CN103729594B - A kind of protection rule generating method and device - Google Patents
A kind of protection rule generating method and device Download PDFInfo
- Publication number
- CN103729594B CN103729594B CN201310753750.1A CN201310753750A CN103729594B CN 103729594 B CN103729594 B CN 103729594B CN 201310753750 A CN201310753750 A CN 201310753750A CN 103729594 B CN103729594 B CN 103729594B
- Authority
- CN
- China
- Prior art keywords
- parameter
- type
- attribute
- value
- unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2135—Metering
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Transfer Between Computers (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a kind of protection rule generating method and device, the method comprises: in the time receiving rule generation instruction, parameter name, the parameter type of this parameter and the parameter value of this parameter to the parameter in target url field in the multiple request data package that send with user orientation server carry out record, until this recording process meets preset recording termination condition, add up every kind of number that parameter is corresponding, and according to every kind of number that parameter is corresponding, the indispensable parameter that the attribute of determining described every kind of parameter is described target URL or non-indispensable parameter; Add up the number corresponding to every kind of parameter type of every kind of parameter, and according to the number corresponding to every kind of parameter type of described every kind of parameter, determine the legal parameters type of every kind of parameter; Add up the data area of the parameter value of every kind of parameter; By corresponding the data area of described every kind of parameter and attribute, the legal parameters type of described every kind of parameter and the parameter value of described every kind of parameter combination, and then the generation protection rule corresponding with described target URL.
Description
Technical field
The application relates to technical field of internet application, especially a kind of protection rule generating method and device.
Background technology
In current digital Age, internet has become the information interchange mode can not be substituted, and internet security technology is maked rapid progress. But, also constantly there are new attack means in internet attack technology, one of attack means is leak attack, attack for the leak in the website and webpage of issuing on Internet Server, because the leak in these webpages does not carry out patch installing processing, described server often becomes object of attack. Concrete, assailant is encapsulated into attack data in the url field of the request data package sending to described server (issue and have website and webpage on server), and the described request data package that is packaged with attack data is sent to described server. For avoiding server to suffer network attack, need to protect server, the request data package that sends to server is detected.
But this protection process need to depend on certain protection rule, according to described protection rule, whether request data package is made and being defined safely. Therefore, need a kind of protection rule generating method badly, in order to generate the protection rule of applying in protection server process.
Summary of the invention
In view of this, the application provides a kind of protection rule generating method and device, in order to generate the protection rule of applying in protection server process. The technical scheme that the application provides is as follows:
A kind of protection rule generating method, described method comprises:
In the time receiving rule generation instruction, parameter name, the parameter type of described parameter and the parameter value of described parameter to the parameter in target url field in the multiple request data package that send with user orientation server carry out record, until described recording process meets preset recording termination condition;
According to the parameter name of parameters, add up every kind of number that parameter is corresponding; According to number corresponding to described every kind of parameter, determine the attribute of described every kind of parameter; Wherein, the indispensable parameter that described attribute is described target URL or the non-indispensable parameter of described target URL;
Add up the number corresponding to every kind of parameter type of described every kind of parameter; According to the number corresponding to every kind of parameter type of described every kind of parameter, determine the legal parameters type of described every kind of parameter;
Add up the data area of the parameter value of described every kind of parameter;
By corresponding the data area of described every kind of parameter and attribute, the legal parameters type of described every kind of parameter and the parameter value of described every kind of parameter combination, generate the protection rule corresponding with described target URL.
Said method, preferred, total number of target URL described in multiple request data package that statistics receives;
Wherein, number corresponding to the described every kind of parameter of described foundation, determine and comprise the attribute of described every kind of parameter:
According to total number and number corresponding to described every kind of parameter of described target URL, obtain disappearance ratio corresponding to described every kind of parameter, and judge whether the disappearance ratio of described every kind of parameter does not exceed the first predetermined threshold value; If so, this kind of parameter is defined as to indispensable parameter; Otherwise, this kind of parameter is defined as to non-indispensable parameter.
Said method, preferred, the number corresponding to every kind of parameter type of the described every kind of parameter of described foundation, determine and comprise the legal parameters type of described every kind of parameter:
Whether the number that judges every kind of parameter type of described every kind of parameter exceedes the second predetermined threshold value; If so, this kind of parameter type is defined as to the legal parameters type of this kind of parameter.
Said method, preferred, the data area of the parameter value of the described every kind of parameter of described statistics, comprising:
Judge the attribute of the parameter value of described every kind of parameter, wherein, described attribute is character or numerical value;
If described attribute is character, add up the character length scope of the parameter value of described character attibute;
If described attribute is numerical value, add up the number range of the parameter value of described numerical attribute.
Said method, preferred, also comprise:
Receive the subsequent request packet that user sends to described server;
Judge in the described target url field of described subsequent request packet and whether include the first parameter that attribute is indispensable parameter;
If include the first parameter that attribute is indispensable parameter in the described target url field of described subsequent request packet, judge whether the parameter type of described the first parameter is corresponding legal parameters type; If the parameter type of described the first parameter is corresponding legal parameters type, whether the parameter value that judges described the first parameter meets corresponding data area, if the parameter value of described the first parameter meets corresponding data area, judge in the described target url field of described subsequent request packet whether include the second parameter that described attribute is non-indispensable parameter;
If the parameter type that does not include the first parameter that attribute is indispensable parameter, described the first parameter in the described target url field of described subsequent request packet, for corresponding legal parameters type or the parameter value of described the first parameter do not meet corresponding data area, is not deleted described subsequent request packet;
If include the second parameter that described attribute is non-indispensable parameter in the described target url field of described subsequent request packet, judge whether the parameter type of described the second parameter is corresponding legal parameters type;
If the parameter type of described the second parameter is corresponding legal parameters type, judge whether the parameter value of described the second parameter meets corresponding data area; If so, described subsequent request packet is sent to described server; Otherwise, delete described subsequent request packet;
If the parameter type of described the second parameter is not corresponding legal parameters type, delete described subsequent request packet.
The application also provides a kind of protection regular generating apparatus, and described device comprises:
Record cell, for in the time receiving rule generation instruction, parameter name, the parameter type of described parameter and the parameter value of described parameter to the parameter in target url field in the multiple request data package that send with user orientation server carry out record, until described recording process meets preset recording termination condition;
The first regularization term generation unit, for the parameter name according to parameters, adds up every kind of number that parameter is corresponding; According to number corresponding to described every kind of parameter, determine the attribute of described every kind of parameter; Wherein, the indispensable parameter that described attribute is described target URL or the non-indispensable parameter of described target URL;
Second Rule item generation unit, for adding up the number corresponding to every kind of parameter type of described every kind of parameter; According to the number corresponding to every kind of parameter type of described every kind of parameter, determine the legal parameters type of described every kind of parameter;
Three sigma rule item generation unit, for adding up the data area of parameter value of described every kind of parameter;
Rule generation unit, for by corresponding the data area of described every kind of parameter and attribute, the legal parameters type of described every kind of parameter and the parameter value of described every kind of parameter combination, generates the protection rule corresponding with described target URL.
Said apparatus, preferred, also comprise:
Statistic unit, for adding up the total number of target URL described in the multiple request data package that receive;
Described the first regularization term generation unit comprises:
The first statistics subelement, for the parameter name according to parameters, adds up every kind of number that parameter is corresponding;
First determines subelement, for according to number corresponding to described every kind of parameter, determines the attribute of described every kind of parameter;
Wherein, described first determines that subelement comprises:
The first judgment sub-unit, for total number and number corresponding to described every kind of parameter according to described target URL, obtains disappearance ratio corresponding to described every kind of parameter, and judges whether the disappearance ratio of described every kind of parameter does not exceed the first predetermined threshold value; If so, trigger first unit that bears fruit; Otherwise, trigger second unit that bears fruit;
First unit that bears fruit, for being defined as this kind of parameter the indispensable parameter of described target URL;
Second unit that bears fruit, for being defined as this kind of parameter the non-indispensable parameter of described target URL.
Said apparatus, preferred, described Second Rule item generation unit comprises:
The second statistics subelement, for adding up the number corresponding to every kind of parameter type of described every kind of parameter;
Second determines subelement, for number corresponding to every kind of parameter type according to described every kind of parameter, determines the legal parameters type of described every kind of parameter;
Wherein, described second determines that subelement comprises:
Whether the second judgment sub-unit, exceed the second predetermined threshold value for the number of every kind of parameter type judging described every kind of parameter; If so, trigger the 3rd unit that bears fruit;
The 3rd unit that bears fruit, for being defined as this kind of parameter type the legal parameters type of this kind of parameter.
Said apparatus, preferred, described three sigma rule item generation unit comprises:
The 3rd judgment sub-unit, for judging the attribute of parameter value of described every kind of parameter, wherein, described attribute is character or numerical value;
The 4th unit that bears fruit, if be character for described attribute, adds up the character length scope of the parameter value of described character attibute;
The 5th unit that bears fruit, if be numerical value for described attribute, adds up the number range of the parameter value of described numerical attribute.
Said apparatus, preferred, also comprise:
Receiving element, the subsequent request packet sending to described server for receiving user;
The first judging unit, for judging whether the described target url field of described subsequent request packet includes the first parameter that attribute is indispensable parameter; If so, trigger the second judging unit; If not, trigger the first result unit.
Whether the second judging unit is corresponding legal parameters type for the parameter type that judges described the first parameter; If so, trigger the 3rd judging unit; If not, trigger the first result unit;
Whether the 3rd judging unit, meet corresponding data area for the parameter value that judges described the first parameter, if so, triggers the 4th judging unit; If not, trigger the first result unit;
The 4th judging unit, for judging whether the described target url field of described subsequent request packet includes the second parameter that described attribute is non-indispensable parameter; If so, trigger the 5th judging unit;
The first result unit, for deleting described subsequent request packet;
Whether the 5th judging unit is corresponding legal parameters type for the parameter type that judges described the second parameter; If so, trigger the 6th judging unit, if not, trigger the first result unit;
Whether the 6th judging unit, meet corresponding data area for the parameter value that judges described the second parameter; If so, trigger the second result unit; If not, trigger the first result unit;
The second result unit, for sending described subsequent request packet to described server.
From above technical scheme, the application is in the time receiving rule generation instruction, parameter name, the parameter type of this parameter and the parameter value of this parameter to the parameter in target url field in the multiple request data package that send with user orientation server carry out record, according to the parameter name of parameters, add up respectively every kind of number that parameter is corresponding, and according to every kind of number that parameter is corresponding, the indispensable parameter that the attribute of determining described every kind of parameter is described target URL or the non-indispensable parameter of described target URL; Add up the number corresponding to every kind of parameter type of described every kind of parameter, and according to the number corresponding to every kind of parameter type of described every kind of parameter, determine the legal parameters type of described every kind of parameter; Add up the data area of the parameter value of described every kind of parameter; Can combine corresponding the data area of described every kind of parameter and attribute, the legal parameters type of described every kind of parameter and the parameter value of described every kind of parameter, and then the generation protection rule corresponding with described target URL.
Brief description of the drawings
In order to be illustrated more clearly in the technical scheme in the embodiment of the present application, below the accompanying drawing of required use during embodiment is described is briefly described, apparently, accompanying drawing in the following describes is only some embodiment of the application, for those of ordinary skill in the art, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
A kind of flow chart that protects an embodiment of rule generating method that Fig. 1 provides for the application;
A kind of part flow chart that protects the another embodiment of rule generating method that Fig. 2 provides for the application;
A kind of structural representation that protects an embodiment of regular generating apparatus that Fig. 3 provides for the application;
A kind of part-structure schematic diagram that protects the another embodiment of regular generating apparatus that Fig. 4 provides for the application.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present application, the technical scheme in the embodiment of the present application is clearly and completely described, obviously, described embodiment is only some embodiments of the present application, instead of whole embodiment. Based on the embodiment in the application, those of ordinary skill in the art are not making the every other embodiment obtaining under creative work prerequisite, all belong to the scope of the application's protection.
Refer to Fig. 1, it shows a kind of flow chart that protects an embodiment of rule generating method that the application provides, and the present embodiment can comprise:
Step 101: in the time receiving rule generation instruction, parameter name, the parameter type of described parameter and the parameter value of described parameter to the parameter in target url field in the multiple request data package that send with user orientation server carry out record, until described recording process meets preset recording termination condition.
Wherein, it is that the rule that configuration person sends generates instruction that described rule generates instruction, when configuration person need to generate protection rule, can send described rule and generate instruction. In the time receiving described rule generation instruction, obtain the request data package sending with user orientation server, and the parameter information of the parameter in the target url field of described request packet is carried out to record, until described recording process meets preset recording termination condition.
It should be noted that, user sends multiple request data package to described server, in each described request packet, include a url field, wherein, the url field comprising in described each request data package can be identical, also can be different, corresponding at least one url field of described multiple request data package. Described target url field in this step is any one url field, for example, http://video.sina.com.cn/sports/ show=original, the protection generating in step 104 rule is corresponding with this target url field. Certainly, this step is the explanation to the corresponding protection of a kind of url field (target url field) rule generating method just, and the method is equally applicable to the url field of other kinds corresponding in described multiple request data package.
Wherein, described record end condition can be Preset Time length, can be preset times threshold value, can be also both combinations.
If described record end condition is Preset Time length,, in the time receiving described rule generation instruction, record duration, in the time that the duration of record meets described Preset Time length, determine that described recording process meets described record end condition.
If described record end condition is preset times threshold value, in the time receiving described rule generation instruction, default number of times parameter is set to 0, often get a request data package, described number of times parameter is added to 1, in the time that the value of described number of times parameter meets described preset times threshold value, determine that described recording process meets described record end condition.
If described record end condition is Preset Time length or preset times threshold value, in the time receiving described rule generation instruction, record duration, default number of times parameter is set to 0 simultaneously, often get a request data package, described number of times parameter is added to 1, when the value that reaches described Preset Time length or described number of times parameter when described duration reaches described preset times threshold value, determine that described recording process meets described record end condition.
It should be noted that, in described recording process, can receive multiple request data package that user sends to described server, the parameter in the described target url field of described request packet can be one, can be also multiple.
Described recording process, need to record parameter name, the parameter type of parameter and the parameter value of parameter of the parameter in the described target url field of described multiple request data package. Wherein, the parameter type of described parameter can comprise, character string, numerical value, telephone number, postcode, identification card number etc. For example, the parameter name of record, parameter type and parameter value are respectively: name, character string, Zhang San; Age, numerical value, 14; Code, postcode, 072450.
Wherein, definite mode of described parameter type, can be to determine according to the regular expression set setting in advance, compare by described parameter value and described various regular expression, if meet certain regular expression, the parameter type described regular expression being represented is defined as the parameter type of described parameter. For example, the multiple regular expressions such as character string, numerical value, identification card number, postcode have been set in advance. It should be noted that, the set of described regular expression can be pre-configured by configuration person, receive configuration-direct and regular expression data, wherein, in described configuration-direct, include the mark of regular expression, the data of described configuration regular expression are generated and identify corresponding regular expression with described regular expression.
Step 102: according to the parameter name of parameters, add up every kind of number that parameter is corresponding; According to number corresponding to described every kind of parameter, determine the attribute of described every kind of parameter; Wherein, the indispensable parameter that described attribute is described target URL or the non-indispensable parameter of described target URL.
Wherein, the parameter in described step 101 in the described target URL of record is multiple, it should be noted that the number that every kind of parameter of described statistics is corresponding is based on the parameter name of described parameters. For example, name is a kind of parameter, and age is a kind of parameter, adds up the number of described name, can obtain number corresponding to described name parameter, and the number of adding up described age can obtain number corresponding to described age parameter.
Wherein, according to number corresponding to every kind of parameter in described target URL, determine the attribute of described every kind of parameter. Described deterministic process, can be including but not limited to following several modes:
The one, number corresponding described every kind of parameter and a certain default number threshold value are compared, if exceed described default number threshold value, this kind of parameter is defined as to the indispensable parameter of described target URL, otherwise, this kind of parameter is defined as to the non-indispensable parameter of described target URL, for example, default number threshold value is 100, if the number of name exceedes 100 in described target URL, name is defined as to the indispensable parameter of described target URL.
Another is total number of adding up in advance target URL described in the multiple request data package that receive, by number corresponding described every kind of parameter and the total number of the described target URL acquisition ratio of comparing, if described ratio exceedes a certain default ratio threshold value, this kind of parameter is defined as to the indispensable parameter of described target URL, otherwise, this kind of parameter is defined as to the non-indispensable parameter of described target URL, for example, default ratio threshold value is 90%, if all parameters of the described target URL of record are 1000, the number of name is 800, name is defined as to the non-indispensable parameter of described target URL.
Another is total number of adding up in advance target URL described in the multiple request data package that receive, described total number is deducted to number corresponding to described every kind of parameter, obtain disappearance number corresponding to described every kind of parameter, disappearance number corresponding described every kind of parameter and the total number of described target URL are compared, obtain disappearance ratio corresponding to described every kind of parameter, described disappearance ratio and default disappearance ratio threshold value are compared, if described disappearance ratio is in described disappearance ratio threshold range, this kind of parameter is defined as to the indispensable parameter of described target URL, otherwise, this kind of parameter is defined as to the non-indispensable parameter of described target URL.
Step 103: the number corresponding to every kind of parameter type of adding up described every kind of parameter; According to the number corresponding to every kind of parameter type of described every kind of parameter, determine the legal parameters type of described every kind of parameter.
Wherein, in described step 101, the parameter of record is multiple, and the parameter type corresponding to every kind of parameter of record can be a kind of, also can be multiple, add up number corresponding to described every kind of parameter type, according to described parameters, determine that certain parameter type is the legal parameters type of this kind of parameter. For example, in described step 101, the parameter type corresponding to described name of record comprises character string type, value type, in described character string and numerical parameter type, according to character string and number corresponding to value type, determine the corresponding legal parameters type of name, as described in legal parameters type be character string.
The mode of described deterministic process, number corresponding described every kind of parameter type and a certain default number threshold value can be compared, also can be by the number of all parameter types of number corresponding described every kind of parameter type and the record acquisition ratio of comparing, by described ratio and a certain default ratio threshold value, detailed process refers to the deterministic process of parameter attribute in step 102, does not repeat at this.
Step 104: the data area of adding up the parameter value of described every kind of parameter.
The equal corresponding multiple parameter values of described every kind of parameter, according to described parameters value, can determine the data area of described every kind of parameter. Wherein, described data area can be the magnitude range of data value, can be the length range of character string. For example, the data area of the parameter value of described name parameter is 5 to 20 character lengths.
Step 105: by corresponding the data area of described every kind of parameter and attribute, the legal parameters type of described every kind of parameter and the parameter value of described every kind of parameter combination, generate the protection rule corresponding with described target URL.
Wherein, the parameter that records described target URL in step 101 has multiple, for example name parameter, age parameter, tel parameter. By corresponding the data area of attribute, the legal parameters type of described every kind of parameter and the parameter value of described every kind of parameter of described every kind of parameter and correspondence thereof combination, as each record in the protection rule of described target URL.
For example, the indispensable parameter that the attribute of name is described target URL, the legal parameters type of described name is character string, the data area of described name is 5 to 20 character lengths; The attribute of age is the non-indispensable parameter of described target URL, and the legal parameters type of described age is numerical value, and the data area of described age is 7 to 58; The attribute of tel is the non-indispensable parameter of described target URL, and the legal parameters type of described tel is character string, and the data area of described tel is 7 to 11.
Wherein, the regular preservation form of described protection can be the form of tables of data, can be also the form of text, and certainly, the regular preservation form of described protection is including but not limited to above-mentioned two kinds of forms. Described protection rule is corresponding with described target URL, can and the mark of described target URL be set up to corresponding relation by mark regular described protection.
It should be noted that, described step 102,103 and 104 steps can be that order is carried out successively, can be maybe that both carry out simultaneously arbitrarily, can be also that three carries out simultaneously.
In the present embodiment, in the time receiving rule generation instruction, parameter name, the parameter type of this parameter and the parameter value of this parameter to the parameter in the target url field of the multiple request data package that send with user orientation server carry out record, according to the parameter name of parameters, add up respectively every kind of number that parameter is corresponding, and according to every kind of number that parameter is corresponding, the indispensable parameter that the attribute of determining described every kind of parameter is described target URL or the non-indispensable parameter of described target URL; Add up the number corresponding to every kind of parameter type of described every kind of parameter, and according to the number corresponding to every kind of parameter type of described every kind of parameter, determine the legal parameters type of described every kind of parameter; Add up the data area of the parameter value of described every kind of parameter; Can combine corresponding the data area of described every kind of parameter and attribute, the legal parameters type of described every kind of parameter and the parameter value of described every kind of parameter, and then the generation protection rule corresponding with described target URL.
Above-described embodiment can be applied to server, also can be applied to the third party device outside user and server, for example, above-described embodiment is configured in apache configuration file, starts apache, above-described embodiment can be loaded in apache. In addition, in above-described embodiment, need to utilize to lock and internal memory technology of sharing, to solve the problem of mutual exclusion that locks when multi-process and the same computer resource of multi-thread access.
On the basis of a upper embodiment, in described recording process, also comprise: total number of target URL described in multiple request data package that statistics receives, in the step 102 in above-described embodiment according to number corresponding to described every kind of parameter, determine the attribute of described every kind of parameter, can realize in the following manner:
According to total number and number corresponding to described every kind of parameter of described target URL, obtain disappearance ratio corresponding to described every kind of parameter, and judge whether the disappearance ratio of described every kind of parameter does not exceed the first predetermined threshold value; If so, this kind of parameter is defined as to indispensable parameter; Otherwise, this kind of parameter is defined as to non-indispensable parameter.
Wherein, total number of described target URL is deducted to number corresponding to described every kind of parameter, can obtain disappearance number corresponding to described every kind of parameter, total number of described every kind of parameter corresponding disappearance number and described target URL is carried out to ratio calculation, obtain disappearance ratio corresponding to described every kind of parameter. For example, total number of described target URL is that the number of 1000, name parameter is 800, and the disappearance ratio of name parameter is 20%.
Wherein, described deterministic process loops, and compares respectively by disappearance ratio and described first predetermined threshold value of described every kind of parameter, obtains attribute corresponding to described every kind of parameter.
It should be noted that, described the first predetermined threshold value can be one, and the number of every kind of parameter is all compared with described the first predetermined threshold value. In addition, described the first predetermined threshold value can be the fixed numbers setting in advance, and can be also the instruction that arranges that receives configuration person, and wherein, described setting in instruction includes numerical value, and described numerical value is set to described the first predetermined threshold value.
Carry out determining of parameter attribute value according to described the first predetermined threshold value and every kind of disappearance ratio corresponding to parameter, for example, the first predetermined threshold value is 10%, if the disappearance ratio of name parameter is 20%, the non-indispensable parameter that described name is described target URL, if the disappearance ratio of tel parameter is 4%, the indispensable parameter that described tel is described target URL.
Described definite mode can be, sets in advance the corresponding relation of each mark and described various attributes, and various parameters are set up to corresponding relation with certain mark respectively, can realize with described mandatory-attribute and set up corresponding relation. For example, the indispensable parameter of the corresponding described target URL of A mark, the non-indispensable parameter of the corresponding described target URL of B mark, parameter and described A mark are set up to corresponding relation, this kind of parameter is confirmed as the indispensable parameter of described target URL, parameter and described B mark is set up to corresponding relation, and this kind of parameter is confirmed as the non-indispensable parameter of described target URL.
In step 103 in above-described embodiment according to number corresponding to every kind of parameter type of described every kind of parameter, determine the legal parameters type of described every kind of parameter, can realize in the following manner:
Whether the number that judges every kind of parameter type of described every kind of parameter exceedes the second predetermined threshold value; If so, this kind of parameter type is defined as to the legal parameters type of this kind of parameter.
It should be noted that, in described step 101, the kind of the described parameter of record is multiple, for example, and name parameter, age parameter, tel parameter. Every kind of parameter type corresponding to parameter can be a kind of, also can be multiple, for example, the parameter type that described name is corresponding has respectively character string, numerical value, and the parameter type that described age is corresponding has numerical value, parameter type that described tel is corresponding to have telephone number, character string, numerical value. According to the number of described every kind of parameter type, described a kind of or described certain parameter in multiple is defined as to the legal parameters type of this kind of parameter.
Wherein, described deterministic process loops, judge that whether all parameter types corresponding to all parameters that in above-described embodiment, step 101 records exceed respectively the second predetermined threshold value, determine according to judged result the legal parameters type that described every kind of parameter is corresponding.
For example, in described step 101, name parameter, age parameter, the tel parameter of record, need determine respectively the legal parameters type that name is corresponding, the legal parameters type that the legal parameters type that age is corresponding and tel are corresponding. Described the first predetermined threshold value is 700, and the parameter type that described name is corresponding comprises character string and numerical value, and wherein, the number of described character string is 900, and the number of described numerical value is 100, and the legal parameters type of described name is character string; The parameter type that described age is corresponding comprises that corresponding parameter type comprises numerical value, and wherein, the number of described numerical value is 800, and the legal parameters type of described age is numerical value; The parameter type that described tel is corresponding comprises telephone number, character string, numerical value, and wherein, the number of described telephone number is 900, and the number of described numerical value is 50, and the number of described numerical value is 50, and the legal parameters type of described tel is telephone number.
It should be noted that, described the second predetermined threshold value can be one, and the number of every kind of parameter type is all compared with described the second predetermined threshold value. In addition, described the second predetermined threshold value can be the fixed numbers setting in advance, and can be also the instruction that arranges that receives configuration person, and wherein, described setting in instruction includes numerical value, and described numerical value is set to described the second predetermined threshold value.
Step 104 in above-described embodiment can realize in the following manner:
Judge the attribute of the parameter value of described every kind of parameter, wherein, described attribute is character or numerical value; If described attribute is character, add up the character length scope of the parameter value of described character attibute; If described attribute is numerical value, add up the number range of the parameter value of described numerical attribute.
Wherein, described every kind of parameter comprises multiple parameter values, and for example, the parameter value of age parameter can comprise 7,29,34,58, and the attribute of described parameters value is numerical value, the number range of adding up the parameter value of described numerical attribute, and described number range is 7 to 58; The parameter value of tel parameter can comprise 8302452,13702942083,0107385229, and the type of described parameter is character string, adds up the character length scope of the parameter value of described string attribute, and described character length scope is 7 to 11.
Certainly, it is multiple that every kind of parameter value corresponding to parameter has, and the attribute of the parameter value of described parameter can comprise two kinds of character and numerical value, the character length scope of both having added up the parameter value of character attibute, and the number range of the parameter value of statistic attribute.
Refer to Fig. 2, it shows a kind of part flow chart that protects the another embodiment of rule generating method that the application provides, and the present embodiment can comprise:
Step 201: receive the subsequent request packet that user sends to described server.
Described subsequent request packet refers to the request data package sending after the request data package receiving in above-described embodiment step 101, and the described request packet receiving in described step 101 is for generating described protection rule. Whether the subsequent request packet that this step utilizes the protection rule of described generation to send to described server to user is the judgement of legal data packet.
Wherein, described subsequent request packet is the request data package that the request data package in step 101 sends afterwards.
User sends subsequent request packet to described server, is sent to before described server at described subsequent request packet, receives this subsequent request packet.
Step 202: judge in the described target url field of described subsequent request packet whether include the first parameter that attribute is indispensable parameter; If so, perform step 203, if not, execution step 208.
In above-described embodiment step 102, definite parameter comprises the parameter of indispensable parameter attribute. Obtain the parameters in the described target url field of described subsequent request packet, judge in described parameter, whether to include the first parameter that attribute is indispensable parameter. For example, the first parameter that the attribute in above-described embodiment step 105 is indispensable parameter is name, age, if the parameter in the subsequent request packet receiving in step 201 is tel, code, does not include described the first parameter, performs step 206; If the parameter in the subsequent request packet receiving in step 201 is name, tel, include described the first parameter, perform step 203.
Step 203: whether the parameter type that judges described the first parameter is corresponding legal parameters type; If so, perform step 204; If not, execution step 208.
Obtain described the first parameter, and obtain the parameter type of described the first parameter, judge that whether described parameter type is the legal parameter type of this first parameter of determining in above-described embodiment step 103. For example, described the first parameter is name, and the legal parameters type of the described name determining in above-described embodiment step 103 is character string; If parameter type corresponding to name parameter in the described subsequent request packet in step 201 is numerical value, perform step 208; If parameter type corresponding to name parameter in the described subsequent request packet in step 201 is character string, perform step 204.
Step 204: whether the parameter value that judges described the first parameter meets corresponding data area, if so, performs step 205; If not, execution step 208.
Obtain parameter value corresponding to described the first parameter, judge whether described parameter value meets the data area corresponding to parameter value of this parameter of determining in above-described embodiment step 104. For example, described the first parameter is name, and the data area of the described name determining in above-described embodiment step 104 is 5 to 20; If the numerical value of the name parameter in the described subsequent request packet in step 201 is abc, the length of described character string is 3, and does not meet described data area, performs step 206; If the numerical value of the name parameter in the described subsequent request packet in step 201 is zhangsan, the length of described character string is 8, meets described data area, performs step 205.
Step 205: judge in the described target url field of described subsequent request packet whether include the second parameter that described attribute is non-indispensable parameter; If so, perform step 206.
In above-described embodiment step 102, definite parameter comprises the parameter of non-indispensable parameter attribute. Obtain the parameters in the described target url field of described subsequent request packet, judge in described parameter, whether to include the second parameter that attribute is non-indispensable parameter. For example, the second parameter that the attribute in above-described embodiment step 105 is non-indispensable parameter is tel, code, if the parameter in the subsequent request packet receiving in step 201 is tel, code, includes described the second parameter, performs step 206.
Step 206: whether the parameter type that judges described the second parameter is corresponding legal parameters type; If so, perform step 207; If not, execution step 208.
Step 207: whether the parameter value that judges described the first parameter meets corresponding data area; If so, perform step 209; If not, execution step 208.
Step 208: delete described subsequent request packet.
Step 209: described subsequent request packet is sent to described server.
It should be noted that, above-mentioned steps 202 to 204 is not limited thereto with step 205 to 207 execution sequence, can first perform step 205 to 207 judgement, then perform step 202 to 204 judgement.
In the present embodiment, the subsequent request packet that the protection rule that in application above-described embodiment, step 105 generates sends to server to user detects, delete not meeting the regular packet of described protection, send to described server meeting the regular packet of described protection, realized the monitoring object to packet according to described protection rule.
Refer to Fig. 3, it shows a kind of structural representation that protects an embodiment of regular generating apparatus that the application provides, and the present embodiment can comprise: record cell 301, the first regularization term generation unit 302, Second Rule item generation unit 303, three sigma rule item generation unit 304 and regular generation unit 305. Wherein:
Described record cell 301, for in the time receiving rule generation instruction, parameter name, the parameter type of described parameter and the parameter value of described parameter to the parameter in the target url field of the multiple request data package that send with user orientation server carry out record, until described recording process meets preset recording termination condition.
Wherein, it is that the rule that configuration person sends generates instruction that described rule generates instruction, when configuration person need to generate protection rule, can send described rule to described record cell 301 and generate instruction. Described record cell 301 is in the time receiving described rule generation instruction, obtain the request data package sending with user orientation server, and the parameter information of the parameter in the described target url field of described request packet is carried out to record, until described recording process meets preset recording termination condition.
It should be noted that, user sends multiple request data package to described server, in each described request packet, include a url field, wherein, the url field comprising in described each request data package can be identical, also can be different, corresponding at least one url field of described multiple request data package. Described target url field in this step is any one url field, for example, http://video.sina.com.cn/sports/ show=original, the protection generating in step 104 rule is corresponding with this target url field. Certainly, the just explanation to the corresponding protection of a kind of url field (target url field) rule generating method of described record cell 301, this record cell 301 is applicable to the url field of other kinds corresponding in described multiple request data package.
Wherein, described record end condition can be Preset Time length, can be preset times threshold value, can be also both combinations.
If described record end condition is Preset Time length, described record cell 301, in the time receiving described rule generation instruction, records duration, in the time that the duration of record meets described Preset Time length, determines that described recording process meets described record end condition.
If described record end condition is preset times threshold value, described record cell 301 is in the time receiving described rule generation instruction, default number of times parameter is set to 0, often get a request data package, described number of times parameter is added to 1, in the time that the value of described number of times parameter meets described preset times threshold value, determine that described recording process meets described record end condition.
If described record end condition is Preset Time length or preset times threshold value, in the time that described record cell 301 receives described rule generation instruction, record duration, default number of times parameter is set to 0 simultaneously, often get a request data package, described number of times parameter is added to 1, when the value that reaches described Preset Time length or described number of times parameter when described duration reaches described preset times threshold value, determine that described recording process meets described record end condition.
It should be noted that, in described record cell 301 recording process, can receive multiple request data package that user sends to described server, the parameter in the described target url field of described request packet can be one, can be also multiple.
Described record cell 301 recording process, need to record parameter name, the parameter type of parameter and the parameter value of parameter of the parameter in the described target url field of described multiple request data package. Wherein, the parameter type of described parameter can comprise, character string, numerical value, telephone number, postcode, identification card number etc. For example, the parameter name of record, parameter type and parameter value are respectively: name, character string, Zhang San; Age, numerical value, 14; Code, postcode, 072450.
Wherein, the definite mode of described record cell 301 to described parameter type, can be to determine according to the regular expression set setting in advance, compare by described parameter value and described various regular expression, if meet certain regular expression, the parameter type described regular expression being represented is defined as the parameter type of described parameter. For example, the multiple regular expressions such as character string, numerical value, identification card number, postcode have been set in advance. It should be noted that, the set of described regular expression can be pre-configured by configuration person, receive configuration-direct and regular expression data, wherein, in described configuration-direct, include the mark of regular expression, the data of described configuration regular expression are generated and identify corresponding regular expression with described regular expression.
Described the first regularization term generation unit 302, for the parameter name according to parameters, adds up every kind of number that parameter is corresponding; According to number corresponding to described every kind of parameter, determine the attribute of described every kind of parameter; Wherein, described attribute is indispensable parameter or non-indispensable parameter.
Wherein, the described parameter that described record cell 301 records is multiple, it should be noted that, described the first regularization term generation unit 302 is added up every kind of number that parameter is corresponding, is based on the parameter name of described parameters. For example, name is a kind of parameter, and age is a kind of parameter, adds up the number of described name, can obtain number corresponding to described name parameter, and the number of adding up described age can obtain number corresponding to described age parameter.
Wherein, described the first regularization term generation unit 302, according to number corresponding to every kind of parameter in described target URL, is determined the attribute of described every kind of parameter. The deterministic process of described the first regularization term generation unit 302, can be including but not limited to following several modes:
The one, number corresponding described every kind of parameter and a certain default number threshold value are compared, if exceed described default number threshold value, this kind of parameter is defined as to the indispensable parameter of described target URL, otherwise, this kind of parameter is defined as to the non-indispensable parameter of described target URL, for example, default number threshold value is 100, if the number of name exceedes 100 in described target URL, name is defined as to the indispensable parameter of described target URL.
Another is total number of adding up in advance target URL described in the multiple request data package that receive, by number corresponding described every kind of parameter and the total number of the described target URL acquisition ratio of comparing, if described ratio exceedes a certain default ratio threshold value, this kind of parameter is defined as to the indispensable parameter of described target URL, otherwise, this kind of parameter is defined as to the non-indispensable parameter of described target URL, for example, default ratio threshold value is 90%, if all parameters of the described target URL of record are 1000, the number of name is 800, name is defined as to the non-indispensable parameter of described target URL.
Another is total number of adding up in advance target URL described in the multiple request data package that receive, described total number is deducted to number corresponding to described every kind of parameter, obtain disappearance number corresponding to described every kind of parameter, disappearance number corresponding described every kind of parameter and the total number of described target URL are compared, obtain disappearance ratio corresponding to described every kind of parameter, described disappearance ratio and default disappearance ratio threshold value are compared, if described disappearance ratio is in described disappearance ratio threshold range, this kind of parameter is defined as to the indispensable parameter of described target URL, otherwise, this kind of parameter is defined as to the non-indispensable parameter of described target URL.
Described Second Rule item generation unit 303, for adding up the number corresponding to every kind of parameter type of described every kind of parameter; According to the number corresponding to every kind of parameter type of described every kind of parameter, determine the legal parameters type of described every kind of parameter.
Wherein, the parameter that described record cell 301 records is multiple, the parameter type corresponding to every kind of parameter of record can be a kind of, also can be multiple, described Second Rule item generation unit 303 is added up number corresponding to described every kind of parameter type, according to described parameters, determine that certain parameter type is the legal parameters type of this kind of parameter. For example, parameter type corresponding to described name that described record cell 301 records comprises character string type, value type, described Second Rule item generation unit 303 is in described character string and numerical parameter type, according to character string and number corresponding to value type, determine the corresponding legal parameters type of name, as described in legal parameters type be character string.
The mode of described Second Rule item generation unit 303 deterministic processes, number corresponding described every kind of parameter type and a certain default number threshold value can be compared, also can be by the number of all parameter types of number corresponding described every kind of parameter type and the record acquisition ratio of comparing, by described ratio and a certain default ratio threshold value, detailed process is asked the deterministic process of described the first regularization term generation unit 302 parameter attributes, does not repeat at this.
Described three sigma rule item generation unit 304, for adding up the data area of parameter value of described every kind of parameter.
The equal corresponding multiple parameter values of described every kind of parameter, described three sigma rule item generation unit 304, according to described parameters value, can be determined the data area of described every kind of parameter. Wherein, described data area can be the magnitude range of data value, can be the length range of character string. For example, the data area of the parameter value of described name parameter is 5 to 20 character lengths.
Described regular generation unit 305, for by corresponding the data area of described every kind of parameter and attribute, the legal parameters type of described every kind of parameter and the parameter value of described every kind of parameter combination, generates the protection rule corresponding with described target URL.
Wherein, the parameter that record cell 301 records described target URL has multiple, for example name parameter, age parameter, tel parameter. By corresponding the data area of attribute, the legal parameters type of described every kind of parameter and the parameter value of described every kind of parameter of described every kind of parameter and correspondence thereof combination, as each record in the protection rule of described target URL.
For example, the indispensable parameter that the attribute of name is described target URL, the legal parameters type of described name is character string, the data area of described name is 5 to 20 character lengths; The attribute of age is the non-indispensable parameter of described target URL, and the legal parameters type of described age is numerical value, and the data area of described age is 7 to 58; The attribute of tel is the non-indispensable parameter of described target URL, and the legal parameters type of described tel is character string, and the data area of described tel is 7 to 11.
Wherein, the regular preservation form of described protection can be the form of tables of data, can be also the form of text, and certainly, the regular preservation form of described protection is including but not limited to above-mentioned two kinds of forms. Described protection rule is corresponding with described server, can and the mark of described server be set up to corresponding relation by mark regular described protection.
It should be noted that, the connected mode of described unit 302,303 and 304 is not limited to aforesaid way, can be that three is connected with unit 301 simultaneously. If above-mentioned connected mode, three's execution that is triggered successively; If described three is connected with unit 301 simultaneously, can be that both are triggered execution simultaneously arbitrarily, can be also three is triggered execution simultaneously.
In the present embodiment, in the time receiving rule generation instruction, parameter name, the parameter type of this parameter and the parameter value of this parameter to the parameter in the target url field of the multiple request data package that send with user orientation server carry out record, according to the parameter name of parameters, add up respectively every kind of number that parameter is corresponding, and according to every kind of number that parameter is corresponding, the indispensable parameter that the attribute of determining described every kind of parameter is described target URL or the non-indispensable parameter of described target URL; Add up the number corresponding to every kind of parameter type of described every kind of parameter, and according to the number corresponding to every kind of parameter type of described every kind of parameter, determine the legal parameters type of described every kind of parameter; Add up the data area of the parameter value of described every kind of parameter; Can combine corresponding the data area of described every kind of parameter and attribute, the legal parameters type of described every kind of parameter and the parameter value of described every kind of parameter, and then the generation protection rule corresponding with described target URL.
Above-described embodiment can be applied to server, also can be applied to the third party device outside user and server, for example, above-described embodiment is configured in apache configuration file, starts apache, above-described embodiment can be loaded in apache. In addition, in above-described embodiment, need to utilize to lock and internal memory technology of sharing, to solve the problem of mutual exclusion that locks when multi-process and the same computer resource of multi-thread access.
On the basis of said apparatus embodiment, also comprise: statistic unit; Described statistic unit, for adding up the total number of target URL described in the multiple request data package that receive;
Described the first regularization term generation unit 302 can be realized in the following manner: the first statistics subelement, first is determined subelement;
Described the first statistics subelement, for the parameter name according to parameters, adds up every kind of number that parameter is corresponding;
Described first determines subelement, for according to number corresponding to described every kind of parameter, determines the attribute of described every kind of parameter;
Wherein, described first determines that subelement comprises: the first judgment sub-unit, first unit that bears fruit, unit and second that bears fruit. Wherein:
Described the first judgment sub-unit, for total number and number corresponding to described every kind of parameter according to described target URL, obtains disappearance ratio corresponding to described every kind of parameter, and judges whether the disappearance ratio of described every kind of parameter does not exceed the first predetermined threshold value; If so, trigger first unit that bears fruit; Otherwise, trigger second unit that bears fruit;
Described first unit that bears fruit, for being defined as indispensable parameter by this kind of parameter;
Described second unit that bears fruit, for being defined as this kind of parameter non-indispensable parameter.
The present embodiment is carried out the corresponding function in above-mentioned the second embodiment of the method, illustrates and refers to the method embodiment, does not repeat at this.
Second Rule item generation unit 303 in said apparatus embodiment can be realized in the following manner: the second statistics subelement and second is determined subelement; Wherein:
Described the second statistics subelement, for adding up the number corresponding to every kind of parameter type of described every kind of parameter;
Described second determines subelement, for number corresponding to every kind of parameter type according to described every kind of parameter, determines the legal parameters type of described every kind of parameter;
Wherein, described second determines that subelement comprises: the second judgment sub-unit and the 3rd unit that bears fruit. Wherein:
Whether described the second judgment sub-unit, exceed the second predetermined threshold value for the number of every kind of parameter type judging described every kind of parameter; If so, trigger the 3rd unit that bears fruit;
The described the 3rd unit that bears fruit, for being defined as this kind of parameter type the legal parameters type of this kind of parameter.
The present embodiment is carried out the corresponding function in above-mentioned third method embodiment, illustrates and refers to the method embodiment, does not repeat at this.
Three sigma rule item generation unit 304 in said apparatus embodiment can be realized in the following manner: the 3rd judgment sub-unit, the 4th unit that bears fruit, unit and the 5th that bears fruit. Wherein:
Described the 3rd judgment sub-unit, for judging the attribute of parameter value of described every kind of parameter, wherein, described attribute is character or numerical value;
The described the 4th unit that bears fruit, if be character for described attribute, adds up the character length scope of the parameter value of described character attibute;
The described the 5th unit that bears fruit, if be numerical value for described attribute, adds up the number range of the parameter value of described numerical attribute.
The present embodiment is carried out the corresponding function in above-mentioned the 4th embodiment of the method, illustrates and refers to the method embodiment, does not repeat at this.
Refer to Fig. 4, it shows the part-structure schematic diagram of the another embodiment of a kind of regular generating apparatus that the application provides, and the present embodiment can comprise:
Receiving element 401, the subsequent request packet sending to described server for receiving user.
Wherein, described receiving element 401 is connected with described regular generation unit 305, receive the subsequent request packet that user sends to described server, and the rule that this subsequent request packet and described regular generation unit 305 are generated compares, the monitoring of realization to described subsequent request packet.
The first judging unit 402, for judging whether the described target url field of described subsequent request packet includes the first parameter that attribute is indispensable parameter; If so, trigger the second judging unit 403; If not, trigger the first result unit 408.
Whether the second judging unit 403 is corresponding legal parameters type for the parameter type that judges described the first parameter; If so, trigger the 3rd judging unit 404; If not, trigger the first result unit 408;
Whether the 3rd judging unit 404, meet corresponding data area for the parameter value that judges described the first parameter, if so, triggers the 4th judging unit 405; If not, trigger the first result unit 408;
The 4th judging unit 405, for judging whether the described target url field of described subsequent request packet includes the second parameter that described attribute is non-indispensable parameter; If so, trigger the 5th judging unit 406;
Whether the 5th judging unit 406 is corresponding legal parameters type for the parameter type that judges described the second parameter; If so, trigger the 6th judging unit 407, if not, trigger the first result unit 408;
Whether the 6th judging unit 407, meet corresponding data area for the parameter value that judges described the second parameter; If so, trigger the second result unit 409; If not, trigger the first result unit 408;
The first result unit 408, for deleting described subsequent request packet;
The second result unit 409, for sending described subsequent request packet to described server.
The present embodiment is carried out the corresponding function in above-mentioned the 5th embodiment of the method, illustrates and refers to the method embodiment, does not repeat at this.
It should be noted that, each embodiment in this description all adopts the mode of going forward one by one to describe, and what each embodiment stressed is and the difference of other embodiment, between each embodiment identical similar part mutually referring to.
A kind ofly protect regular generation method and device and be described in detail provided by the present invention above, to the above-mentioned explanation of the disclosed embodiments, make professional and technical personnel in the field can realize or use the present invention. To be apparent for those skilled in the art to the multiple amendment of these embodiment, General Principle as defined herein can, in the situation that not departing from the spirit or scope of the present invention, realize in other embodiments. Therefore, the present invention will can not be restricted to these embodiment shown in this article, but will meet the widest scope consistent with principle disclosed herein and features of novelty.
Claims (10)
1. a protection rule generating method, is characterized in that, described method comprises:
In the time receiving rule generation instruction, in the multiple request data package that send with user orientation serverThe parameter name of the parameter in target url field, the parameter type of described parameter and described parameterParameter value carries out record, until described recording process meets preset recording termination condition;
According to the parameter name of parameters, add up every kind of number that parameter is corresponding; According to described every kindThe number that parameter is corresponding, determines the attribute of described every kind of parameter; Wherein, described attribute is described orderThe mark indispensable parameter of URL or the non-indispensable parameter of described target URL;
Add up the number corresponding to every kind of parameter type of described every kind of parameter; The described every kind of parameter of foundationEvery kind of number that parameter type is corresponding, determines the legal parameters type of described every kind of parameter;
Add up the data area of the parameter value of described every kind of parameter;
By the legal parameters type of described every kind of parameter and attribute thereof, described every kind of parameter and described every kindThe corresponding combination of data area of the parameter value of parameter, generates the protection rule corresponding with described target URL.
2. method according to claim 1, is characterized in that, also comprises: statistics receivesMultiple request data package described in total number of target URL; Wherein, described every kind of described foundationThe number that parameter is corresponding, determine and comprise the attribute of described every kind of parameter:
According to total number and number corresponding to described every kind of parameter of described target URL, described in acquisitionEvery kind of disappearance ratio that parameter is corresponding, and judge whether the disappearance ratio of described every kind of parameter does not exceedThe first predetermined threshold value; If so, this kind of parameter is defined as to the indispensable parameter of described target URL; No, this kind of parameter is defined as to the non-indispensable parameter of described target URL.
3. method according to claim 1, is characterized in that, the described every seed ginseng of described foundationThe number corresponding to every kind of parameter type of number, determines the legal parameters type of described every kind of parameter, bagDraw together:
Whether the number that judges every kind of parameter type of described every kind of parameter exceedes the second predetermined threshold value; IfThis kind of parameter type to be defined as to the legal parameters type of this kind of parameter.
4. method according to claim 1, is characterized in that, the described every seed ginseng of described statisticsThe data area of the parameter value of number, comprising:
Judge the attribute of the parameter value of described every kind of parameter, wherein, described attribute is character or numerical value;
If described attribute is character, add up the character length scope of the parameter value of described character attibute;
If described attribute is numerical value, add up the number range of the parameter value of described numerical attribute.
5. method according to claim 1, is characterized in that, also comprises:
Receive the subsequent request packet that user sends to described server;
Judge that in the described target url field of described subsequent request packet, whether including attribute isThe first parameter of indispensable parameter;
If include attribute in the described target url field of described subsequent request packet for indispensable ginsengThe first parameter of number, judges whether the parameter type of described the first parameter is corresponding legal parameters classType; If the parameter type of described the first parameter is corresponding legal parameters type, judge described firstWhether the parameter value of parameter meets corresponding data area, if the parameter value of described the first parameter meetsWhether corresponding data area, judge in the described target url field of described subsequent request packetIncluding described attribute is the second parameter of non-indispensable parameter;
If do not include attribute in the described target url field of described subsequent request packet for indispensableThe first parameter of parameter, the parameter type of described the first parameter be not corresponding legal parameters type,Or the parameter value of described the first parameter do not meet corresponding data area, delete described subsequent request numberAccording to bag;
If it is non-including described attribute in the described target url field of described subsequent request packetThe second parameter of indispensable parameter, judges whether the parameter type of described the second parameter is the legal of correspondenceParameter type;
If the parameter type of described the second parameter is corresponding legal parameters type, judge described the second ginsengWhether the parameter value of number meets corresponding data area; If so, by described subsequent request packet toDescribed server sends; Otherwise, delete described subsequent request packet;
If the parameter type of described the second parameter is not corresponding legal parameters type, delete described follow-upRequest data package.
6. the regular generating apparatus of protection, is characterized in that, described device comprises:
Record cell is in the time receiving rule generation instruction, many to what send with user orientation serverThe parameter class of the parameter name of the parameter in individual request data package in target url field, described parameterThe parameter value of type and described parameter carries out record, finishes until described recording process meets preset recordingCondition;
The first regularization term generation unit, for the parameter name according to parameters, adds up every kind of parameterCorresponding number; According to number corresponding to described every kind of parameter, determine the attribute of described every kind of parameter;Wherein, the indispensable parameter that described attribute is described target URL or the non-indispensability of described target URLParameter;
Second Rule item generation unit is corresponding for adding up every kind of parameter type of described every kind of parameterNumber; According to the number corresponding to every kind of parameter type of described every kind of parameter, determine described every seed ginsengThe legal parameters type of number;
Three sigma rule item generation unit, for adding up the data area of parameter value of described every kind of parameter;
Rule generation unit, legal for by described every kind of parameter and attribute thereof, described every kind of parameterThe corresponding combination of data area of the parameter value of parameter type and described every kind of parameter, generates and described orderProtection rule corresponding to mark URL.
7. device according to claim 6, is characterized in that, also comprises:
Statistic unit, for adding up the total of target URL described in the multiple request data package that receiveNumber;
Described the first regularization term generation unit comprises:
The first statistics subelement, for the parameter name according to parameters, adds up every kind of parameter correspondenceNumber;
First determines subelement, for according to number corresponding to described every kind of parameter, determines described every kindThe attribute of parameter;
Wherein, described first determines that subelement comprises:
The first judgment sub-unit, for total number and described every kind of parameter according to described target URLCorresponding number, obtains disappearance ratio corresponding to described every kind of parameter, and judges described every kind of parameterDisappearance ratio whether do not exceed the first predetermined threshold value; If so, trigger first unit that bears fruit; No, trigger second unit that bears fruit;
First unit that bears fruit, for being defined as this kind of parameter the indispensable parameter of described target URL;
Second unit that bears fruit, for being defined as this kind of parameter the non-indispensable ginseng of described target URLNumber.
8. device according to claim 6, is characterized in that, described Second Rule item generatesUnit comprises:
The second statistics subelement, for add up every kind of parameter type of described every kind of parameter correspondingNumber;
Second determines subelement, for according to every kind of parameter type of described every kind of parameter correspondingCount, determine the legal parameters type of described every kind of parameter;
Wherein, described second determines that subelement comprises:
The second judgment sub-unit, for judge described every kind of parameter every kind of parameter type number whetherExceed the second predetermined threshold value; If so, trigger the 3rd unit that bears fruit;
The 3rd unit that bears fruit, for being defined as this kind of parameter type the legal parameters class of this kind of parameterType.
9. device according to claim 6, is characterized in that, described three sigma rule item generatesUnit comprises:
The 3rd judgment sub-unit, for judging the attribute of parameter value of described every kind of parameter, wherein, instituteStating attribute is character or numerical value;
The 4th unit that bears fruit, if be character for described attribute, adds up the parameter of described character attibuteThe character length scope of value;
The 5th unit that bears fruit, if be numerical value for described attribute, adds up the parameter of described numerical attributeThe number range of value.
10. device according to claim 6, is characterized in that, also comprises:
Receiving element, the subsequent request packet sending to described server for receiving user;
The first judging unit, for judging the described target url field of described subsequent request packetIn whether include the first parameter that attribute is indispensable parameter; If so, trigger the second judging unit;If not, trigger the first result unit;
Whether the second judging unit is the legal of correspondence for the parameter type that judges described the first parameterParameter type; If so, trigger the 3rd judging unit; If not, trigger the first result unit;
Whether the 3rd judging unit, meet corresponding data for the parameter value that judges described the first parameterScope, if so, triggers the 4th judging unit; If not, trigger the first result unit;
The 4th judging unit, for judging the described target url field of described subsequent request packetIn whether include the second parameter that described attribute is non-indispensable parameter; If so, trigger the 5th judgementUnit;
The first result unit, for deleting described subsequent request packet;
Whether the 5th judging unit is the legal of correspondence for the parameter type that judges described the second parameterParameter type; If so, trigger the 6th judging unit, if not, trigger the first result unit;
Whether the 6th judging unit, meet corresponding data for the parameter value that judges described the second parameterScope; If so, trigger the second result unit; If not, trigger the first result unit;
The second result unit, for sending described subsequent request packet to described server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310753750.1A CN103729594B (en) | 2013-12-31 | 2013-12-31 | A kind of protection rule generating method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310753750.1A CN103729594B (en) | 2013-12-31 | 2013-12-31 | A kind of protection rule generating method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103729594A CN103729594A (en) | 2014-04-16 |
| CN103729594B true CN103729594B (en) | 2016-05-18 |
Family
ID=50453665
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310753750.1A Active CN103729594B (en) | 2013-12-31 | 2013-12-31 | A kind of protection rule generating method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103729594B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113259303B (en) * | 2020-02-12 | 2023-01-20 | 网宿科技股份有限公司 | White list self-learning method and device based on machine learning technology |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7640589B1 (en) * | 2009-06-19 | 2009-12-29 | Kaspersky Lab, Zao | Detection and minimization of false positives in anti-malware processing |
| CN101667230A (en) * | 2008-09-02 | 2010-03-10 | 北京瑞星国际软件有限公司 | Method and device for monitoring script execution |
| CN102136051A (en) * | 2011-05-06 | 2011-07-27 | 南开大学 | Method for driving web application penetration testing by applying SGM-SQL (sage grant management-structured query language) injection model |
| CN102880830A (en) * | 2011-07-15 | 2013-01-16 | 华为软件技术有限公司 | Acquisition method and device of original test data |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101964025B (en) * | 2009-07-23 | 2016-02-03 | 北京神州绿盟信息安全科技股份有限公司 | XSS detection method and equipment |
-
2013
- 2013-12-31 CN CN201310753750.1A patent/CN103729594B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101667230A (en) * | 2008-09-02 | 2010-03-10 | 北京瑞星国际软件有限公司 | Method and device for monitoring script execution |
| US7640589B1 (en) * | 2009-06-19 | 2009-12-29 | Kaspersky Lab, Zao | Detection and minimization of false positives in anti-malware processing |
| CN102136051A (en) * | 2011-05-06 | 2011-07-27 | 南开大学 | Method for driving web application penetration testing by applying SGM-SQL (sage grant management-structured query language) injection model |
| CN102880830A (en) * | 2011-07-15 | 2013-01-16 | 华为软件技术有限公司 | Acquisition method and device of original test data |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103729594A (en) | 2014-04-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10785241B2 (en) | URL attack detection method and apparatus, and electronic device | |
| CN105825138B (en) | A kind of method and apparatus of sensitive data identification | |
| CN104361076B (en) | The abnormality eliminating method and device of browser | |
| CN106708841B (en) | The polymerization and device of website visitation path | |
| CN109344611A (en) | Access control method, terminal device and the medium of application | |
| CN103368957A (en) | Method, system, client and server for processing webpage access behavior | |
| CN113489713A (en) | Network attack detection method, device, equipment and storage medium | |
| CN103324697A (en) | Method for removing copycatting applications in android application search and based on icon contrast | |
| CN107896219A (en) | A kind of detection method, system and the relevant apparatus of website fragility | |
| CN107277019A (en) | Data clear text acquisition methods, device, electric terminal and readable storage medium storing program for executing | |
| CN107979581A (en) | The detection method and device of corpse feature | |
| CN104901962B (en) | A kind of detection method and device of web page attacks data | |
| CN106230831A (en) | A kind of method and system identifying browser uniqueness and feature of risk | |
| CN106803032A (en) | Realize method, device and client device that website fingerprint is logged in | |
| CN105653949A (en) | Malicious program detection method and device | |
| CN105205398B (en) | It is a kind of that shell side method is looked into based on APK shell adding software dynamic behaviours | |
| KR102151173B1 (en) | Method and apparatus for detecting abnormal behavior of groupware user | |
| CN103729594B (en) | A kind of protection rule generating method and device | |
| CN104125234A (en) | Method and system for dynamic image security verification | |
| CN109379389A (en) | Network attack defence method and relevant device | |
| US20180173685A1 (en) | Security-Focused Web Application Crawling | |
| CN105094810B (en) | Data processing method and device based on CGI(Common gateway interface) plug-in unit | |
| CN104778407B (en) | A kind of multidimensional is without condition code malware detection methods | |
| CN106610899B (en) | Test case generation method and device | |
| CN110222526B (en) | Method and device for safely preventing outward sending |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |