to be caused by unknown virus, wooden horse, hacker, or a kind of illegal abuse to resource.
Although Data Control technology is under the cooperation of the safety measures such as network firewall, intruding detection system, can make up the deficiency of original Prevention-Security, but still there is the shortcoming that some cannot overcome: for data, just played the effect of record, known and the unknown attack of None-identified, easily become springboard machine, then cause inner other real server to be attacked.
Summary of the invention
The present invention produces in order to solve the shortcoming of available data control technology just; its object is to provide the attack control method of protection account system; can control the controlled malicious act of assailant to account system core position; that behavior is controlled in the known attack of condition code formula or the unknown attack of potential threat control all has good protection effect, the authority control system of protection operating system.
For realizing above-mentioned technical purpose, the technical solution adopted in the present invention is:
The attack control method of protection account system of the present invention, the embodiment of the present invention provides a kind of attack control method of protecting account system, comprises the following steps:
(1) initiatively trapping system is set up in the defence in advance in cyber-defence system, trapping system is deployed with to attack in account system controls engine, to account data storehouse, account Verification System, account authoring system, account audit system, these aspects are resisted;
(2) attack control engine and will carry out automatic safe reinforcing to account system;
(3) stop control behavior to create, hide, clone account; Stop the use of its function; From account system, delete afterwards;
(4) attacking control engine stops control behavior password is cracked and report to the police;
(5) account is attacked and is controlled.
With said method, in account system, dispose to attack and control engine.Stop that control behavior creates, hides, clone's account with and the use of function, can also stop control behavior to crack password, and delete from account system, finally realize account and attack and control.
The present invention also provides the another kind of execution mode of attack control method of protection account system, comprising:
Interception carrys out the attack of automatic network; To coming the attack of automatic network to judge, whether be control behavior; If the determination result is YES, block the control behavior that enters kernel system; If the determination result is NO, let pass; Finally blocking-up enters the control behavior of account system.
The operations such as further, default password account invasion, the invasion of weak passwurd account, the invasion of keeper's account, other account password invasions.
Further; the controlled malicious act of engine control assailant to system core position controlled in described attack; according to the judged result of behavior danger classes, guarantee the not victim control of trapping system, protection trapping computer does not become attacks inner other real server.
With respect to existing technology, the attack control method of protection account system of the present invention, has following useful technique effect:
The invention has the beneficial effects as follows: at kernel system made, attack and control engine, can determine whether control behavior, by crossing, account data storehouse, account Verification System, account authoring system, these aspects of account audit system are resisted simultaneously, guaranteed the not victim control of account system.
Accompanying drawing explanation
Fig. 1 is the flow chart of an embodiment of the present invention;
Fig. 2 is the composition diagram of the embodiment of the present invention based on Fig. 1
Embodiment
The embodiment of the present invention provides the attack control method of protection account system, to solve existing traditional Data Control technology, only the data that enter honey pot system is recorded or is revised, and data itself are not had to recognition capability.The present invention is mainly used in defense system in advance, server, the active trapping system of network and carries out active, efficient, system-level Prevention-Security.
For making object of the present invention, technical scheme and advantage clearer, referring to the accompanying drawing embodiment that develops simultaneously, the present invention is described in more detail.
The present invention attacks engine by the control being deployed in account system, is deployed with to attack controls engine in kernel system, and to account data storehouse, account Verification System, account authoring system, account audit system, these aspects are resisted.Attack control engine and will carry out automatic safe reinforcing to account system; Stop that control behavior creates, hides, clone's account with and the use of function; From account system, delete afterwards; In addition, can also stop control behavior to crack password; Finally realize account and attack control.Some malicious acts of defending comprise: the invasion of default password account, the invasion of weak passwurd account, the invasion of keeper's account, other account password invasions etc.The controlled malicious act of engine control assailant to system core position controlled in described attack, according to the judged result of behavior danger classes, guarantees the not victim control of trapping system, and protection trapping computer does not become attacks inner other real server.
Flow chart in conjunction with Fig. 1 illustrates.
Step 101: initiatively trapping system is set up in the defence in advance in cyber-defence system, trapping system is deployed with to attack in account system controls engine, to account data storehouse, account Verification System, account authoring system, account audit system, these aspects are resisted;
Step 102: the attack control engine being deployed in kernel system obtains the information from step 101, proceeds to next step; Attack control engine and will carry out automatic safe reinforcing to account system;
Step 103: stop control behavior to create, hide, clone account; Stop the use of its function; From account system, delete afterwards;
Step 104: attack control engine and stop control behavior to crack password; And report to the police; 103 steps and 104 steps enter next step simultaneously;
Step 105: account is attacked and controlled.
Flow process by above embodiment is described, be deployed in that attack in account system controls that engine stops that control behavior creates, hides, clone's account with and the use of function, can also stop control behavior to crack password, and delete from account system, finally realize account and attack control.Stoping and unload not to be corrupted to system file, is before malicious act occurs, and this abnormal behavior detected, from having prevented that malicious code from creating anonymous account, hide account, cloning the illegal accounts such as account.
The present invention adopts and attacks the method for controlling, and provides the attack of protection account system to control engine.
Composition diagram in conjunction with Fig. 2 illustrates.
Step 101: interception carrys out the attack of automatic network;
Step 102: to coming the attack of automatic network to judge, whether be control behavior;
Step 103: if the determination result is YES, proceed to step 105, blocking-up enters the control behavior of kernel system;
Step 104: if the determination result is NO, let pass;
Step 105: blocking-up enters the control behavior of account system.
Attacking and controlling engine is an engine being deployed in account system, and it is according to the judged result of behavior danger classes, thus the controlled malicious act of control assailant to system core position.Attacking control technology is to guarantee the not victim control of trapping system, is that protection trapping computer does not become the important technology of attacking inner other real server.Control computer and can control target of attack by account system.
To the embodiment of the present invention, just for technical conceive of the present invention and feature being described, its objective is, be to allow one of ordinary skilled in the art can understand content of the present invention and implement according to this above, can not limit the scope of the invention with this.Every equivalent variation or modification that according to the present invention, the essence of content has been done, all should be encompassed in protection scope of the present invention.
  

Claims (4)

1. the attack control method of protection account system, is characterized in that, comprises the following steps:
(1) initiatively trapping system is set up in the defence in advance in cyber-defence system, trapping system is deployed with to attack in account system controls engine, to account data storehouse, account Verification System, account authoring system, account audit system, these aspects are resisted;
(2) attack control engine and will carry out automatic safe reinforcing to account system;
(3) stop control behavior to create, hide, clone account; Stop the use of its function; From account system, delete afterwards;
(4) attacking control engine stops control behavior password is cracked and report to the police;
(5) account is attacked and is controlled.
2. the attack control method of protection account system according to claim 1, is characterized in that: some malicious acts of defending comprise: the operations such as the invasion of default password account, the invasion of weak passwurd account, the invasion of keeper's account, other account password invasions.
3. the attack control method of protection kernel system according to claim 2, is characterized in that: as the authority control system of operating system, account and Verification System are the safety-valves of whole operating system, needs high Security Techniques.
4. described in, attack and control the controlled malicious act of engine control assailant to system core position, by account data storehouse, account Verification System, account authoring system, these aspects of account audit system are resisted, guarantee the not victim control of account system.
CN201210331667.0A 2012-09-10 2012-09-10 Attack control method for protecting account system Pending CN103685171A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210331667.0A CN103685171A (en) 2012-09-10 2012-09-10 Attack control method for protecting account system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210331667.0A CN103685171A (en) 2012-09-10 2012-09-10 Attack control method for protecting account system

Publications (1)

Publication Number Publication Date
CN103685171A true CN103685171A (en) 2014-03-26

Family

ID=50321503

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210331667.0A Pending CN103685171A (en) 2012-09-10 2012-09-10 Attack control method for protecting account system

Country Status (1)

Country Link
CN (1) CN103685171A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105376210A (en) * 2014-12-08 2016-03-02 哈尔滨安天科技股份有限公司 Account threat identification and defense method and system
CN106411955A (en) * 2016-12-01 2017-02-15 微鲸科技有限公司 Modulus m congruence class ring based account generation method
CN113098823A (en) * 2019-12-23 2021-07-09 中国移动通信集团山西有限公司 Weak password detection method, device, equipment and medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060023721A1 (en) * 2004-07-29 2006-02-02 Ntt Docomo, Inc. Server device, method for controlling a server device, and method for establishing a connection using the server device
EP1748342A1 (en) * 2005-07-29 2007-01-31 H+BEDV Datentechnik GmbH Honeypot computer system for detecting viruses in computer networks
CN101262351A (en) * 2008-05-13 2008-09-10 华中科技大学 A web tracking system
CN101582817A (en) * 2009-06-29 2009-11-18 华中科技大学 Method for extracting network interactive behavioral pattern and analyzing similarity

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060023721A1 (en) * 2004-07-29 2006-02-02 Ntt Docomo, Inc. Server device, method for controlling a server device, and method for establishing a connection using the server device
EP1748342A1 (en) * 2005-07-29 2007-01-31 H+BEDV Datentechnik GmbH Honeypot computer system for detecting viruses in computer networks
CN101262351A (en) * 2008-05-13 2008-09-10 华中科技大学 A web tracking system
CN101582817A (en) * 2009-06-29 2009-11-18 华中科技大学 Method for extracting network interactive behavioral pattern and analyzing similarity

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
陈凌, 等.: "网络诱捕式入侵防御模型的设计", 《计算机应用》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105376210A (en) * 2014-12-08 2016-03-02 哈尔滨安天科技股份有限公司 Account threat identification and defense method and system
CN105376210B (en) * 2014-12-08 2018-09-07 哈尔滨安天科技股份有限公司 A kind of account threat identification and defence method and system
CN106411955A (en) * 2016-12-01 2017-02-15 微鲸科技有限公司 Modulus m congruence class ring based account generation method
CN106411955B (en) * 2016-12-01 2019-07-23 微鲸科技有限公司 A kind of account generation method based on mould m congruence class ring
CN113098823A (en) * 2019-12-23 2021-07-09 中国移动通信集团山西有限公司 Weak password detection method, device, equipment and medium

Similar Documents

Publication Publication Date Title
Brewer Advanced persistent threats: minimising the damage
Ask et al. Advanced persistent threat (APT) beyond the hype
CN103581104A (en) Active trapping method based on behavior capturing
Shackelford et al. Rethinking active defense: a comparative analysis of proactive cybersecurity policymaking
Dewar Active cyber defense
CN103685171A (en) Attack control method for protecting account system
Kello Private-Sector Cyberweapons: An Adequate Response to the Sovereignty Gap?
Fischer The concept of deterrence and its applicability in the cyber domain
Rubenstein Nation state cyber espionage and its impacts
KR101752880B1 (en) Advanced Persistent Threat attack tolerance system and method using cloud computing virtualization
Lachow The Stuxnet enigma: Implications for the future of cybersecurity
Aleke et al. Nation-State Cyber Attacks on Critical Infrastructure: A Case Study and Analysis of the 2014 Sony Pictures Hack by North Korea
Appelbaum et al. NSA Preps America for Future Battle
CN103679015A (en) Attacking control method for protecting kernel system
Broadhurst et al. Cyber terrorism: research review: research report of the Australian national university cybercrime observatory for the Korean institute of criminology
CN109460658B (en) Detection method for malicious Lesso sample
Park et al. A study on the improvement of capability assessment and the plan for enhancing cyber warfare capability of Korea
Kello Private-Sector Cyberweapons: Strategic and Other Consequences
Mendyk-Krajewska et al. Problem of network security threats
Feaver et al. “When the Urgency of Time and Circumstances Clearly Does Not Permit...”: Predelegation in Nuclear and Cyber Scenarios
Rafiq et al. Increasing cyber threats to Pakistan
Bhardwaj et al. ATP the New‐Age Threat Vector and Cyberattack Trends
CN103716289A (en) Attack control method for protecting service system
Kozłowski The “Cyber Weapons Gap.” The Assessment of the China’s Cyber Warfare Capabilities and Its Consequences for Potential Conflict over Taiwan
Hacquebord Update on Pawn Storm: New Targets and Politically Motivated Campaigns

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
ASS Succession or assignment of patent right

Owner name: CHENGDU ZHONGKE CHONGHUI TECHNOLOGY CO., LTD.

Free format text: FORMER OWNER: JIANGSU ZHONGKE HUICHUANG INFORMATION SAFETY TECHNOLOGY CO., LTD.

Effective date: 20150120

C41 Transfer of patent application or patent right or utility model
COR Change of bibliographic data

Free format text: CORRECT: ADDRESS; FROM: 215163 SUZHOU, JIANGSU PROVINCE TO: 610041

TA01 Transfer of patent application right

Effective date of registration: 20150120

Address after: High tech Zone Gaopeng road in Chengdu city of Sichuan province 610041 No. 12 A602

Applicant after: CHENGDU CHINAFIRST TECHNOLOGY CO., LTD.

Address before: 215163 micro system garden of Suzhou science and Technology City, Suzhou hi tech Zone, Jiangsu, M3-102

Applicant before: JIANGSU ZHONGKE HUICHUANG INFORMATION SAFETY TECHNOLOGY CO., LTD.

WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20140326

WD01 Invention patent application deemed withdrawn after publication