CN109302406B - Distributed webpage evidence obtaining method and system - Google Patents

Distributed webpage evidence obtaining method and system Download PDF

Info

Publication number
CN109302406B
CN109302406B CN201811285296.0A CN201811285296A CN109302406B CN 109302406 B CN109302406 B CN 109302406B CN 201811285296 A CN201811285296 A CN 201811285296A CN 109302406 B CN109302406 B CN 109302406B
Authority
CN
China
Prior art keywords
node
evidence obtaining
forensics
service request
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811285296.0A
Other languages
Chinese (zh)
Other versions
CN109302406A (en
Inventor
林海斌
陈艳
郭文静
陈雅贤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Faxin Gongzhengyun Xiamen Technology Co ltd
Original Assignee
Faxin Gongzhengyun Xiamen Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Faxin Gongzhengyun Xiamen Technology Co ltd filed Critical Faxin Gongzhengyun Xiamen Technology Co ltd
Priority to CN201811285296.0A priority Critical patent/CN109302406B/en
Publication of CN109302406A publication Critical patent/CN109302406A/en
Application granted granted Critical
Publication of CN109302406B publication Critical patent/CN109302406B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/18Legal services; Handling legal documents
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/52Network services specially adapted for the location of the user terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/69Types of network addresses using geographic information, e.g. room number

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • Tourism & Hospitality (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Economics (AREA)
  • General Health & Medical Sciences (AREA)
  • Human Resources & Organizations (AREA)
  • Marketing (AREA)
  • Primary Health Care (AREA)
  • Technology Law (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a distributed webpage evidence obtaining method, which comprises the following steps: s1: the data center receives a forensics service request from a user; s2: the data center distributes the evidence obtaining service request to a proper evidence obtaining main node registered in the registration center at present; s3: and after receiving the distributed evidence obtaining service request, the evidence obtaining main node analyzes the evidence obtaining service request, and distributes the evidence obtaining service request to an appropriate evidence obtaining slave node of the evidence obtaining main node based on the analysis result so as to execute an evidence obtaining process by the evidence obtaining slave node. The evidence obtaining service request is forwarded to the evidence obtaining main node and the evidence obtaining slave node to carry out double-layer distributed node scheduling, and a nodejs concurrent processing mechanism is adopted to still provide efficient and accurate webpage evidence obtaining service for the user under the condition of high data concurrency. And the evidence obtaining process is controlled by a notarization department mechanism, so that the higher practicability, safety, effectiveness and legality of the obtained evidence can be ensured under the condition of saving cost.

Description

Distributed webpage evidence obtaining method and system
Technical Field
The invention relates to the field of electronic evidence obtaining, in particular to a distributed webpage evidence obtaining method and system.
Background
With the popularization of networks, network behaviors of people become frequent. The internet is also increasingly used in various industries. Various activities are migrated to the internet in human society, and various applications represented by e-government affairs, e-commerce, e-finance, e-teaching and the like are formed, so that the use of the internet becomes the daily life habit of people. In this process, the network security problem gradually receives attention of people, and with the continuous emergence of network security events, the network information security becomes a hot problem.
At present, the extraction technology for network information evidence mainly designs a security acquisition technology for a computer system and files, avoids any damage and interference to an original medium, and a real-time data collection technology for the computer in a certain specific time period, and also comprises a restoration technology for information contained in an exchange file, a cache file and a temporary file.
With the rapid development of the internet, network infringement cases are frequently seen, and under the condition that the number of web pages is exponentially increased, it is very difficult for users to maintain the rights and interests of the users in time, and a large number of users have the requirements, so that the pressure of a evidence obtaining platform is very huge. In the process of notarization law enforcement, the webpage uses the content as evidence, so the webpage can be classified as a document, but the webpage is not easy to store, so the authenticity and the legality of evidence collection of the webpage can be notarized. Therefore, the more and more the notarization enforcement process, the evidence of the web page is used as one of the evidence acquisition ways. It is therefore important to find a more efficient forensic method and system that has an effective legal power.
At present, most of webpage evidence obtaining methods adopt a layer of distributed network architecture, the webpage evidence obtaining efficiency is low, nodes in the network are independently controlled by each enterprise, large-area coverage in the whole country cannot be realized, and collected webpage data does not necessarily have effective legal efficacy. Therefore, it is very significant to provide a method and a system for obtaining evidence with effective legal effectiveness.
Disclosure of Invention
Aiming at the problems that the existing webpage evidence obtaining method adopts a layer of distributed network architecture, the efficiency is low, evidence obtaining nodes are independently controlled by enterprises and cannot be covered by a large-area, the invention provides a distributed webpage evidence obtaining method, which comprises the following steps:
s1: the data center receives a forensics service request from a user;
s2: the data center distributes the evidence obtaining service request to a proper evidence obtaining main node registered in the registration center at present;
s3: and after receiving the distributed evidence obtaining service request, the evidence obtaining main node analyzes the evidence obtaining service request, and distributes the evidence obtaining service request to an appropriate evidence obtaining slave node of the evidence obtaining main node based on the analysis result so as to execute an evidence obtaining process by the evidence obtaining slave node.
And further, after the evidence obtaining flow is completed, the evidence obtaining slave node sends the evidence obtaining result to the evidence obtaining master node. The evidence obtaining main node and the evidence obtaining auxiliary node can be controlled by notarization department nodes and subordinate notarization nodes all over the country, and validity and legality of evidence are effectively achieved.
Further, S1 specifically includes: the method includes the steps of performing registration login on a registration center by a user, receiving an IP address and a real-time geographic position from the user, and receiving a corresponding webpage evidence obtaining service request. The registry is arranged in the data center of the cloud, and the data center of the cloud collects the evidence obtaining service requests of the users in a unified mode.
Further, the forensics master node registers with the registration center by: the forensics main node registers first node information in a registration center, wherein the first node information comprises an actual geographic address, an IP address, node capacity, node connection quantity, response time and node marks of the forensics main node; the forensic slave node registers with the registration center by: the evidence obtaining slave node of the evidence obtaining master node registers second node information in the registration center, wherein the second node information comprises an actual geographic address, an IP address, node capacity, the number of node processing tasks, response time, node marks and node attributes of the evidence obtaining slave node.
Further, S2 specifically includes the following steps:
s21: the data center sends the real-time geographic position of the user to a registration center to request the IP address of a forensics main node;
s22: the registration center matches the real-time geographical position of the user with the actual geographical address of the forensics main node and sends the IP address of the forensics main node or the IP address of the forensics main node with the minimum connection quantity of the current node to the data center according to the matching result, if the real-time geographical position of the user is matched with the actual geographical address of the forensics main node and the node of the forensics main node is marked as normal, the IP address of the forensics main node is sent to the data center, and if the matching does not exist or the matching does not exist but the node of the forensics main node is marked as abnormal, the IP address of the forensics main node with the minimum connection quantity of;
s23: the data center forwards the evidence obtaining service request to the evidence obtaining main node according to the IP address of the evidence obtaining main node or the IP address of the evidence obtaining main node with the least connection quantity of the current node; and the first-layer distributed node scheduling, namely the master node scheduling is verified.
S24: the monitoring center acquires the response time of the evidence obtaining main node and the node connection number in real time;
s25: and the registration center updates the first node information according to the information acquired by the monitoring center.
Further, S3 specifically includes the following steps:
s31: the data center sends the evidence obtaining service request and the analysis result of the user to a registration center to request the IP address of the evidence obtaining slave node;
s32: the registration center matches the node attributes of the evidence slave nodes according to the analysis result and sends the IP address of the evidence slave node or the IP address of the evidence slave node with the minimum current node connection number to the data center according to the matching result, the analysis result of the evidence service request comprises detailed websites, keywords and pictures, the node attributes comprise websites, keywords and pictures, if the analysis result of the evidence service request and the node attributes of the evidence slave nodes are matched and the node marks of the evidence slave nodes are normal, the IP address of the evidence slave node is sent to the data center, and if the matching does not exist or the matching exists but the node marks of the evidence slave nodes are abnormal, the IP address of the evidence slave node with the minimum current node connection number is sent to the data center;
s33: the data center forwards the evidence obtaining service request to the evidence obtaining slave node according to the IP address of the evidence obtaining slave node or the IP address of the evidence obtaining slave node with the least connection number of the current node; and realizing the second-layer distributed node scheduling, namely obtaining evidence from the node scheduling.
S34: the monitoring center acquires the response time of the evidence obtaining slave node and the number of node processing tasks in real time;
s35: and the registration center updates the second node information according to the information acquired by the monitoring center.
Further, the forensics main nodes with response time exceeding a threshold value and the forensics main nodes with the node connection quantity exceeding the node capacity are marked as abnormal, and the forensics main nodes are marked as normal under other conditions; and marking the forensic slave nodes with the response time exceeding the threshold value and the forensic slave nodes with the node processing task number exceeding the node capacity as abnormal, and marking the forensic slave nodes as normal under the other conditions.
Furthermore, a nodejs concurrent processing mechanism is adopted in the forensics main node and the data center to provide login registration and operation of receiving forensics service request for the user, and the concurrent processing mechanism is used for processing when the user amount reaches a certain amount. The method can still provide efficient and accurate webpage evidence obtaining service for the user under the condition of high data concurrency.
The invention also provides a distributed webpage evidence obtaining system, which comprises:
the registration login module is used for enabling a user to perform real-name registration login, creating a corresponding account for the user and allocating storage space;
the positioning acquisition module is used for acquiring the IP address and the real-time geographic position currently visited by the user;
the service request module is used for receiving a webpage evidence obtaining service request and an analysis result thereof provided by a user, acquiring an IP address of an evidence obtaining main node or the IP address of the evidence obtaining main node with the minimum current node connection quantity, forwarding the evidence obtaining service request to the evidence obtaining main node, acquiring the IP address of an evidence obtaining slave node or the IP address of the evidence obtaining slave node with the minimum current node connection quantity, and forwarding the evidence obtaining service request to the evidence obtaining slave node;
the evidence obtaining main node scheduling module is used for distributing the evidence obtaining service request to a proper evidence obtaining main node registered in the registration center at present, matching the real-time geographic position of the user with the actual geographic address of the evidence obtaining main node, matching the IP address of the evidence obtaining main node or the IP address of the evidence obtaining main node with the minimum connecting quantity of the current node according to the matching result, matching the node attribute of the evidence obtaining slave node according to the analysis result of the evidence obtaining service request and the IP address of the evidence obtaining slave node or the IP address of the evidence obtaining slave node with the minimum connecting quantity of the current node according to the matching result;
the service request analysis module is used for analyzing the received distributed evidence-obtaining service request and sending the evidence-obtaining service request to the service request module based on the analysis result, and the service request module distributes the evidence-obtaining service request to a proper evidence-obtaining slave node connected to the evidence-obtaining main node so as to execute an evidence-obtaining process by the evidence-obtaining slave node;
the evidence storage module is used for storing summary information of the evidence, generating an MD5 value of the evidence by using an MD5 algorithm, and storing user information, an MD5 value of the evidence and an IP address of the evidence obtaining main node;
and the evidence query module is used for acquiring the original data information from the evidence obtaining main node for the user to look up according to the user information, the evidence MD5 value and the IP address of the evidence obtaining main node.
The invention also proposes a computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method of any one of the above-mentioned.
According to the distributed webpage evidence obtaining method and system, the data center of the cloud end collects evidence obtaining service requests of users in a unified mode, and then the evidence obtaining service requests are forwarded to evidence obtaining main nodes and evidence obtaining slave nodes to conduct double-layer distributed node scheduling. The evidence obtaining main node and the evidence obtaining auxiliary node can be controlled by notarization department nodes and subordinate notarization nodes all over the country, double-layer distributed node scheduling and using region division nodes are adopted, evidence obtaining is carried out more efficiently on the premise of being convenient for users to use, and the evidence obtaining data has effective legal efficacy. And a nodejs concurrency processing mechanism is adopted to still provide efficient and accurate webpage evidence obtaining service for users under the condition of high data concurrency, the evidence obtaining process is controlled by a notarization department mechanism, and the evidence obtaining data can be guaranteed to have higher practicability, safety, effectiveness and legality under the condition of saving cost.
Drawings
The accompanying drawings are included to provide a further understanding of the embodiments and are incorporated in and constitute a part of this specification. The drawings illustrate embodiments and together with the description serve to explain the principles of the invention. Other embodiments and many of the intended advantages of embodiments will be readily appreciated as they become better understood by reference to the following detailed description. The elements of the drawings are not necessarily to scale relative to each other. Like reference numerals designate corresponding similar parts.
FIG. 1 is a general flowchart of a distributed web page forensics method of an embodiment of the invention;
FIG. 2 is a flowchart of step S2 of the distributed web page forensics method according to the embodiment of the invention;
FIG. 3 is a flowchart of step S3 of the distributed web page forensics method according to the embodiment of the invention;
fig. 4 is a block diagram of a distributed web page forensics system according to an embodiment of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides a distributed webpage evidence obtaining method, as shown in fig. 1, comprising the following steps:
s1: the data center receives a forensics service request from a user;
step S1 specifically includes: the method includes the steps of performing registration login on a registration center by a user, receiving an IP address and a real-time geographic position from the user, and receiving a corresponding webpage evidence obtaining service request. The registration center is arranged in a data center of the cloud, a user performs real-name registration login in modes of face recognition, fingerprint recognition, identification card recognition, mobile phone number verification and the like, and the system establishes a corresponding account for the user and allocates storage space. And the data center of the cloud end collects the evidence obtaining service requests of the users in a unified manner.
The forensics main node registers first node information in a registration center, wherein the first node information comprises an actual geographic address, an IP address, node capacity, node connection quantity, response time and node marks of the forensics main node; the evidence obtaining slave node of the evidence obtaining master node registers second node information in the registration center, wherein the second node information comprises an actual geographic address, an IP address, node capacity, the number of node processing tasks, response time, node marks and node attributes of the evidence obtaining slave node. The node capacity indicates how many tasks can be processed at the same time, and the node marks comprise normal and abnormal. When the forensics main node refuses to provide the service, the registration center deletes the corresponding first node information, and when the forensics main node provides the service again, the registration center adds the corresponding first node information. When the evidence-obtaining slave node refuses to provide the service, the registration center deletes the corresponding second node information, and when the evidence-obtaining slave node provides the service again, the registration center adds the corresponding second node information. The result of the forensics service request can be a detailed website, a keyword and a picture; the node attribute can also be a website, a keyword and a picture.
S2: the data center distributes the evidence obtaining service request to a proper evidence obtaining main node registered in the registration center at present;
as shown in fig. 2, S2 specifically includes the following steps:
s21: the data center sends the real-time geographic position of the user to a registration center to request the IP address of a forensics main node;
s22: the registration center matches the real-time geographical position of the user with the actual geographical address of the forensics main node and sends the IP address of the forensics main node or the IP address of the forensics main node with the minimum connection quantity of the current node to the data center according to the matching result, if the real-time geographical position of the user is matched with the actual geographical address of the forensics main node and the node of the forensics main node is marked as normal, the IP address of the forensics main node is sent to the data center, and if the matching does not exist or the matching does not exist but the node of the forensics main node is marked as abnormal, the IP address of the forensics main node with the minimum connection quantity of; and marking the forensics main nodes with response time exceeding a threshold value and the forensics main nodes with the node connection quantity exceeding the node capacity as abnormal, and marking the forensics main nodes as normal under the other conditions.
S23: the data center forwards the evidence obtaining service request to the evidence obtaining main node according to the IP address of the evidence obtaining main node or the IP address of the evidence obtaining main node with the least connection quantity of the current node; and the first-layer distributed node scheduling, namely the master node scheduling is verified.
S24: the monitoring center acquires the response time of the evidence obtaining main node and the node connection number in real time;
s25: and the registration center updates the first node information according to the information acquired by the monitoring center.
S3: and after receiving the distributed evidence obtaining service request, the evidence obtaining main node analyzes the evidence obtaining service request, and distributes the evidence obtaining service request to an appropriate evidence obtaining slave node of the evidence obtaining main node based on the analysis result so as to execute an evidence obtaining process by the evidence obtaining slave node.
As shown in fig. 3, S3 specifically includes the following steps:
s31: the data center sends the evidence obtaining service request and the analysis result of the user to a registration center to request the IP address of the evidence obtaining slave node;
s32: the registration center matches the node attributes of the evidence slave nodes according to the analysis result and sends the IP address of the evidence slave node or the IP address of the evidence slave node with the minimum current node connection number to the data center according to the matching result, the analysis result of the evidence service request comprises detailed websites, keywords and pictures, the node attributes comprise websites, keywords and pictures, if the analysis result of the evidence service request and the node attributes of the evidence slave nodes are matched and the node marks of the evidence slave nodes are normal, the IP address of the evidence slave node is sent to the data center, and if the matching does not exist or the matching exists but the node marks of the evidence slave nodes are abnormal, the IP address of the evidence slave node with the minimum current node connection number is sent to the data center; and marking the forensic slave nodes with the response time exceeding the threshold value and the forensic slave nodes with the node processing task number exceeding the node capacity as abnormal, and marking the forensic slave nodes as normal under the other conditions.
S33: the data center forwards the evidence obtaining service request to the evidence obtaining slave node according to the IP address of the evidence obtaining slave node or the IP address of the evidence obtaining slave node with the least connection number of the current node; and realizing the second-layer distributed node scheduling, namely obtaining evidence from the node scheduling.
S34: the monitoring center acquires the response time of the evidence obtaining slave node and the number of node processing tasks in real time;
s35: and the registration center updates the second node information according to the information acquired by the monitoring center.
If the node attribute of the evidence obtaining slave node is a detailed website, directly accessing the detailed website to carry out webpage evidence obtaining operation; if the node attribute is the keyword, searching the keyword by using a search engine, and selecting a corresponding amount of the searched website information to enter a corresponding website for webpage evidence obtaining operation; if the picture is the picture, the picture is analyzed by using a picture analysis algorithm, then network retrieval is carried out, and then the retrieved website information is selected to enter the corresponding website in a corresponding quantity to carry out webpage evidence obtaining operation. And after the evidence obtaining slave node completes the evidence obtaining process, the evidence obtaining result is sent to the evidence obtaining master node. The evidence obtaining main node and the evidence obtaining auxiliary node can be controlled by notarization department nodes and subordinate notarization nodes all over the country, and validity and legality of evidence are effectively achieved. And storing the evidence obtaining result, namely, using an MD5 algorithm to generate an MD5 value of the evidence, storing the user information, the MD5 value of the evidence, the original data storage address, namely, the evidence obtaining main node address and other contents, and obtaining the original data information from the evidence obtaining main node for the user to look up according to the user information, the MD5 value of the evidence and the original data storage address, namely, the evidence obtaining main node address.
And adopting nodejs concurrent processing mechanisms to provide login registration and receiving evidence obtaining service request operations for the users at the evidence obtaining main node and the data center, and using the concurrent processing mechanisms to process when the number of the users reaches a certain number. The method can still provide efficient and accurate webpage evidence obtaining service for the user under the condition of high data concurrency.
The invention also provides a distributed web page evidence obtaining system, as shown in fig. 4, including:
the registration login module 1 is used for enabling a user to perform real-name registration login, creating a corresponding account for the user and allocating storage space; in a preferred embodiment, the user performs real-name registration login by using face recognition, fingerprint recognition, identification card recognition, mobile phone number verification and the like in the registration login module 1.
The positioning acquisition module 2 is used for acquiring the IP address and the real-time geographic position currently visited by the user;
the service request module 3 is used for receiving a webpage evidence obtaining service request and an analysis result thereof provided by a user, acquiring an IP address of an evidence obtaining main node or the IP address of the evidence obtaining main node with the minimum current node connection quantity, forwarding the evidence obtaining service request to the evidence obtaining main node, acquiring the IP address of an evidence obtaining slave node or the IP address of the evidence obtaining slave node with the minimum current node connection quantity, and forwarding the evidence obtaining service request to the evidence obtaining slave node;
the forensics master node scheduling module 4 is used for allocating the forensics service request to a proper forensics master node registered in the current registration center, matching the real-time geographic position of the user with the actual geographic address of the forensics master node, matching the IP address of the forensics master node or the IP address of the forensics master node with the minimum number of the connected current nodes according to the matching result, matching the node attribute of the forensics slave node with the analysis result of the forensics service request, and matching the IP address of the forensics slave node or the IP address of the forensics slave node with the minimum number of the connected current nodes according to the matching result;
a service request analysis module 5, configured to analyze the received distributed forensics service request and send the forensics service request to the service request module 3 based on the analysis result, where the service request module distributes the forensics service request to an appropriate forensics slave node connected to the forensics master node, so as to execute a forensics process by the forensics slave node;
the evidence storage module is used for storing summary information of the evidence, generating an MD5 value of the evidence by using an MD5 algorithm, and storing user information, an MD5 value of the evidence and an IP address of the evidence obtaining main node;
and the evidence query module is used for acquiring the original data information from the evidence obtaining main node for the user to look up according to the user information, the evidence MD5 value and the IP address of the evidence obtaining main node.
Example one
Webpage evidence obtaining process: the user provides corresponding real-name information at the login module 1 for login and sets a user name and a login password so as to log in the system by using the corresponding user name and the password. And the current position of the user is acquired in real time through the positioning acquisition module 2, and a webpage evidence-obtaining service request is provided through the service request module.
After acquiring the forensics service request, the data center dispatches 4 the forensics main node through the forensics main node module, and forwards the forensics service request to the forensics main node selected by the system. The forensics master node obtains the forensics service request, then analyzes the forensics service request through the service request analysis module 5, completes forensics according to analysis results by using different schemes, schedules the forensics slave node by using a dynamic scheduling algorithm for the analyzed forensics service request, and forwards the analyzed forensics service request to the forensics slave node. And the evidence obtaining slave node finishes the evidence obtaining task after obtaining the evidence obtaining service request and returns the result to the corresponding evidence obtaining master node. The evidence storage module 6 stores the evidence obtaining result at the evidence obtaining main node, generates an MD5 value storage of the evidence obtaining result, and forwards the MD5 value to the data center. And the data center stores the evidence MD5 value and the original data storage address, namely the address of the evidence obtaining main node, into the account of the corresponding user.
And (3) node scheduling process: the forensics host node scheduling module 4 firstly selects the forensics host node preferentially according to the user positioning address, inquires the service queuing condition of the current forensics host node, and selects the forensics host node by using a minimum connection method if the service queuing condition exceeds the limit. The forensics master node schedules a plurality of forensics slave nodes to provide services using a least connectivity method.
Service request analysis flow: the service request analysis module 5 is used to analyze whether the forensic service request information made by the user is a specific web address or a keyword or a picture. And the evidence obtaining main node arranges the corresponding evidence obtaining slave node to process the evidence obtaining service request according to the analysis result.
And (3) evidence storage flow: the evidence obtaining slave node returns the evidence obtaining result to the evidence obtaining master node, and the evidence storage module 6 generates an MD5 value of the evidence in the evidence obtaining master node; and the forensics master node stores the original data and the MD5 value under the account of the corresponding user. The MD5 value is forwarded to the data center. The data center stores MD5 values under the respective user accounts.
And (3) evidence query flow: the user logs in the data center and selects the information to be queried in the evidence query module 7. The data center forwards the user information and the MD5 value of the selected evidence to the corresponding forensics master node. And the forensics main node forwards the original data to a data center for a user to view according to the user information and the MD5 value.
The invention also proposes a computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method of any one of the above-mentioned.
According to the distributed webpage evidence obtaining method and system, the data center collects evidence obtaining service requests of users in a unified mode, and then the evidence obtaining service requests are forwarded to evidence obtaining main nodes and evidence obtaining slave nodes to conduct double-layer distributed node scheduling. The evidence obtaining main node and the evidence obtaining auxiliary node can be controlled by notarization department nodes and subordinate notarization nodes all over the country, double-layer distributed node scheduling and using region division nodes are adopted, evidence obtaining is carried out more efficiently on the premise of being convenient for users to use, and the evidence obtaining data has effective legal efficacy. And a nodejs concurrency processing mechanism is adopted to still provide efficient and accurate webpage evidence obtaining service for users under the condition of high data concurrency, the evidence obtaining process is controlled by a notarization department mechanism, and the evidence obtaining data can be guaranteed to have higher practicability, safety, effectiveness and legality under the condition of saving cost.
While the present invention has been described with reference to the preferred embodiments, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined by the appended claims. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
In the description of the present application, although the steps are listed in a certain order in the method claims, the steps are not necessarily performed in the listed steps, but may be performed in an inverse or parallel manner without departing from the spirit and gist of the present invention. The word 'comprising' does not exclude the presence of elements or steps not listed in a claim. The word 'a' or 'an' preceding an element does not exclude the presence of a plurality of such elements. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage. Any reference signs in the claims shall not be construed as limiting the scope.

Claims (9)

1. A distributed webpage evidence obtaining method is characterized by comprising the following steps:
s1: the data center receives a forensics service request from a user;
s2: a data center distributes a forensics service request to an appropriate forensics master node currently registered in a registry, the forensics master node registering with the registry by: the forensics main node registers first node information in the registration center, wherein the first node information comprises an actual geographic address, an IP address, node capacity, node connection quantity, response time and node marks of the forensics main node; a forensic slave node registers with the registry by: the evidence obtaining slave node of the evidence obtaining master node registers second node information in the registration center, wherein the second node information comprises an actual geographic address, an IP address, node capacity, node processing task number, response time, node marks and node attributes of the evidence obtaining slave node;
s3: and after receiving the distributed evidence obtaining service request, the evidence obtaining main node analyzes the evidence obtaining service request, and distributes the evidence obtaining service request to an appropriate evidence obtaining slave node of the evidence obtaining main node based on the analysis result so as to execute an evidence obtaining process by the evidence obtaining slave node.
2. The distributed web page forensics method according to claim 1, wherein the forensics slave node sends the forensics result to the forensics master node after completing the forensics process.
3. The distributed web page forensics method according to claim 1, wherein the S1 specifically includes: the method includes the steps of registering and logging in on the registry by a user, receiving an IP address and a real-time geographic position from the user, and receiving a corresponding webpage evidence obtaining service request.
4. The distributed web page forensics method according to claim 1, wherein the S2 specifically includes the following steps:
s21: the data center sends the real-time geographic position of the user to the registration center to request the IP address of the evidence obtaining main node;
s22: the registration center matches the real-time geographical position of the user with the actual geographical address of the forensics main node and sends the IP address of the forensics main node or the IP address of the forensics main node with the minimum connection quantity of the current node to the data center according to the matching result, if the real-time geographical position of the user is matched with the actual geographical address of the forensics main node and the node mark of the forensics main node is normal, the IP address of the forensics main node is sent to the data center, and if the matching does not exist or the matching exists but the node mark of the forensics main node is abnormal, the IP address of the forensics main node with the minimum connection quantity of the current node is sent to the data center;
s23: the data center forwards a forensics service request to the forensics main node according to the IP address of the forensics main node or the IP address of the forensics main node with the least connection quantity of the current nodes;
s24: the monitoring center acquires the response time and the node connection number of the evidence obtaining main node in real time;
s25: and the registration center updates the first node information according to the information acquired by the monitoring center.
5. The distributed web page forensics method according to claim 1, wherein the S3 specifically includes the following steps:
s31: the data center sends the evidence obtaining service request and the analysis result of the user to the registration center to request the IP address of the evidence obtaining slave node;
s32: the registration center matches the node attributes of the evidence obtaining slave nodes according to the analysis results and sends the IP addresses of the evidence obtaining slave nodes or the IP addresses of the evidence obtaining slave nodes with the minimum current node connection quantity to the data center according to the matching results, the analysis results of the evidence obtaining service requests comprise detailed websites, keywords and pictures, the node attributes comprise websites, keywords and pictures, if the analysis results of the evidence obtaining service requests and the node attributes of the evidence obtaining slave nodes are matched and the node marks of the evidence obtaining slave nodes are normal, the IP addresses of the evidence obtaining slave nodes are sent to the data center, and if the matching does not exist or the matching exists but the node marks of the evidence obtaining slave nodes are abnormal, the IP addresses of the evidence obtaining slave nodes with the minimum current node connection quantity are sent to the data center;
s33: the data center forwards the evidence obtaining service request to the evidence obtaining slave node according to the IP address of the evidence obtaining slave node or the IP address of the evidence obtaining slave node with the least current node connection quantity;
s34: the monitoring center acquires the response time of the evidence obtaining slave node and the number of node processing tasks in real time;
s35: and the registration center updates the second node information according to the information acquired by the monitoring center.
6. The distributed web page forensics method according to any one of claims 1 to 5, wherein forensics master nodes whose response time exceeds a threshold and forensics master nodes whose number of connections of the nodes exceeds the capacity of the nodes are marked as abnormal, and the forensics master nodes are marked as normal in the rest cases; and marking the forensic slave nodes with the response time exceeding the threshold value and the forensic slave nodes with the node processing task number exceeding the node capacity as abnormal, and marking the forensic slave nodes as normal under the other conditions.
7. The distributed web page forensics method according to any one of claims 1 to 5, wherein a nodejs concurrent processing mechanism is adopted in the forensics master node and the data center to provide login registration and operation of receiving forensics service request for the user, and the concurrent processing mechanism is used for processing when the user amount reaches a certain amount.
8. A distributed web page forensics system, comprising:
the registration login module is used for enabling a user to perform real-name registration login, creating a corresponding account for the user and allocating storage space;
the positioning acquisition module is used for acquiring the IP address and the real-time geographic position currently visited by the user;
the service request module is used for receiving a webpage evidence obtaining service request and an analysis result thereof provided by a user, acquiring an IP address of an evidence obtaining main node or the IP address of the evidence obtaining main node with the minimum current node connection quantity, forwarding the evidence obtaining service request to the evidence obtaining main node, acquiring the IP address of an evidence obtaining slave node or the IP address of the evidence obtaining slave node with the minimum current node connection quantity, and forwarding the evidence obtaining service request to the evidence obtaining slave node;
the forensics service request comprises a forensics service request sending module, a forensics service request sending module and a forensics service request receiving module, wherein the forensics service request sending module is used for sending the forensics service request to a proper forensics master node registered in a registration center currently, matching the real-time geographical position of the user with the actual geographical address of the forensics master node according to the real-time geographical position of the user, matching the IP address of the forensics master node or the IP address of the forensics master node with the minimum current node connection number according to the matching result, matching the service of the forensics service request with the node attribute of the forensics slave node according to the matching result, and sending the IP address of the forensics;
the service request analysis module is used for analyzing the received distributed evidence obtaining service request and sending the evidence obtaining service request to the service request module based on the analysis result, and the service request module distributes the evidence obtaining service request to the proper evidence obtaining slave node of the evidence obtaining main node so as to execute the evidence obtaining process by the evidence obtaining slave node;
the evidence storage module is used for storing summary information of the evidence, generating an MD5 value of the evidence by using an MD5 algorithm, and storing user information, an MD5 value of the evidence and an IP address of the evidence obtaining main node;
and the evidence query module is used for acquiring the original data information from the evidence obtaining main node for the user to look up according to the user information, the evidence MD5 value and the IP address of the evidence obtaining main node.
9. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, is adapted to carry out the method of any one of claims 1 to 7.
CN201811285296.0A 2018-10-31 2018-10-31 Distributed webpage evidence obtaining method and system Active CN109302406B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811285296.0A CN109302406B (en) 2018-10-31 2018-10-31 Distributed webpage evidence obtaining method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811285296.0A CN109302406B (en) 2018-10-31 2018-10-31 Distributed webpage evidence obtaining method and system

Publications (2)

Publication Number Publication Date
CN109302406A CN109302406A (en) 2019-02-01
CN109302406B true CN109302406B (en) 2021-06-25

Family

ID=65145043

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811285296.0A Active CN109302406B (en) 2018-10-31 2018-10-31 Distributed webpage evidence obtaining method and system

Country Status (1)

Country Link
CN (1) CN109302406B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110191146A (en) * 2019-03-21 2019-08-30 北京北信源软件股份有限公司 A kind of long-range retrieval method of file based on browser and system
CN115186854B (en) * 2022-09-07 2022-12-16 艾斯特国际安全技术(深圳)有限公司 Certificate acquisition control method, device and system and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102340543A (en) * 2011-10-18 2012-02-01 华为技术有限公司 Method and equipment for selecting master node of system
CN102439913A (en) * 2009-02-27 2012-05-02 雅塔公司 System and method for network traffic management and load balancing
CN107291847A (en) * 2017-06-02 2017-10-24 东北大学 A kind of large-scale data Distributed Cluster processing method based on MapReduce

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101021928A (en) * 2007-03-12 2007-08-22 北京中网安达信息安全科技有限公司 Apparatus and method for antipiracy monitoring and evidence-taking
CN101465875B (en) * 2008-11-12 2011-12-07 湖南大学 Load equilibrium algorithm based on network orientation
US9710344B1 (en) * 2010-12-13 2017-07-18 Amazon Technologies, Inc. Locality based quorum eligibility
CN103401953B (en) * 2013-07-18 2016-07-06 东南大学 A kind of based on double-deck voice communication node addressing method end to end
CN104579851B (en) * 2015-01-28 2016-03-09 中国人民解放军国防科学技术大学 A kind of evidence-obtaining system for the interconnected core network of Large-scale Mobile

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102439913A (en) * 2009-02-27 2012-05-02 雅塔公司 System and method for network traffic management and load balancing
CN102340543A (en) * 2011-10-18 2012-02-01 华为技术有限公司 Method and equipment for selecting master node of system
CN107291847A (en) * 2017-06-02 2017-10-24 东北大学 A kind of large-scale data Distributed Cluster processing method based on MapReduce

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
A Cloud Architecture Using Smart Nodes;Balwinder Sodhi;《2011 IEEE Asia-Pacific Services Computing Conference》;20120112;116-123 *
Hadoop平台存储策略的研究与优化;高蓟超;《中国优秀硕士学位论文全文数据库 信息科技辑》;20121015(第10期);I137-21 *

Also Published As

Publication number Publication date
CN109302406A (en) 2019-02-01

Similar Documents

Publication Publication Date Title
US9712457B2 (en) Server directed client originated search aggregator
US20030131093A1 (en) System for generating usage data in a distributed information processing environment and method therefor
JP2010538366A (en) Aggregated search results for local and remote services
JP2010524132A (en) System and method for creating shared information list of peer-to-peer network related applications
CN110430188B (en) Rapid URL filtering method and device
CN102065147A (en) Method and device for obtaining user login information based on enterprise application system
CN104639391A (en) Method for generating network flow record and corresponding flow detection equipment
WO2017185912A1 (en) Method and apparatus for collecting statistics about terminal device information based on hash node
CN102752300A (en) Dynamic antitheft link system and dynamic antitheft link method
US20190310967A1 (en) Data tagging
CN109302406B (en) Distributed webpage evidence obtaining method and system
CN105915621A (en) Data access method and pretreatment server
JP2017220112A (en) Data management system, control method and program
CN104636368B (en) Data retrieval method, device and server
CN111177481B (en) User identifier mapping method and device
CN101551813A (en) Network connection apparatus, search equipment and method for collecting search engine data source
CN108900516B (en) Distributed service system of network space vulnerability merging platform
US9665732B2 (en) Secure Download from internet marketplace
US9973950B2 (en) Technique for data traffic analysis
CN112804226A (en) IP data processing method, device, equipment and medium
CN112818038A (en) Data management method based on combination of block chain and IPFS (Internet protocol file system) and related equipment
US20090300206A1 (en) Methods and systems for protecting e-mail addresses in publicly available network content
CN109408479A (en) Daily record data adding method, system, computer equipment and storage medium
Wang et al. Towards comprehensive analysis of tor hidden service access behavior identification under obfs4 scenario
WO2013057985A1 (en) Cache server resolving method, device, and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant