CN107707516B - A kind of IP address analysis method and system - Google Patents
A kind of IP address analysis method and system Download PDFInfo
- Publication number
- CN107707516B CN107707516B CN201710216069.1A CN201710216069A CN107707516B CN 107707516 B CN107707516 B CN 107707516B CN 201710216069 A CN201710216069 A CN 201710216069A CN 107707516 B CN107707516 B CN 107707516B
- Authority
- CN
- China
- Prior art keywords
- round
- period
- score
- day
- probability
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephonic Communication Services (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of IP address analysis method and systems.This method includes:Collect the historical data of IP address;The historical data of IP address is analyzed, the credit data of IP address is generated.It can be applied in the scenes such as IP address legitimate verification, IP address interception, solve the problems, such as IP address Safety perception mistake, the generation for effectivelying prevent the erroneous judgement of IP address legitimacy, IP address accidentally to block.
Description
Technical field
The present invention relates to Internet user portrait field more particularly to a kind of IP address analysis methods.
Background technology
Network level firewall can be considered a kind of IP Packet Filters, operate on the ICP/IP protocol storehouse of bottom.It can be with
In a manner of enumerating, the package for only permitting compliance with ad hoc rules passes through, remaining forbid passing through without exception fire wall (except virus,
Fire wall cannot prevent Virus entry).These rules usually can be defined or be changed via administrator, but certain fire walls are set
It is standby can only to apply mechanically built-in rule.
Firewall rule can also be formulated with another looser angle, as long as not meet any one " no for package
Set pattern is then " just let pass.Operating system and the network equipment built-in firewall function mostly.
Newer fire wall can be filtered using various attribute of package, such as:Source IP addresses, source port
Number, purpose IP address or port numbers, service type (such as HTTP or FTP).Also can via communication protocol, ttl value, source net
Domain name claims or the network segment ... waits attributes to be filtered.
Existing interception scheme is intercepted by single unalterable rules, inadequate to granularity, the dimension of access request analysis, to visiting
The identity for the person of asking lacks cognition, be easy to cause and accidentally blocks.
Invention content
Present invention seek to address that problem as described above.It is an object of the present invention to provide in a kind of solution problem above
It is any one.Specifically, present invention offer can.
According to the first aspect of the invention, a kind of IP address analysis method is provided, including:
Collect the historical data of IP address;
The historical data of IP address is analyzed, the credit data of IP address is generated.
Wherein, the step of historical data for collecting IP address includes:
It is collected within the period 1 and parses original log;
By the information format in the original log, obtain predefined index, the predefined index include at least with
Any one of lower information is arbitrary multinomial:
Time, IP, working hour number of request, rest time period request number, sleep period number of request, working hour demand file
Size, rest time period request file size, sleep period demand file size, working hour user agent UserAgent number, not
Cease period UserAgent number, sleep period UserAgent numbers, mobile terminal UserAgent numbers, the ends PC UserAgent numbers, access
, there is hourage in source quantity, access domain name quantity;
The corresponding predefined index of each IP address is stored, each IP address corresponds to one or more predefined fingers
Mark.
Wherein, the step of historical data for collecting IP address further includes:
It is one or many to obtain the libraries third party IP and/or third party's IP blacklists from third-party platform within second round.
Wherein, the historical data of IP address is analyzed, the credit data for generating IP address includes:
The predefined index of period 1 corresponding with working day in second round pre-processed and after being normalized
To each working day median, the predefined index of period 1 corresponding with day off in the second round is located in advance
Manage and obtained after normalizing each day off median, the second round include multiple period 1 corresponding with working day and
Multiple period 1 corresponding with day off;
Average treatment is weighted respectively to each working day median and obtains working day weighted mean;
Average or maximum value is weighted respectively to each day off median to handle to obtain day off weighted mean
Or maximum value;
According to one or more working day weighted mean, second week is calculated in one or more day off weighted means
Interim specific targets of current second round in phase, the current second round interim specific targets include:
This period is office outlet IP probability, this period is that family exports IP probability, this period is true man's probability, this period
Liveness score, the grouping of this period number;
According to the final specific targets of a upper second round and the libraries third party IP and/or third party's IP blacklists, to described
Current second round interim specific targets are adjusted, and obtain the final specific targets of current second round, with this current second
Credit data of the final specific targets in period as the IP address.
Wherein, the predefined index to the period 1 corresponding with working day in second round is pre-processed and is returned
Each working day median is obtained after one change, to the predefined index of period 1 corresponding with day off in the second round
It is pre-processed and includes the step of obtaining each day off median after being normalized:
There is number score, mobile terminal UserAgent scores, the ends PC in the calculating period 1 hour corresponding with working day
UserAgent numbers score, rest period VS sleep periods number of request score, is visited at VS rest period, number of requests working hour score
It asks domain name number score, weighted mean is taken to the above score, it is that family exports IP probability medians to obtain working day;
Calculate working hour period 1 number of request score corresponding with working day, working hour VS rest time period request number
Score, rest period VS sleep periods number of request score, the ends PC UserAgent numbers score, rest period working hour VS
UserAgent number scores, to the above fractional value weighted average, it is office outlet IP probability medians to obtain working day;
Calculate period 1 number of request distribution score corresponding with working day, UserAgent numbers distribution score, hour appearance
Number score, the sources domain name number VS number score, the mobile terminal ends VS PC UserAgent number scores, weighted mean is taken to the above score,
It is true man's probability median to obtain working day;
Calculate period 1 access domain concrete number score corresponding with working day, working hour number of request score, rest period
There is number score, request source number score in number of request score, sleep period number of request score, hour, and weighting is taken to the above score
Mean value obtains working day liveness median;
There is number score, mobile terminal UserAgent scores, the ends PC in the calculating period 1 hour corresponding with day off
UserAgent numbers score, rest period VS sleep periods number of request score, is visited at VS rest period, number of requests working hour score
It asks domain name number score, weighted mean is taken to the above score, it is that family exports IP probability medians to obtain day off;
Calculate period 1 rest time period request number score corresponding with day off, UserAgent numbers distribution score, hour
There is number score, the sources domain name number VS number score, the mobile terminal ends VS PC UserAgent number scores, takes weighting equal the above score
Value, it is true man's probability median to obtain day off;
Calculate period 1 access domain concrete number score corresponding with day off, working hour number of request score, rest period
There is number score, request source number score in number of request score, sleep period number of request score, hour, and weighting is taken to the above score
Mean value obtains day off liveness median.
Wherein, described according to one or more working day weighted mean, one or more day off weighted means calculate
The step of obtaining the interim specific targets of the current second round in second round include:
VS working day, PC day off end UserAgent numbers score, day off on working day VS are obtained after pretreatment and normalization
Mobile terminal UserAgent numbers score, day off on working day VS number of request score, take weighted mean, with work to three above score
It is office outlet IP probability in described period to be as the weighted mean that day is office outlet IP probability medians;
It is family's outlet IP probability median weighted means that IP probability median is exported by family of working day with day off
It is that family exports IP probability as this period;
Using working day is true man's probability median with day off is true man's probability median weighted mean as this period
For true man's probability;
Divided using the weighted mean of working day liveness median and day off liveness median as this period liveness
Number;
With working day mobile terminal UserAgent quantity and day off mobile terminal UserAgent quantity and working day PC end
The maximum value of UserAgent quantity and day off PC end UserAgent quantity is grouped to be grouped as this period number.
Wherein, the final specific targets include at least any one or arbitrary multinomial of following information,
IP, IPInt update ID, and the IP update times, final number grouping, final is the sum of office outlet IP probability, most
It is that family exports the sum of IP probability eventually, is finally the sum of true man's probability, the sum of final liveness score,
Wherein, " IPInt " is the corresponding long of IP address, and " update ID " is the final specific targets of update second round
Number, " the IP update times " be certain IP address update second round final specific targets number,
The final specific targets according to a upper second round and the libraries third party IP and/or third party's IP blacklists, it is right
The step of interim specific targets of current second round are adjusted, obtain the final specific targets of current second round is wrapped
It includes:
For in the final specific targets and the current second round interim specific targets in a upper second round
The IP address all referred to obtains the final specific targets of current second round by calculating as follows:
Interim specific targets of current second round number grouping and a upper second round final specific targets most
When whole number is grouped into adjacent grouping, the grouping for selecting number big is grouped as the final number of current second round, otherwise
The number of interim specific targets of current second round is selected to be grouped,
It is that office outlet IP probability adds the final specific of a second round in interim specific targets of current second round
It is that office exports the sum of IP probability that in index, which is finally the sum of office outlet IP probability as the final of current second round,
It is that family's outlet IP probability adds the final specific of a second round in interim specific targets of current second round
It is that family exports the sum of IP probability that in index, which is finally the sum of family's outlet IP probability as the final of current second round,
It is in the final specific targets that true man's probability adds a second round in interim specific targets of current second round
It is final be the sum of true man's probability as current second round be finally the sum of true man's probability,
Liveness score in interim specific targets of current second round adds the final liveness score of a second round
The sum of after, divided by update ID record final updated number, be multiplied by the IP update times, the final work as current second round
The sum of jerk score;
It is interim in the current second round for being not directed in the final specific targets of a upper second round
IP address involved in specific targets obtains the interim specific targets of current second round by calculating as follows:
It is grouped using the final number of number grouping as current second round in interim specific targets of current second round,
It is office outlet IP probability using in interim specific targets of current second round final as current second round
The sum of IP probability is exported for office,
It is final as current second round using in interim specific targets of current second round to be that family exports IP probability
The sum of IP probability is exported for family,
Using in interim specific targets of current second round be true man's probability as current second round final true man it is general
The sum of rate,
With the liveness score divided by update ID in interim specific targets of current second round, the IP update times are multiplied by,
The sum of final liveness score as current second round;
The final specific targets of a upper second round were covered using the final specific targets of current second round, were recorded
Update the number of the final specific targets of second round and to the newer number of corresponding IP address.
Wherein, the final specific targets according to a upper second round and the libraries third party IP and/or the black names of third party IP
It is single, the current second round interim specific targets are adjusted, the step of the final specific targets of current second round is obtained
Suddenly further include:
Filter out that correspond to IP in the interim specific targets of current second round not conforming to grammer or corresponding IP be LAN IP
Data;
According to the IP address additional information for including in the libraries third party IP, adjust in interim specific targets of current second round
IP probability and true man's probability are exported for office outlet IP probability, family;
IP credit stain data are generated according to the third party IP blacklists, described in IP credits stain data addition
The final specific targets of current second round.
Wherein, this method further includes:
Interface is provided to third party, allows the credit data for accessing the IP address by the interface;Or,
It receives third party and sends out the IP checking requests for IP address, search the corresponding credit data of the IP address, root
Credit Rank Appraisal is carried out to the IP address according to the credit data, evaluation result is returned to the third party.
According to another aspect of the present invention, additionally provide a kind of IP address analysis system, including big data platform with it is offline
Computing platform;
The big data platform calculates original log, collects and store the history number of IP address for storing original log
According to;
The historical data of the off-line calculation platform, the IP address for being collected to the big data platform is analyzed,
Generate the credit data of IP address.
The method and system of the present invention divides the historical data of IP address by the historical data of collection IP address
Analysis, generates the credit data of IP address, realizes and refines accurate analysis to IP address, IP address attribute is determined with big data,
There is comprehensive and accurate understanding to IP address credit situation, can be applied to the scenes such as IP address legitimate verification, IP address interception
In, solve the problems, such as IP address Safety perception mistake, the hair for effectivelying prevent the erroneous judgement of IP address legitimacy, IP address accidentally to block
It is raw.
Being described below for exemplary embodiment is read with reference to the drawings, other property features of the invention and advantage will
It is apparent from.
Description of the drawings
It is incorporated into specification and the attached drawing of a part for constitution instruction shows the embodiment of the present invention, and with
Principle for explaining the present invention together is described.In the drawings, similar reference numeral is for indicating similar element.Under
Attached drawing in the description of face is some embodiments of the present invention, rather than whole embodiments.Those of ordinary skill in the art are come
It says, it without creative efforts, can be obtain other attached drawings according to these attached drawings.
Fig. 1 schematically illustrates a kind of IP address analysis method flow of the offer of the embodiment of the present invention one;
Fig. 2 schematically illustrates the application principle of the technical solution of the embodiment of the present invention offer;
Fig. 3 schematically illustrates a kind of framework of IP address analysis system of the offer of the embodiment of the present invention two.
Specific implementation mode
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
The every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.It needs
Illustrate, in the absence of conflict, the features in the embodiments and the embodiments of the present application mutually can be combined arbitrarily.
Existing interception scheme is intercepted by single unalterable rules, inadequate to granularity, the dimension of access request analysis, to visiting
The identity for the person of asking lacks cognition, be easy to cause and accidentally blocks.
To solve the above-mentioned problems, the embodiment provides a kind of IP address analysis methods, below in conjunction with the accompanying drawings,
The embodiment of the present invention one is illustrated.
An embodiment of the present invention provides a kind of IP address analysis methods, based on the passing access history data of IP address, correlation
The data such as additional information carry out detailed analysis to IP address, obtain the credit data of IP address, the credit according to the IP address
Data evaluate IP address, realize and refine accurately analytical judgment to IP address, with credit data evaluation IP address peace
Whole degree effectively prevents the generation that erroneous judgement is accidentally blocked, and detailed process is as shown in Figure 1, include:
Step 101, the historical data for collecting IP address;
In this step, original log is collected according to the period 1, such as CDN server daily record, and parses, the CDN is taken
The information format being engaged in device daily record obtains predefined index.The CDN server daily record is specially CDN nginx daily records,
It can be calculated by other network access logs.
The predefined index includes at least any one of following information or arbitrary multinomial:
Time, IP, working hour number of request, rest time period request number, sleep period number of request, working hour demand file
Size, rest time period request file size, sleep period demand file size, working hour UserAgent number, rest period
UserAgent numbers, sleep period UserAgent numbers, mobile terminal UserAgent numbers, the ends PC UserAgent numbers access source number
There is hourage in amount, access domain name quantity, wherein and the period 1 includes working hour, rest period and sleep period,
" time " refers to the time (i.e. user's access time) that corresponding CDN server daily record generates, and " IP " is referred to
IP address, " the working hour number of request " refers to the number of request that the IP address is sent out within the working hour, described
" rest time period request number " refers to the number of request that the IP address is sent out within the rest period, and described " sleep period is asked
Number " refers to the number of request that the IP address is sent out in the sleep period, and " the working hour demand file size " refers to
The file size summation of IP address request within the working hour, " the rest time period request file size " refer to
The file size summation of the IP address request in the rest period, " the sleep period demand file size " refers in institute
The file size summation of the IP address request in sleep period is stated, " the working hour UserAgent number " refers to described
The UserAgent numbers occurred under the IP address in working hour, " the rest period UserAgent numbers " refer to stopping described
The UserAgent numbers occurred under the IP address in the breath period, " the sleep period UserAgent numbers " refers in the sleep
The UserAgent numbers occurred under the IP address in period, " the mobile terminal UserAgent numbers " refers to that the IP address passes through
The UserAgent numbers that mobile terminal accesses, " ends the PC UserAgent numbers " refers to that the IP address is accessed by the ends PC
UserAgent numbers, " the accessing source quantity " refers to the quantity that the IP address accesses source within the period 1, institute
The quantity that " access domain name quantity " refers to the domain name that the IP address accesses within the period 1 is stated, it is described " hour occur
Number " refers to occurring the hourage that the IP address accesses within the period 1 (the hour meter 1 of IP address access occur
There is hourage, such as have IP access that hour numerical value will just occur and be set to 2) at 2 points and 4 points.
The corresponding predefined index of each IP address is stored, each IP address corresponds to one or more predefined fingers
Mark.Specifically, can hive tables be stored in the predefined index.
Period 1 involved in this step is preferably 1 consecutive days (24 hours).
Preferably, the historical data of IP address can also be obtained from third-party platform, primary or more such as within second round
It is secondary to usually contain IP address in library from the third-party platform acquisition libraries third party IP and/or third party's IP blacklists, third party IP
Additional information (distribution of such as IP address or IP address section, the i.e. IP sections of corresponding country, province, city, operator, it is also possible to indicate
Certain Business Name, it is also possible to be marked as certain data center).Third-party platform data irregularly update, therefore can be flat in third party
The data of platform obtain after updating, and can also be ready for calculating preceding acquisition in second round.
Step 102 analyzes the historical data of IP address, generates the credit data of IP address;
In this step, the predefined index of period 1 corresponding with working day in second round is pre-processed and returned
Each working day median is obtained after one change, to the predefined index of period 1 corresponding with day off in the second round
Pre-processed and obtained after being normalized each day off median, the second round includes multiple corresponding with working day the
One period and multiple period 1 corresponding with day off;It is weighted average (packet respectively to each working day median
It is average to include count weighted average or Random geometric sery) processing obtains working day weighted mean;To each day off median point
Average or maximum value is not weighted to handle to obtain day off weighted mean or maximum value;Add according to one or more working day
Mean value is weighed, the interim specific targets of current second round in second round are calculated in one or more day off weighted means,
The interim specific targets of current second round include:This period is office outlet IP probability, this period is that family outlet IP is general
Rate, this period are true man's probability, this period liveness score, the grouping of this period number;According to the final tool of a upper second round
Body index and the libraries third party IP and/or third party's IP blacklists, are adjusted the current second round interim specific targets,
The final specific targets of current second round are obtained, using the final specific targets of the current second round as the IP address
Credit data.
Second round is the integral multiple of period 1;Preferably, when the period 1 is day, second round is the moon or week.
The citing of the specific algorithm of this step is illustrated below.The period 1 being directed to is 1, and second round is
1 month;The sigmoid functions of normalization algorithm use deformation involved in the embodiment of the present invention, 1.0/ (1.0+math.exp (-
Molecule/denominator+4.0)) because input value is all higher than equal to 0, in addition 4.0.
1, working day data summarization:
A) ask working day per day data median
In this step, using IP as dimension, the mobile terminal UserAgent numbers of evaluation work day corresponding period 1, the ends PC
UserAgent numbers, number of request median.
Number of request:Working hour number of request adds sleep period number of request plus rest time period request number.
(1) working day IP address is that family exports IP probability:
There is number score in hour:Normalization algorithm molecule is 6, and denominator is hourage occur;
Mobile terminal UserAgent scores:Normalization algorithm, molecule are mobile terminal UserAgent under each IP in a period of time
Several mean values (such as 10, irregularly update), denominator is mobile UserAgent numbers;
The ends PC UserAgent number scores:Normalization algorithm, molecule are the ends PC UserAgent numbers under each IP in a period of time
Mean value (such as 5, irregularly update), denominator is the ends PC UserAgent numbers;
Rest period VS working hour number of request scores:Normalization algorithm, molecule are rest time period request number divided by 4, are divided
Mother is working hour number of request divided by 12;
Rest period VS sleep periods number of request score:Normalization algorithm, molecule are rest time period request number divided by 4, are divided
Mother is sleep period number of request divided by 8;
Access domain concrete number score:Normalization algorithm, molecule are that each average daily access domain name quantity of IP is (irregular in a period of time
Update), denominator is domain name number;
There is number score, mobile terminal UserAgent scores, the ends PC UserAgent numbers score, rest period VS in the above hour
Working hour number of request score, rest period VS sleep periods number of request score, access domain concrete number score weighted mean be work
It is that family exports IP probability medians to make day.
(2) working day is office outlet IP probability medians:
Working hour number of request score:Normalization algorithm, molecule is working hour number of request divided by 12, when denominator is one section
Interior each IP working hours number of request hourly average value (irregularly update);
Working hour VS rest time period request number score:Pretreatment and normalization algorithm, molecule are working hour number of request
Divided by 12, denominator is rest time period request number divided by 4;
Rest period VS sleep periods number of request score:Pretreatment and normalization algorithm, molecule are rest time period request number
Divided by 4, denominator is sleep period number of request divided by 8;
The ends PC UserAgent number scores:Pretreatment and normalization algorithm, molecule are the ends PC under each IP in a period of time
The mean value (such as 10, irregularly update) of UserAgent numbers, denominator is the ends PC UserAgent numbers;
Working hour VS rest period UserAgent number scores:Pretreatment and normalization algorithm, molecule are working hour
UserAgent numbers, denominator are rest period UserAgent numbers;
When the above working hour number of request score, working hour VS rest time period request number score, the sleep of rest period VS
Section number of request score, the ends PC UserAgent numbers score, working hour VS rest period UserAgent number scores, to the above score
It is worth weighted average, it is office outlet IP probability medians to obtain working day;
(3) working day is true man's probability median:
Number of request distribution score:Pretreatment and normalization algorithm, molecule be working hour number of request divided by 12 with rest when
Section number of request divided by 4 with sleep period divided by 8 standard deviation, denominator 1;
UserAgent number distribution scores:Normalization algorithm, molecule are working hour UserAgent number, rest period
UserAgent numbers, the standard deviation of sleep period UserAgent numbers, denominator 1;
There is number score in hour:Normalization algorithm, molecule 6, denominator are hour number occur;
The sources domain name number VS number score:Normalization algorithm, molecule are source number, and denominator is domain name number;
The mobile terminal ends VSPC UserAgent number scores:Normalization algorithm, molecule are mobile terminal UserAgent numbers, and denominator is
The ends PC UserAgent numbers.
The above score weighted mean be true man's probability median on working day.
(4) working day liveness median:
Access domain concrete number score:Normalization algorithm, molecule are access domain concrete number, denominator 10;
Working hour number of request score:Normalization algorithm, molecule is working hour number of request divided by 12, when denominator is one section
Interior each IP working hours number of request hourly average value (irregularly update);
Rest time period request number score:Normalization algorithm, molecule is rest time period request number divided by 4, when denominator is one section
Interior each IP rests time period request a few hours average value (irregularly update);
Sleep period number of request score:Normalization algorithm, molecule is sleep period number of request divided by 8, when denominator is one section
Interior each IP sleep periods number of request hourly average value (irregularly update);
There is number score in hour:Normalization algorithm, molecule are hour number, denominator 6 occur;
Ask source number score:Normalization algorithm, molecule are request source number, and denominator is that request comes average each IP daily
Source number average value (irregularly update).
All of above score weighted mean obtains working day liveness median.
B) ask working day per the weighted mean of day data median:
Using IP as dimension, evaluation work day corresponding period 1 mobile terminal UserAgent number weighted means, the ends PC
UserAgent number weighted means, number of request weighted mean, working day are that family exports IP probability weight mean values, and working day is to do
Mouth IP probability weight mean values away on official business, working day are true man's probability weight mean value, working day liveness weighted mean.
2, day off data summarization:
A) ask day off per day data median
Using IP as dimension, mobile terminal UserAgent numbers, the ends the PC UserAgent of corresponding period 1 on day off are calculated
The median of number, number of request.
Number of request:Working hour number of request adds sleep period number of request plus rest time period request number.
(1) day off is that family exports IP probability medians:Similar working day algorithm;
(2) day off is true man's probability median:Similar working day algorithm;
(3) day off liveness median:Similar working day algorithm.
B) ask day off per the weighted mean or maximum value of day data median:
Using IP as dimension, the mobile terminal UserAgent number maximum values of corresponding period 1 on day off, the ends PC are calculated
UserAgent number maximum values, number of request weighted mean, day off are that family exports IP probability weight mean values, and day off is true man
Probability weight mean value, day off liveness weighted mean.
3, working day and day off data summarization obtain interim specific targets of current second round:
Working day and day off are connected according to IP and calculated, is obtained:
IPInt:The IP is converted into corresponding long.
This period number is grouped:Working day PC end UserAgent number is sought, period 1 PC end corresponding with working day is calculated
UserAgent number weighted averages.Working day mobile terminal UserAgent number calculates period 1 movement corresponding with working day
Hold UserAgent number weighted averages.Day off PC end UserAgent number calculates period 1 PC end corresponding with day off
UserAgent number weighted averages.Day off mobile terminal UserAgent number calculates period 1 movement corresponding with day off
Hold UserAgent number weighted averages.Ask working day PC end UserAgent number, working day mobile terminal UserAgent number, rest
The end day PC UserAgent numbers, day off mobile terminal UserAgent number maximum value after, be grouped according to following:1:0-1,2:
2-5,3:6-10,4:11-30,5:31-50,6:51-100,7:101-500,8:501-2000,9:>2000。
This period is office outlet IP probability:
VS working day, PC day off end UserAgent number scores:Normalization algorithm, molecule are working day PC end
UserAgent quantity, denominator are day off PC end UserAgent quantity;
Day off on working day VS mobile terminal UserAgent number scores:Normalization algorithm, molecule are working day mobile terminal
UserAgent quantity, denominator are day off mobile terminal UserAgent quantity;
Day off on working day VS number of request score:Normalization algorithm, molecule are working day number of request, and denominator is asked for day off
Ask several;
Three above score weighted mean, with working day be office outlet IP probability medians weighted mean be this period
Office outlet IP probability.
This period is that family exports IP probability:Working day is family's outlet IP probability median and day off is family outlet
The weighted mean of IP probability medians.
This period is true man's probability:Working day is true man's probability median and day off is the weighting of true man's probability median
Mean value.
This period liveness score:The weighted mean of working day liveness median and day off liveness median.
This period number is grouped:With working day mobile terminal UserAgent quantity and day off mobile terminal UserAgent quantity
It is grouped with working day PC end UserAgent quantity and the maximum value of day off PC end UserAgent quantity.
Interim specific targets of current second round are stored in MySQL temporary data tables, into the adjusting stage.
Adjusting stage
It was stored in the upper of MySQL with the interim specific targets of current second round and a upper second round that are stored in MySQL
Input of the final specific targets of one second round as this stage.
All IP in MySQL temporary data tables are traversed, each IP is corresponding with interim specific targets of current second round.
1, the asyntactic data of IP are filtered out, LAN IP is filtered out.
2, obtain third party IP libraries information, judge additional information that the libraries third party IP include judge in character string whether include
Following sensitivity character string, and return to corresponding adjustment index:" company ", " data center ", " GSM/TD-SCDMA/LTE ".Adjustment refers to
Number include to " true man's probability ", " for office outlet IP probability ", the adjustment index of " exporting IP probability for family " three probability, such as
Not comprising sensitive character string then three kinds of probability adjustment index all be 1.Multiply three probability respectively with the adjustment index of three probability,
And arrange probability need in [0.05,0.95] range, such as less than 0.05 return 0.05, such as larger than 0.95 return 0.95.
3, the final specific targets of upper second round deposit MySQL are obtained.
To Mr. Yu's IP address, whether there are the final specific targets of a upper second round according to the IP address, to the IP address
The mode for generating the final specific targets of current second round is also different, specific as follows:
A) if any the final specific targets of a upper second round of this IP, then respective operations were carried out to following index:
Update ID:That is which time update second round data.
IPInt:The IP is converted into corresponding long.
The IP update times:A upper second round, the IP update times added 1.
Final number grouping:If the number grouping of interim specific targets of current second round and a upper second round are final
The final number of specific targets is grouped into adjacent grouping, then is finally the big grouping of number;Otherwise it is finally ephemeral data
Grouping.
It is final to export the sum of IP probability for office:It is office outlet IP probability in interim specific targets of current second round
In addition final for the sum of office outlet IP probability in the final specific targets of a second round.
Finally the sum of IP probability is exported for family:It is family's outlet IP probability in interim specific targets of current second round
In addition finally exporting the sum of IP probability for family in the final specific targets of a second round.
It is finally the sum of true man's probability:It is that true man's IP probability adds one second in interim specific targets of current second round
In the final specific targets in period is finally the sum of true man's probability.
The sum of final liveness score:Liveness score in interim specific targets of current second round adds a second week
After the sum of final liveness score of phase, divided by the final updated number of ID records is updated, is multiplied by the IP update times.
Such as without this IP, then respective operations are carried out to following index:
IPInt:The IP is converted into corresponding long.
Update ID:That is which time update second round data.
The IP update times:It is 1.
Final number grouping:The number grouping of interim specific targets of current second round.
It is final to export the sum of IP probability for office:Current second round interim specific targets are office outlet IP probability.
Finally the sum of IP probability is exported for family:Current second round interim specific targets are family's outlet IP probability.
It is finally the sum of true man's probability:True man's probability of interim specific targets of current second round.
The sum of final liveness score:The liveness score divided by update ID of interim specific targets of current second round, multiply
With the IP update times.
In addition, also IP credit stain data can be generated according to third party's IP blacklists, the IP credits stain data are added
Enter the final specific targets of the current second round.
Specifically, information generally comprises the IP address or IP address section to pipe off in blacklist.Credit stain number
It is showed according to the form of preferred available credit stain score, for example there is in more third party's blacklists, credit stain
Score is higher, and it is 0 to be not present in blacklist then credit stain score.
The final specific targets of the previous second round are covered using the final specific targets of current second round, are recorded
Update the number of the final specific targets of second round and to the newer number of corresponding IP address.Extremely by all of above data update
MySQL。
Current second round interim specific targets and final specific targets are deposited to can be using IP as indexing when MySQL;Also may be used
Switch to after corresponding lint-long integer with corresponding lint-long integer be index with IP, divides table to store after being divided into 256 parts according to IPInt, with side
Just inquire and improve inquiry velocity.
After obtaining according to newer final specific targets of current second round, i.e., finally referred specifically to so that IP address is corresponding
It is denoted as the credit data for the IP address, IP address is evaluated according to the credit data.Interface can be provided to third party, permitted
Perhaps the credit data of the IP address is accessed by the interface;Also can receive third party send out for IP address IP verification ask
It asks, searches the corresponding credit data of the IP address, Credit Rank Appraisal is carried out to the IP address according to the credit data,
Evaluation result is returned to the third party.
It can be applied in the operation that fire wall intercepts IP, fire wall judges the IP address according to the credit data of IP address
Legitimacy, also can provide IP verification results to fire wall independently at an IP credit grade platform.Also can not influence it is existing
Under the premise of firewall functionality, the mechanism of a secondary verification is provided, i.e., when fire wall judgement IP address is suspicious, then is believed by IP
Secondary verification is carried out according to credit data with grade platform, the accuracy of fire wall interception is further increased, prevents from accidentally blocking.
IP address analysis method provided in an embodiment of the present invention can be combined with existing Internet architecture, such as Fig. 2 institutes
Show, collects user access logs and implemented using the present invention in conjunction with third-party IP blacklists and IP address library as original log
The IP address analysis method that example provides obtains the IP user's attribute data being mainly made of final specific targets, mainly according to the
The IP stains data that tripartite's IP blacklists generate and the IP address library data that are obtained according to third party's IP address library, and by IP user
Attribute data, IP stains data and IP address library Data Integration carry out credit rating to IP credit grade platforms, to IP address, obtain
To the credit data of IP address.The credit data of IP address comprehensively describes the feature of IP address, can be used for information security neck
Domain realizes the IP address essence based on big data analysis to the confirmation of IP address safety or IP-based user portrait field
Really describe.IP credit grade platforms can be also fed back to using result, are carried out algorithm iteration and parameter adjustment to having result, are assigned
The self-adjusting ability of system self study further increases the precision that IP credit grades platform analyzes IP.
Below in conjunction with the accompanying drawings, the embodiment of the present invention two is illustrated.
An embodiment of the present invention provides a kind of IP address analysis systems, and structure is as shown in figure 3, include:
Big data computing platform and off-line calculation platform.
Wherein, big data platform includes:Hadoop computing platforms, spark computing platforms;
Off-line calculation platform includes:Server or server cluster.
The big data platform calculates original log, collects and store the history number of IP address for storing original log
According to;
The historical data of the off-line calculation platform, the IP address for being collected to the big data platform is analyzed,
Generate the credit data of IP address.
The off-line calculation platform, additionally it is possible to be communicated with third party by the big data platform, be carried to third party
For the credit data of the IP address, or receives third party's inquiry request and return to according to the credit data IP address verification
Auxiliary information.
Preferably, which further includes storage platform, and the storage platform supports MySQL systems, can use
In store the original log, IP address credit data, from the libraries third party IP that third party obtains and third party IP blacklists,
The final specific targets in this period, the final specific targets of a upper second round, the interim specific targets of current second round and
The intermediate data etc. generated in calculating process.
The embodiment provides a kind of IP address analysis system, the one kind that can be provided with the embodiment of the present invention
IP address analysis method is combined, and by collecting the historical data of IP address, is analyzed the historical data of IP address, is generated
The credit data of IP address realizes and refines accurate analysis to IP address, IP address attribute determined with big data, to IP address
Credit situation has comprehensive and accurate understanding, can be applied in the scenes such as IP address legitimate verification, IP address interception, solves
The problem of IP address Safety perception mistake, the generation for effectivelying prevent the erroneous judgement of IP address legitimacy, IP address accidentally to block.
Descriptions above can combine implementation individually or in various ways, and these variants all exist
Within protection scope of the present invention.
Finally it should be noted that:The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations.Although
Present invention has been described in detail with reference to the aforementioned embodiments, it will be understood by those of ordinary skill in the art that:It still may be used
With technical scheme described in the above embodiments is modified or equivalent replacement of some of the technical features;
And these modifications or replacements, various embodiments of the present invention technical solution that it does not separate the essence of the corresponding technical solution spirit and
Range.
Claims (7)
1. a kind of IP address analysis method, which is characterized in that including:
The historical data of IP address is collected, including:
Original log is collected and parsed within the period 1,
By the information format in the original log, predefined index is obtained, the predefined index includes IP and following letter
Any one of breath is arbitrary multinomial:Time, working hour number of request, rest time period request number, sleep period number of request, work
Time period request file size, rest time period request file size, sleep period demand file size, working hour user agent
UserAgent numbers, rest period UserAgent numbers, sleep period UserAgent numbers, mobile terminal UserAgent numbers, the ends PC
UserAgent numbers, access source quantity, and hourage occurs in access domain name quantity;
The corresponding predefined index of each IP address is stored, each IP address corresponds to one or more predefined indexs,
It is one or many to obtain the libraries third party IP and/or third party's IP blacklists from third-party platform within second round;
The historical data of IP address is analyzed, the credit data of IP address is generated, including:
The predefined index of period 1 corresponding with working day in second round is pre-processed and is obtained after being normalized each
A working day median pre-processes simultaneously the predefined index of period 1 corresponding with day off in the second round
Obtain each day off median after normalization, the second round includes multiple period 1 corresponding with working day and multiple
Period 1 corresponding with day off,
Average treatment is weighted respectively to each working day median and obtains working day weighted mean,
It is weighted average or maximum value respectively to each day off median and handles to obtain day off weighted mean or most
Big value,
According to one or more working day weighted mean, one or more day off weighted means were calculated in second round
Interim specific targets of current second round, the current second round interim specific targets include:This period is that office exports
IP probability, this period are that family exports IP probability, this period is true man's probability, this period liveness score, this period number point
Group,
According to the final specific targets of a upper second round and the libraries third party IP and/or third party's IP blacklists, to described current
Second round, interim specific targets were adjusted, and obtained the final specific targets of current second round, with the current second round
Credit data of the final specific targets as the IP address.
2. IP address analysis method according to claim 1, which is characterized in that it is described in second round with working day pair
The predefined index for the period 1 answered is pre-processed and obtains each working day median after being normalized, to the second week
The predefined index of period 1 corresponding with day off is pre-processed and is obtained after being normalized among each day off in phase
The step of value includes:
There is number score, mobile terminal UserAgent scores, the ends PC in the calculating period 1 hour corresponding with working day
UserAgent numbers score, rest period VS sleep periods number of request score, is visited at VS rest period, number of requests working hour score
It asks domain name number score, weighted mean is taken to the above score, it is that family exports IP probability medians to obtain working day;
Calculate working hour period 1 number of request score corresponding with working day, working hour VS rest time period request number point
Number, rest period VS sleep periods number of request score, the ends PC UserAgent numbers score, rest period working hour VS
UserAgent number scores, to the above fractional value weighted average, it is office outlet IP probability medians to obtain working day;
Calculating period 1 number of request distribution score corresponding with working day, UserAgent numbers distribution score, hour occur several points
Number, the sources domain name number VS number score, the mobile terminal ends VS PC UserAgent number scores, take weighted mean to the above score, obtain
Working day is true man's probability median;
Calculate period 1 access domain concrete number score corresponding with working day, working hour number of request score, rest time period request
There is number score, request source number score in number score, sleep period number of request score, hour, and weighted mean is taken to the above score,
Obtain working day liveness median;
There is number score, mobile terminal UserAgent scores, the ends PC in the calculating period 1 hour corresponding with day off
UserAgent numbers score, rest period VS sleep periods number of request score, is visited at VS rest period, number of requests working hour score
It asks domain name number score, weighted mean is taken to the above score, it is that family exports IP probability medians to obtain day off;
Calculate period 1 rest time period request number score corresponding with day off, UserAgent numbers distribution score, hour appearance
Number score, the sources domain name number VS number score, the mobile terminal ends VS PC UserAgent number scores, weighted mean is taken to the above score,
It is true man's probability median to obtain day off;
Calculate period 1 access domain concrete number score corresponding with day off, working hour number of request score, rest time period request
There is number score, request source number score in number score, sleep period number of request score, hour, and weighted mean is taken to the above score,
Obtain day off liveness median.
3. IP address analysis method according to claim 1, which is characterized in that described according to one or more working day
The interim specific targets of current second round in second round are calculated in weighted mean, one or more day off weighted means
The step of include:
VS working day, PC day off end UserAgent numbers score is obtained after pretreatment and normalization, day off on working day VS moves
UserAgent numbers score, day off on working day VS number of request score are held, weighted mean is taken to three above score, with working day
For office outlet IP probability medians weighted mean be described period be office outlet IP probability;
Exported by family of working day IP probability median and day off be family export IP probability median weighted means as
This period is that family exports IP probability;
It is true using working day is true man's probability median with day off is true man's probability median weighted mean as this period
People's probability;
Using the weighted mean of working day liveness median and day off liveness median as this period liveness score;
With working day mobile terminal UserAgent quantity and day off mobile terminal UserAgent quantity and working day PC end
The maximum value of UserAgent quantity and day off PC end UserAgent quantity is grouped to be grouped as this period number.
4. IP address analysis method according to claim 1, which is characterized in that the final specific targets include at least with
Any one of lower information is arbitrary multinomial,
IP, IPInt update ID, and the IP update times, final number grouping, final is the sum of office outlet IP probability, is finally
Family exports the sum of IP probability, is finally the sum of true man's probability, the sum of final liveness score,
Wherein, " IPInt " is the corresponding long of IP address, and " update ID " is time of the final specific targets of update second round
Number, " the IP update times " are the number of the final specific targets of the update second round of certain IP address,
The final specific targets according to a upper second round and the libraries third party IP and/or third party's IP blacklists, to described
The step of current second round interim specific targets are adjusted, obtain the final specific targets of current second round include:
Final specific targets in a upper second round are related to the current second round interim specific targets
And IP address, the final specific targets of current second round are obtained by calculating as follows:
In the final people of the number grouping and the final specific targets of a upper second round of interim specific targets of current second round
When number is grouped into adjacent grouping, the grouping for selecting number big is grouped as the final number of current second round, is otherwise selected
The number grouping of interim specific targets of current second round,
It is the final specific targets that office outlet IP probability adds a second round in interim specific targets of current second round
In it is final be the sum of office outlet IP probability as the final of current second round be to handle official business to export the sum of IP probability,
It is the final specific targets that family's outlet IP probability adds a second round in interim specific targets of current second round
In it is final be the sum of family's outlet IP probability as current second round be finally the sum of family's outlet IP probability,
Be true man's probability in current second round interim specific targets plus in the final specific targets of a second round most
It is the sum of true man's probability to be eventually the sum of true man's probability as the final of current second round,
Liveness score in interim specific targets of current second round adds the sum of the final liveness score of a second round
Afterwards, divided by the final updated number that ID is recorded is updated, is multiplied by the IP update times, the final liveness as current second round
The sum of score;
It is temporarily specific in the current second round for being not directed in the final specific targets of a upper second round
IP address involved in index obtains the interim specific targets of current second round by calculating as follows:
It is grouped using the final number of number grouping as current second round in interim specific targets of current second round,
It is office outlet IP probability using in interim specific targets of current second round final to do as current second round
The sum of mouth IP probability away on official business,
Using in interim specific targets of current second round be family export IP probability as the final of current second round be family
Front yard exports the sum of IP probability,
Be true man's probability using in interim specific targets of current second round as current second round final true man's probability it
With,
With the liveness score divided by update ID in interim specific targets of current second round, the IP update times are multiplied by, as
The sum of the final liveness score of current second round;
The final specific targets of a upper second round, record update were covered using the final specific targets of current second round
The number of the final specific targets of second round and to the newer number of corresponding IP address.
5. IP address analysis method according to claim 4, which is characterized in that described final according to a upper second round
Specific targets and the libraries third party IP and/or third party's IP blacklists, adjust the current second round interim specific targets
Whole, the step of obtaining the final specific targets of current second round, further includes:
Filter out the number for corresponding to that IP does not conform to grammer or corresponding IP is LAN IP in the interim specific targets of current second round
According to;
According to the IP address additional information for including in the libraries third party IP, it is to do to adjust in interim specific targets of current second round
Mouth IP probability, family's outlet IP probability and true man's probability away on official business;
IP credit stain data are generated according to the third party IP blacklists, the IP credits stain data are added described current
The final specific targets of second round.
6. IP address analysis method according to claim 1, which is characterized in that this method further includes:
Interface is provided to third party, allows the credit data for accessing the IP address by the interface;Or,
It receives third party and sends out the IP checking requests for IP address, the corresponding credit data of the IP address is searched, according to institute
It states credit data and Credit Rank Appraisal is carried out to the IP address, evaluation result is returned to the third party.
7. a kind of IP address analysis system, which is characterized in that including big data platform and off-line calculation platform;
The big data platform, for storing original log, the historical data of IP address is collected and stored to calculating original log,
When collecting the historical data of IP address, it is specifically used for:
Original log is collected and parsed within the period 1,
By the information format in the original log, predefined index is obtained, the predefined index includes IP and following letter
Any one of breath is arbitrary multinomial:Time, working hour number of request, rest time period request number, sleep period number of request, work
Time period request file size, rest time period request file size, sleep period demand file size, working hour user agent
UserAgent numbers, rest period UserAgent numbers, sleep period UserAgent numbers, mobile terminal UserAgent numbers, the ends PC
UserAgent numbers, access source quantity, and hourage occurs in access domain name quantity;
The corresponding predefined index of each IP address is stored, each IP address corresponds to one or more predefined indexs,
It is one or many to obtain the libraries third party IP and/or third party's IP blacklists from third-party platform within second round;
The historical data of the off-line calculation platform, the IP address for being collected to the big data platform is analyzed, and is generated
The credit data of IP address is specifically used for carrying out the predefined index of period 1 corresponding with working day in second round pre-
Handle and obtained after normalizing each working day median, in the second round period 1 corresponding with day off it is pre-
It defines index and is pre-processed and obtained after being normalized each day off median, the second round includes multiple and working day
Corresponding period 1 and multiple period 1 corresponding with day off,
Average treatment is weighted respectively to each working day median and obtains working day weighted mean,
It is weighted average or maximum value respectively to each day off median and handles to obtain day off weighted mean or most
Big value,
According to one or more working day weighted mean, one or more day off weighted means were calculated in second round
Interim specific targets of current second round, the current second round interim specific targets include:This period is that office exports
IP probability, this period are that family exports IP probability, this period is true man's probability, this period liveness score, this period number point
Group,
According to the final specific targets of a upper second round and the libraries third party IP and/or third party's IP blacklists, to described current
Second round, interim specific targets were adjusted, and obtained the final specific targets of current second round, with the current second round
Credit data of the final specific targets as the IP address.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710216069.1A CN107707516B (en) | 2017-04-01 | 2017-04-01 | A kind of IP address analysis method and system |
| PCT/CN2018/079732 WO2018177167A1 (en) | 2017-04-01 | 2018-03-21 | Method for analyzing ip address, system, computer readable storage medium, and computer device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710216069.1A CN107707516B (en) | 2017-04-01 | 2017-04-01 | A kind of IP address analysis method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107707516A CN107707516A (en) | 2018-02-16 |
| CN107707516B true CN107707516B (en) | 2018-11-13 |
Family
ID=61169473
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710216069.1A Active CN107707516B (en) | 2017-04-01 | 2017-04-01 | A kind of IP address analysis method and system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN107707516B (en) |
| WO (1) | WO2018177167A1 (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107707516B (en) * | 2017-04-01 | 2018-11-13 | 贵州白山云科技有限公司 | A kind of IP address analysis method and system |
| CN110401727B (en) * | 2018-04-24 | 2022-04-19 | 北京数安鑫云信息技术有限公司 | IP address analysis method and device |
| CN108683531B (en) * | 2018-05-02 | 2019-06-21 | 百度在线网络技术(北京)有限公司 | Method and apparatus for handling log information |
| CN109873811A (en) * | 2019-01-16 | 2019-06-11 | 光通天下网络科技股份有限公司 | Network safety protection method and its network security protection system based on attack IP portrait |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101719824A (en) * | 2009-11-24 | 2010-06-02 | 北京信息科技大学 | Network behavior detection-based trust evaluation system and network behavior detection-based trust evaluation method |
| US8661119B1 (en) * | 2006-06-30 | 2014-02-25 | Google Inc. | Determining a number of users behind a set of one or more internet protocol (IP) addresses |
| CN104506356A (en) * | 2014-12-24 | 2015-04-08 | 网易(杭州)网络有限公司 | Method and device for determining credibility of IP (Internet protocol) address |
| CN105610616A (en) * | 2015-12-29 | 2016-05-25 | 赛尔网络有限公司 | Method and system for performing statistics to obtain average flow of single IP (Internet Protocol) of access network based on ICP (Internet Content Provider) activity |
| CN106230890A (en) * | 2016-07-15 | 2016-12-14 | 中电长城网际系统应用有限公司 | A kind of message normalization processing method and system |
| CN106254096A (en) * | 2016-07-21 | 2016-12-21 | 柳州龙辉科技有限公司 | A kind of processing means of Linux daily record |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1746916A (en) * | 2005-10-25 | 2006-03-15 | 二六三网络通信股份有限公司 | Network IP address credit assessment and use in electronic mail system |
| CN101014072A (en) * | 2007-02-15 | 2007-08-08 | 北京互联易通信息技术有限公司 | Method and apparatus for obtaining and analyzing data information aimed at data object |
| US20130067062A1 (en) * | 2011-09-12 | 2013-03-14 | Microsoft Corporation | Correlation of Users to IP Address Lease Events |
| US20150215334A1 (en) * | 2012-09-28 | 2015-07-30 | Level 3 Communications, Llc | Systems and methods for generating network threat intelligence |
| CN103475637B (en) * | 2013-04-24 | 2018-03-27 | 携程计算机技术(上海)有限公司 | The method for network access control and system of behavior are accessed based on IP |
| US9319382B2 (en) * | 2014-07-14 | 2016-04-19 | Cautela Labs, Inc. | System, apparatus, and method for protecting a network using internet protocol reputation information |
| CN104954188B (en) * | 2015-06-30 | 2018-05-01 | 北京奇安信科技有限公司 | Web log file safety analytical method based on cloud, device and system |
| CN107707516B (en) * | 2017-04-01 | 2018-11-13 | 贵州白山云科技有限公司 | A kind of IP address analysis method and system |
-
2017
- 2017-04-01 CN CN201710216069.1A patent/CN107707516B/en active Active
-
2018
- 2018-03-21 WO PCT/CN2018/079732 patent/WO2018177167A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8661119B1 (en) * | 2006-06-30 | 2014-02-25 | Google Inc. | Determining a number of users behind a set of one or more internet protocol (IP) addresses |
| CN101719824A (en) * | 2009-11-24 | 2010-06-02 | 北京信息科技大学 | Network behavior detection-based trust evaluation system and network behavior detection-based trust evaluation method |
| CN104506356A (en) * | 2014-12-24 | 2015-04-08 | 网易(杭州)网络有限公司 | Method and device for determining credibility of IP (Internet protocol) address |
| CN105610616A (en) * | 2015-12-29 | 2016-05-25 | 赛尔网络有限公司 | Method and system for performing statistics to obtain average flow of single IP (Internet Protocol) of access network based on ICP (Internet Content Provider) activity |
| CN106230890A (en) * | 2016-07-15 | 2016-12-14 | 中电长城网际系统应用有限公司 | A kind of message normalization processing method and system |
| CN106254096A (en) * | 2016-07-21 | 2016-12-21 | 柳州龙辉科技有限公司 | A kind of processing means of Linux daily record |
Non-Patent Citations (1)
| Title |
|---|
| 基于IP地址聚类的反垃圾邮件信誉系统;张洪, 等;《清华大学学报(自然科学版)》;20101015;第50卷(第10期);论文摘要、第1至5页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2018177167A1 (en) | 2018-10-04 |
| CN107707516A (en) | 2018-02-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107707516B (en) | A kind of IP address analysis method and system | |
| US11323347B2 (en) | Systems and methods for social graph data analytics to determine connectivity within a community | |
| CN102055818B (en) | Distributed intelligent DNS (domain name server) library system | |
| CN111143339B (en) | Method, device, equipment and storage medium for distributing service resources | |
| CN110943990B (en) | Big data-based data analysis system for communication security management and control | |
| CN108132830A (en) | A kind of method for scheduling task, apparatus and system | |
| CN105450705B (en) | Business data processing method and equipment | |
| CN102054000B (en) | Data querying method, device and system | |
| CN104427519B (en) | IP address ownership place management method and device | |
| CN108647357A (en) | The method and device of data query | |
| CN108282508A (en) | Determination method and device, information-pushing method and the device in geographical location | |
| CN110830445A (en) | Method and device for identifying abnormal access object | |
| CN110083600A (en) | A kind of method, apparatus, calculating equipment and the storage medium of log collection processing | |
| CN111191247A (en) | Database security audit system | |
| CN109086158A (en) | A kind of Analysis on Abnormal method, apparatus and server | |
| CN109510800A (en) | A kind of network request processing method, device, electronic equipment and storage medium | |
| CN106155913A (en) | The method and apparatus that cache hit rate is analyzed | |
| CN110704454B (en) | Report data acquisition system and method | |
| CN110532254A (en) | The method and apparatus of fused data table | |
| CN107656972A (en) | A kind of opening data fine-grained access control method for keeping data scarcity | |
| CN111488349A (en) | Data query method and device based on service data block chain | |
| CN107689969A (en) | A kind of determination method and device of cache policy | |
| CN106940715B (en) | A kind of method and apparatus of the inquiry based on concordance list | |
| CN107517262A (en) | Business datum storage method | |
| CN113392130B (en) | Data processing method, device and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100015 5 floor, block E, 201 IT tower, electronic city, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee after: GUIZHOU BAISHANCLOUD TECHNOLOGY Co.,Ltd. Address before: 100015 5 floor, block E, 201 IT tower, electronic city, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee before: GUIZHOU BAISHANCLOUD TECHNOLOGY Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20181105 Address after: 100015 Beijing Chaoyang District Jiuxianqiao North Road 10 hospital 201 Building 5 floor 505 inside 02 Patentee after: BEIJING SHUAN XINYUN INFORMATION TECHNOLOGY Co.,Ltd. Address before: 100015 5 floor, block E, 201 IT tower, electronic city, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee before: GUIZHOU BAISHANCLOUD TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right |