CN107612946B - IP address detection method and device and electronic equipment - Google Patents
IP address detection method and device and electronic equipment Download PDFInfo
- Publication number
- CN107612946B CN107612946B CN201711070037.1A CN201711070037A CN107612946B CN 107612946 B CN107612946 B CN 107612946B CN 201711070037 A CN201711070037 A CN 201711070037A CN 107612946 B CN107612946 B CN 107612946B
- Authority
- CN
- China
- Prior art keywords
- address
- normal
- user equipment
- detected
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention provides a detection method and a detection device of an IP address and electronic equipment. The network equipment acquires target user equipment, and the target user equipment communicates with the network equipment through the IP address to be detected; the network equipment acquires the total amount of the first user equipment, and the first user equipment is equipment which is communicated with the network equipment through the IP address to be detected and the normal IP address in the current or historical record of the network equipment. And when the total number is not less than the preset number threshold, the network equipment determines that the IP address to be detected is a normal IP address. The method can analyze the IP address to be detected by utilizing the existing credible normal IP address, and determine that the IP address to be detected is the normal IP address, thereby preventing the normal IP address from being killed by mistake.
Description
Technical Field
The present invention relates to the field of big data technology, and in particular, to a method and an apparatus for detecting an Internet Protocol (IP) address between networks, and an electronic device.
Background
In the field of big data security, the dimension of the IP address is always a dimension which is difficult to accurately evaluate, i.e. it is not easy to evaluate whether an IP address is a secure IP address from the perspective of the IP address. The traditional method for evaluating the IP address is mainly to detect the isolation of a single IP address.
However, the inventor finds that the prior art has at least the following problems in the process of implementing the invention:
the traditional IP address detection method is to analyze whether some abnormal behaviors occur to a service request sent by an IP address by counting service requests sent by user equipment using the IP address for a single IP address, where the abnormal behaviors (or malicious behaviors) may be: whether the behavior of stealing the user account number, the behavior of sending the junk mail, the behavior of spreading the virus and the like occur. That is, the conventional IP address detection method has more abnormal behavior information but lacks normal behavior information, taking the detection time of a day as an example, in the process of detecting an IP1 address used by a user equipment, a third party company detects that the IP1 address sends a spam email at 8 am, and then recognizes the IP1 address as a malicious IP address, so that the IP1 address is sealed. However, the IP1 address is normal mail sent at other times (except 8 o' clock) in the day, and it can be seen that the proportion of normal behavior of the IP1 address is high, and the IP1 address is a normal IP address without threat with a high probability, thereby causing the IP1 address to be killed by mistake. Secondly, if the service request quantity sent by the IP address is small, the behavior characteristics of the user equipment using the IP address cannot be accurately analyzed, and the behavior characteristics include abnormal behavior and normal behavior.
Therefore, the detection result of the traditional IP address detection method may be inaccurate, and the risk that the normal IP address is killed by mistake is easily caused.
Disclosure of Invention
The embodiment of the invention aims to provide a method, a device and an electronic device for detecting an IP address, so as to analyze the IP address to be detected by utilizing the existing credible normal IP address and determine that the IP address to be detected is the normal IP address, thereby preventing the normal IP address from being killed by mistake. The specific technical scheme is as follows:
in a first aspect, a method for detecting an IP address is provided, where the method may include: acquiring target user equipment, wherein the target user equipment is communicated with network equipment through an IP address to be detected; the network equipment acquires the total quantity of first user equipment, wherein the first user equipment is equipment which is communicated with the network equipment through the IP address to be detected and the normal IP address in the current or historical record of the network equipment; and when the total number is not less than the preset number threshold, the network equipment determines that the IP address to be detected is a normal IP address. The method realizes the analysis of the IP address to be detected by utilizing the existing credible normal IP address, and determines that the IP address to be detected is the normal IP address, thereby preventing the normal IP address from being killed by mistake.
In an optional example, the network device acquiring the target user equipment includes: the network equipment acquires a service request sent by second user equipment; then, an IP address used by the second user equipment carried in the service request is obtained; and when the acquired IP address is not detected, the network equipment determines the acquired IP address as the IP address to be detected and determines the second equipment as the target equipment. The method can acquire the undetected IP address to be detected used by the user equipment in real time.
In an optional example, the first user equipment is the current or the history of the network equipment, and the number of the user equipment using the normal IP address first and then using the IP address to be detected is the number of the user equipment. The method can determine the association information of the normal IP address and the IP address to be detected, so that whether the IP address to be detected is normal or not is analyzed by using the normal IP address.
In an optional example, after determining that the IP address to be detected is a normal IP address, the network device stores the detected normal IP address in a normal IP address library.
In a second aspect, there is provided a detection apparatus, which may include:
the first obtaining module is used for obtaining the identification information of the user equipment using the normal IP address.
A second obtaining module, configured to obtain a total number of first user equipment, where the first user equipment is a device that communicates with the network device through the to-be-detected IP address and the normal IP address in a current or a history of the network device;
and the address determining module is further used for determining that the IP address to be detected is a normal IP address when the total number is not less than the preset number threshold.
In an optional example, the first obtaining module is specifically configured to obtain a service request sent by the second user equipment, obtain an IP address used by the second user equipment and carried in the service request, determine, when the obtained IP address is not detected, the obtained IP address as an IP address to be detected, and determine the second device as the target device.
In an optional example, the first user equipment is the current or the history of the network equipment, and the number of the user equipment using the normal IP address first and then using the IP address to be detected is the number of the user equipment.
In an optional example, the apparatus further includes a storage module, configured to store the detected normal IP address in a normal IP address library after the address determination module determines that the IP address to be detected is a normal IP address.
In a third aspect, an electronic device is provided, which may include a processor, a communication interface, a memory, and a communication bus, where the processor, the communication interface, and the memory complete communication with each other through the communication bus;
a memory for storing a computer program;
a processor adapted to perform the method steps of any of the above first aspects when executing a program stored in the memory.
In yet another aspect of the present invention, there is also provided a computer-readable storage medium having stored therein instructions, which when run on a computer, cause the computer to execute any one of the above-described IP address detection methods.
In another aspect of the present invention, the present invention also provides a computer program product containing instructions, which when run on a computer, causes the computer to execute any of the above-mentioned IP address detection methods.
The embodiment of the invention provides a detection method and a detection device for an IP address and electronic equipment. The network equipment acquires target user equipment, and the target user equipment is communicated with the network equipment through the IP address to be detected; the network equipment acquires the total amount of the first user equipment, and the first user equipment is equipment which is communicated with the network equipment through the IP address to be detected and the normal IP address in the current or historical record of the network equipment. When the total number is not less than the preset number threshold, the network equipment determines that the IP address to be detected is the normal IP address, so that the existing normal IP address is utilized to analyze the IP address to be detected, the accuracy of identifying the normal IP address can be improved, and the normal IP address is prevented from being killed by mistake. Of course, it is not necessary for any product or method of practicing the invention to achieve all of the above-described advantages at the same time.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below.
Fig. 1 is a schematic diagram of a network system architecture according to an embodiment of the present invention;
fig. 2 is a schematic diagram of an architecture of an IP address dimension according to an embodiment of the present invention;
fig. 3 is a schematic flowchart of a method for detecting an IP address according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a system formed by a server and a user equipment according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a detection apparatus according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention.
The method for detecting an IP address provided in the embodiment of the present invention may be applied to the network system framework described in fig. 1, where the network system may include a network device and a user device. The network device and the user equipment may perform transmission of service data through a network, where the network device may be a server.
The IP address dimension refers to a tree structure formed by taking an IP address as a vertex and taking user equipment such as an individual user, a cell, or an enterprise using the IP address as branches, as shown in fig. 2. It should be noted that the leg under the IP address shown in fig. 2 may also be other types of user equipment, and the application is not limited herein. It will be appreciated that one IP address may be used by a plurality of user devices.
When an attacker (such as a hacker) who is engaged in the black industry technology attacks by using a normal IP address, the user equipment using the IP address is attacked, and the attack behavior can be abnormal behaviors such as stealing a user account, swiping volume, spreading network virus, and the like. The normal IP address is an IP address for implementing normal behavior when the normal user equipment using the IP address accesses the network. The normal IP address may be a public egress IP address, a home IP address, etc. that is considered authentic by the user equipment. The above-mentioned brushing behavior may be the traffic of the brushing website, the downloading amount of the brushing application, the brushing order amount, and so on.
However, in order to make the attack behavior proceed smoothly, most attackers will implement the attack behavior through the network with larger bandwidth, which requires the attackers to own their own private network, i.e. most attacks come from the private network, and the normal users will rarely use the private network because the normal users do not need the large bandwidth network for the used IP addresses. It can be seen that the networks used by the attacker and the normal users are clearly different.
The traditional IP address detection method is used for analyzing the abnormal behavior of a single IP address, namely the traditional IP address detection method can only collect abnormal behavior information, wherein a large number of service requests sent from the IP are needed for acquiring the abnormal behavior information, namely the abnormal behavior analysis cannot be carried out on the IP address with less service request amount. For example, when a normal user uses an application of the same server, especially when the user uses the application for multiple times in multiple days, since the application may be used in different places, multiple IP addresses are used, and if a trusted normal IP address exists in the multiple IP addresses, the rest of unknown IP addresses used by the user equipment can be regarded as normal IP addresses. Therefore, the method is not limited by the small service request quantity sent by the IP address to be detected, and can improve the accuracy of identifying the normal IP address, thereby preventing the normal IP address from being killed by mistake.
The following description will be made taking a network device as an example.
Fig. 3 is a schematic flowchart of a method for detecting an IP address according to an embodiment of the present invention. As shown in fig. 3, the execution subject of the method may be a server, and the method may include:
step 310, the server obtains the target user equipment. And the target user equipment communicates with the server through the IP address to be detected.
Before performing this step, the server builds a normal IP address library for normal IP addresses that have been determined to be authentic and stores them locally. The normal IP address repository may include at least one normal IP address.
The server marks the user equipment using the normal IP address to acquire the identification information of the user equipment, wherein the identification information can be the equipment number uniquely allocated to each user equipment by the server or the personal account number logged in by the user. That is, when the user uses any one of the normal IP addresses in the normal IP address library, the server marks the corresponding user equipment, and each user equipment has a unique piece of identification information to distinguish other user equipments. After obtaining the identification information of the user equipment, the server informs the corresponding user equipment of the identification information so that the user equipment carries the identification information in sending a service request to the server.
Taking 3 pieces of user equipment logging in the server a by using a normal IP address as an example, after the server a marks the user equipment using the normal IP address, not only the identification information (such as the equipment number) of the user equipment but also the corresponding relationship between the user equipment and the identification information is obtained. As shown in table 1:
TABLE 1
| Using normal IP addresses | User equipment name | Equipment number |
| IP1 address | User equipment 1 | 001 |
| IP2 address | User equipment 2 | 002 |
| IP1 address | User equipment 3 | 003 |
In table 1, user equipment 1 logs in to server a using IP1 address, server a marks user equipment 1 and assigns device number 001; the user equipment 2 logs in the server A by using an IP2 address, the server A marks the user equipment 2 and allocates an equipment number 002; user device 3 logs in to server a using the IP1 address, server a marks user device 3 and assigns device number 003. Therefore, the server allocates different device numbers to the user equipment according to the difference of the user equipment.
Specifically, the server may obtain a service request currently sent by the second user equipment, and obtain an IP address used by the second user equipment, where the IP address is carried in the service request; and searching a normal IP address library, determining the obtained IP address as the IP address to be detected when the IP address does not exist in the normal IP address library, namely the IP address is not detected, and determining the second equipment as the target equipment.
It should be noted that "the user equipment using the normal IP address" in the embodiment of the present invention refers to the user equipment accessing the target server through the normal IP address, where the server may be a specific server, such as a video server, and the like, such as the server in fig. 1.
In addition, the User Equipment (UE) in the embodiment of the present invention may include a handheld device, a vehicle-mounted device, a wearable device, a computing device or other processing devices connected to a wireless modem, and various forms of User Equipment, a Mobile Station (MS), a Terminal (Terminal), a Terminal device (Terminal Equipment), and the like, which have a wireless communication function. For convenience of description, in the embodiments of the present invention, it is simply referred to as user equipment or UE.
In step 320, the server obtains the total number of the first user equipments.
The first user equipment is equipment which communicates with the server through the IP address to be detected and the normal IP address in the current or historical record of the server.
The server sends the service request to the server by the user equipment according to the corresponding relation between the user equipment and the identification information, wherein the service request comprises the identification information of the user equipment and the used corresponding IP address. The server records the identification information and the IP address used by the corresponding user equipment. And counting the total number of the first user equipment corresponding to the identification information of the normal IP address and the IP address to be detected in the current or historical preset time period by the server from the recorded identification information and the used IP address of the corresponding user equipment.
Further, the first user equipment is equipment which uses the normal IP address firstly and then uses the IP address to be detected to communicate with the server in the current or historical record of the server. If the user equipment with the identification information uses the normal IP address and the IP address to be detected in the preset time period, the server counts the total amount of the user equipment; if the user equipment with the identification information uses the normal IP address within the preset time period and does not use the IP address to be detected, the server does not count the user equipment in the total amount.
It should be noted that the preset time period may be set according to actual situations. For example, when a user logs in a video server in a subway, the user may be at a company for a certain period of time and travel for another period of time due to the large traffic and the unfixed actions of the user. In this case, the user equipment uses more IP addresses, in other words, the user equipment has a higher probability of using normal IP addresses, so the preset time period can be set to be one week. When the user equipment logs in the video server in the company, the staff in the company is in the working state and cannot leave the company at will, so the probability of using the normal IP address by the user equipment is low, and the set preset time period is relatively prolonged, such as one month. That is, the less the user's action is fixed, the shorter the preset time period is set.
And step 330, when the total number is not less than the preset number threshold, the server determines that the IP address to be detected is a normal IP address.
The preset number threshold is used for measuring the number of the preset devices with the IP addresses being the normal IP addresses. It can be understood that the more user equipments of an IP address, the greater the probability that the IP address is a normal IP address, such as a public exit IP address of a subway.
And when the number of the user equipment using the normal IP address and the IP address to be detected is not less than the preset number threshold, determining that the IP address to be detected is the normal IP address.
Further, after the IP address to be detected is determined to be a normal IP address, the server may store the detected normal IP address in the normal IP address library to expand the normal IP address library, so as to detect other IP addresses that are not detected.
Optionally, the server may store the detected normal IP address in the normal IP address library, and may also store the number of the user equipment using the normal IP address and the IP address to be detected, and the association information between the user equipment using the normal IP address and the IP address to be detected in the normal IP address library. The associated information may be sequence information of the normal IP address used by the user equipment and the IP address to be detected.
In one example, a system architecture of a server and a user device is shown in fig. 4, wherein the server may include a normal IP address repository 410, a tagging system 420, a service server 430 and an analysis system 440. If the server has successfully identified the subway WiFi IP address and the subway WiFi IP address is a normal IP address, the server stores it in the normal IP address repository 410. A normal user logs in the application of the server through the user equipment 300 in the subway on the morning work by using the WiFi IP address of the subway, and the marking system 420 of the server marks the user equipment 300 of the user, and assigns a unique device number (such as a personal account number) to the user equipment 300 of the user. When the user logs in the application of the server again after arriving at the company, the service request is sent to the service server 430 of the server again through the user equipment 300, and the analysis system 440 of the server detects that the user is using another unknown IP address (or called to-be-detected IP address) according to the equipment number of the user equipment 300. The analysis system 440 of the server counts the total number of other user equipments using the subway WiFi IP address first and then using the unknown IP address through the current or historical record, and when it is recognized that the total number is greater than the preset number threshold, determines that the unknown IP address is the normal IP address, and stores the normal IP address in the normal IP address library 410.
In summary, the method determines the number of the user equipments using the normal IP address and the IP address to be detected by counting the identification information of the user equipment using the IP address to be detected and the identification information of the user equipment using the normal IP address. When the number of the devices is not less than the preset number threshold, the IP address to be detected can be determined to be the normal IP address, so that the IP address to be detected can be analyzed by utilizing the existing normal IP address, the limitation of small service request quantity sent by the IP address to be detected is avoided, the accuracy of identifying the normal IP address is improved, and the normal IP address is prevented from being killed by mistake.
An embodiment of the present invention corresponding to the foregoing method further provides a detection apparatus, as shown in fig. 5, the detection apparatus may include: a first acquisition module 510, a second acquisition module 520, and an address determination module 530.
The first obtaining module 510 is configured to obtain a target user equipment, where the target user equipment communicates with a network device through an IP address to be detected.
The second obtaining module 520 is configured to obtain the total number of the first user equipment, where the first user equipment is a device that communicates with the network device through the to-be-detected IP address and the normal IP address in the current or historical record of the network device.
The address determining module 530 is configured to determine that the IP address to be detected is a normal IP address when the total number is not less than the preset number threshold.
Optionally, the first obtaining module 510 is specifically configured to obtain a service request sent by the second user equipment;
acquiring an IP address used by second user equipment carried in the service request;
and when the acquired IP address is not detected, determining the acquired IP address as the IP address to be detected, and determining the second equipment as the target equipment.
Optionally, the first user equipment is a device which uses the normal IP address first and then uses the IP address to be detected to communicate with the network device in the current or historical record of the network device.
Optionally, the apparatus further includes a storing module 540, configured to store the detected normal IP address in the normal IP address library after the address determining module 530 determines that the IP address to be detected is the normal IP address.
The functions of the functional modules at the detection device end can be realized through the steps in the embodiment in fig. 3, and the specific implementation process can refer to the related description of the method embodiment, so that the specific working process and beneficial effects of the detection device provided by the embodiment of the present invention are not repeated herein.
Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention. As shown in fig. 6, the electronic device may include:
a processor 610, a communication interface 620, a memory 630 and a communication bus 640, wherein the processor 610, the communication interface 620 and the memory 630 are communicated with each other through the communication bus 640,
a memory 630 for storing computer programs;
the processor 610, when executing the program stored in the memory 630, implements the following steps:
acquiring target user equipment, wherein the target user equipment is communicated with network equipment through an IP address to be detected;
the network equipment acquires the total quantity of first user equipment, and the first user equipment is equipment which communicates with the network equipment through the IP address to be detected and the normal IP address in the current or historical record of the network equipment
And when the total number is not less than the preset number threshold, determining that the IP address to be detected is a normal IP address.
Optionally, the obtaining the target user equipment includes: acquiring a service request sent by second user equipment;
acquiring an IP address used by second user equipment carried in the service request;
and when the acquired IP address is not detected, determining the acquired IP address as the IP address to be detected, and determining the second equipment as the target equipment.
Optionally, the first user equipment is a device which uses the normal IP address first and then uses the IP address to be detected to communicate with the network device in the current or historical record of the network device.
Optionally, after determining that the IP address to be detected is a normal IP address, storing the detected normal IP address in a normal IP address library.
The communication bus mentioned in the electronic device may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface is used for communication between the electronic equipment and other equipment.
The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
In another embodiment of the present invention, a computer-readable storage medium is further provided, which stores instructions that, when executed on a computer, cause the computer to execute the IP address detection method described in any one of the above embodiments.
In yet another embodiment of the present invention, there is also provided a computer program product containing instructions which, when run on a computer, cause the computer to perform the method for detecting an IP address as described in any of the above embodiments.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.
Claims (8)
1. A method for detecting an IP address, the method comprising:
the network equipment acquires target user equipment, and the target user equipment is communicated with the network equipment through an IP address to be detected;
the network equipment acquires the total quantity of first user equipment, wherein the first user equipment is equipment which firstly uses a normal IP address and then uses the IP address to be detected to communicate with the network equipment in the current or historical record of the network equipment; the normal IP address is an IP address for implementing normal behavior when normal user equipment using the IP address accesses a network;
and when the total number is not less than a preset number threshold, the network equipment determines that the IP address to be detected is a normal IP address.
2. The method of claim 1, wherein the network device obtaining the target ue comprises:
the network equipment acquires a service request sent by second user equipment;
the network equipment acquires the IP address used by the second user equipment carried in the service request;
and when the acquired IP address is not detected, the network equipment determines the acquired IP address as the IP address to be detected, and determines the second user equipment as the target user equipment.
3. The method according to claim 1, wherein after the network device determines that the IP address to be detected is a normal IP address, the method further comprises:
and the network equipment stores the detected normal IP address in a normal IP address library.
4. A detection device, the device comprising:
the first acquisition module is used for acquiring target user equipment, and the target user equipment is communicated with the network equipment through the IP address to be detected;
the second acquisition module is used for acquiring the total number of first user equipment, wherein the first user equipment is equipment which firstly uses a normal IP address and then uses the IP address to be detected to communicate with the network equipment in the current or historical record of the network equipment; the normal IP address is an IP address for implementing normal behavior when normal user equipment using the IP address accesses a network;
and the address determining module is used for determining the IP address to be detected as a normal IP address when the total number is not less than a preset number threshold.
5. The apparatus according to claim 4, wherein the first obtaining module is specifically configured to obtain a service request sent by a second user equipment;
acquiring an IP address used by the second user equipment carried in the service request;
and when the acquired IP address is not detected, determining the acquired IP address as the IP address to be detected, and determining the second user equipment as the target user equipment.
6. The apparatus of claim 4, further comprising a storage module;
and the storage module is used for storing the detected normal IP address in a normal IP address library after the address determination module determines that the IP address to be detected is the normal IP address.
7. An electronic device, characterized in that the electronic device comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
a memory for storing a computer program;
a processor for implementing the method steps of any of claims 1 to 3 when executing a program stored in the memory.
8. A computer-readable storage medium, characterized in that a computer program is stored in the computer-readable storage medium, which computer program, when being executed by a processor, carries out the method steps of any one of the claims 1-3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711070037.1A CN107612946B (en) | 2017-11-03 | 2017-11-03 | IP address detection method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711070037.1A CN107612946B (en) | 2017-11-03 | 2017-11-03 | IP address detection method and device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107612946A CN107612946A (en) | 2018-01-19 |
| CN107612946B true CN107612946B (en) | 2021-09-03 |
Family
ID=61085098
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711070037.1A Active CN107612946B (en) | 2017-11-03 | 2017-11-03 | IP address detection method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107612946B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111224936B (en) * | 2019-11-07 | 2022-08-02 | 中冶赛迪重庆信息技术有限公司 | User abnormal request detection method, system, device and machine readable medium |
| CN112839018B (en) * | 2019-11-25 | 2022-11-18 | 华为技术有限公司 | Degree value generation method and related equipment |
| CN113067913B (en) * | 2021-03-19 | 2022-12-09 | 北京达佳互联信息技术有限公司 | Positioning method, device, server, medium and product |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014079265A1 (en) * | 2012-11-21 | 2014-05-30 | 华为技术有限公司 | Method, apparatus and access device for releasing ip address |
| CN104980446A (en) * | 2015-06-30 | 2015-10-14 | 百度在线网络技术(北京)有限公司 | Detection method and system for malicious behavior |
| CN105450619A (en) * | 2014-09-28 | 2016-03-30 | 腾讯科技(深圳)有限公司 | Method, device and system of protection of hostile attacks |
| CN106685899A (en) * | 2015-11-09 | 2017-05-17 | 阿里巴巴集团控股有限公司 | Method and device for identifying malicious access |
| CN106878249A (en) * | 2016-08-12 | 2017-06-20 | 阿里巴巴集团控股有限公司 | The recognition methods of illegal purposes resource and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104836696B (en) * | 2014-02-12 | 2019-01-11 | 腾讯科技(深圳)有限公司 | A kind of detection method and device of IP address |
-
2017
- 2017-11-03 CN CN201711070037.1A patent/CN107612946B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014079265A1 (en) * | 2012-11-21 | 2014-05-30 | 华为技术有限公司 | Method, apparatus and access device for releasing ip address |
| CN105450619A (en) * | 2014-09-28 | 2016-03-30 | 腾讯科技(深圳)有限公司 | Method, device and system of protection of hostile attacks |
| CN104980446A (en) * | 2015-06-30 | 2015-10-14 | 百度在线网络技术(北京)有限公司 | Detection method and system for malicious behavior |
| CN106685899A (en) * | 2015-11-09 | 2017-05-17 | 阿里巴巴集团控股有限公司 | Method and device for identifying malicious access |
| CN106878249A (en) * | 2016-08-12 | 2017-06-20 | 阿里巴巴集团控股有限公司 | The recognition methods of illegal purposes resource and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107612946A (en) | 2018-01-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11750659B2 (en) | Cybersecurity profiling and rating using active and passive external reconnaissance | |
| US10574681B2 (en) | Detection of known and unknown malicious domains | |
| US9154516B1 (en) | Detecting risky network communications based on evaluation using normal and abnormal behavior profiles | |
| US8321934B1 (en) | Anti-phishing early warning system based on end user data submission statistics | |
| CN106953832B (en) | Method and system for processing online game suspicious account | |
| CN108932426B (en) | Unauthorized vulnerability detection method and device | |
| CN112003838B (en) | Network threat detection method, device, electronic device and storage medium | |
| CN113489713B (en) | Network attack detection method, device, equipment and storage medium | |
| CN107682345B (en) | IP address detection method and device and electronic equipment | |
| CN111314285B (en) | Method and device for detecting route prefix attack | |
| CN110417747B (en) | Method and device for detecting violent cracking behavior | |
| CN107612946B (en) | IP address detection method and device and electronic equipment | |
| CN107342913B (en) | Detection method and device for CDN node | |
| CN108156141B (en) | Real-time data identification method and device and electronic equipment | |
| US20220014561A1 (en) | System and methods for automated internet-scale web application vulnerability scanning and enhanced security profiling | |
| CN113162923B (en) | User reliability evaluation method and device based on user behaviors and storage medium | |
| CN108282446B (en) | Method and apparatus for identifying scanner | |
| CN109067794B (en) | Network behavior detection method and device | |
| EP3913888A1 (en) | Detection method for malicious domain name in domain name system and detection device | |
| CN109241733A (en) | Crawler Activity recognition method and device based on web access log | |
| US10320823B2 (en) | Discovering yet unknown malicious entities using relational data | |
| JP6162021B2 (en) | Analysis device, malicious communication destination registration method, and malicious communication destination registration program | |
| CN110955890B (en) | Method and device for detecting malicious batch access behaviors and computer storage medium | |
| US20170206619A1 (en) | Method for managing violation incident information and violation incident management system and computer-readable recording medium | |
| CN111625700B (en) | Anti-grabbing method, device, equipment and computer storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |