CN110177075B - Abnormal access interception method, device, computer equipment and storage medium - Google Patents
Abnormal access interception method, device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN110177075B CN110177075B CN201910299815.7A CN201910299815A CN110177075B CN 110177075 B CN110177075 B CN 110177075B CN 201910299815 A CN201910299815 A CN 201910299815A CN 110177075 B CN110177075 B CN 110177075B
- Authority
- CN
- China
- Prior art keywords
- monitoring
- abnormal
- access
- information
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/306—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Technology Law (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an abnormal access interception method, an abnormal access interception device, computer equipment and a storage medium. The method comprises the following steps: real-time monitoring is carried out on the management server according to a preset monitoring task so as to obtain server monitoring information; judging whether the monitoring information of the server exceeds a preset monitoring threshold value or not to obtain a monitoring information judgment result; if the monitoring information judging result is that the server monitoring information exceeds a preset monitoring threshold value, judging the server monitoring information according to a preset abnormal request judging rule to acquire an abnormal access request; and intercepting the access request information which is sent again by the terminal corresponding to the abnormal access request through a preset interception script as abnormal access request information. The method and the device can improve the accuracy of identifying and intercepting the abnormal access request based on the access rule technology, and achieve good technical effects in the actual application process.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to an abnormal access interception method, an abnormal access interception device, a computer device, and a storage medium.
Background
The server of the enterprise can provide access service for the user, and the user can access the server of the enterprise by feeding back corresponding data information to the user terminal after the user terminal sends an access request. However, the server of the enterprise is easily subject to network attack when providing access service, so that the abnormal access request received by the server needs to be judged and identified by the access request judging method to intercept the abnormal access request with attack behavior sent by the user terminal. However, the existing access request judging method has the defects of single judging rule and low identifying accuracy, so that partial abnormal access requests with attack behaviors are not identified and intercepted. Therefore, the prior art method has the problems of low accuracy in identifying and intercepting the abnormal access request.
Disclosure of Invention
The embodiment of the invention provides an abnormal access interception method, an abnormal access interception device, computer equipment and a storage medium, and aims to solve the problems of low accuracy in identifying and intercepting abnormal access requests in the prior art.
In a first aspect, an embodiment of the present invention provides an abnormal access interception method, including:
Real-time monitoring is carried out on the management server according to a preset monitoring task so as to obtain server monitoring information;
judging whether the monitoring information of the server exceeds a preset monitoring threshold value or not to obtain a monitoring information judgment result;
if the monitoring information judging result is that the server monitoring information exceeds a preset monitoring threshold value, judging the server monitoring information according to a preset abnormal request judging rule to acquire an abnormal access request;
and intercepting the access request information which is sent again by the terminal corresponding to the abnormal access request through a preset interception script as abnormal access request information.
In a second aspect, an embodiment of the present invention provides an abnormal access interception apparatus, including:
the monitoring information acquisition unit is used for monitoring the management server in real time according to a preset monitoring task to obtain server monitoring information;
the monitoring information judging unit is used for judging whether the monitoring information of the server exceeds a preset monitoring threshold value or not so as to obtain a monitoring information judging result;
the abnormal access request acquisition unit is used for judging the server monitoring information according to a preset abnormal request judgment rule to acquire an abnormal access request if the monitoring information judgment result is that the server monitoring information exceeds a preset monitoring threshold;
The access request information interception unit is used for intercepting the access request information which is sent again by the terminal corresponding to the abnormal access request as abnormal access request information through a preset interception script.
In a third aspect, an embodiment of the present invention further provides a computer device, which includes a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the processor implements the method for blocking abnormal access according to the first aspect when executing the computer program.
In a fourth aspect, an embodiment of the present invention further provides a computer readable storage medium, where the computer readable storage medium stores a computer program, where the computer program when executed by a processor causes the processor to perform the abnormal access interception method described in the first aspect.
The embodiment of the invention provides an abnormal access interception method, an abnormal access interception device, computer equipment and a storage medium. The server is monitored to obtain server monitoring information, whether the server monitoring information exceeds a monitoring threshold value is judged, if yes, a terminal corresponding to the abnormal access request is obtained, and access request information sent again by the terminal is taken as abnormal access request information to be intercepted. By the method for intercepting the abnormal access, the accuracy of identifying and intercepting the abnormal access request can be improved, and a good technical effect is achieved in the practical application process.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of an abnormal access interception method according to an embodiment of the present invention;
FIG. 2 is a schematic sub-flowchart of an abnormal access interception method according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of another sub-flow of the method for intercepting abnormal access according to the embodiment of the present invention;
FIG. 4 is a schematic diagram of another sub-flow of the method for intercepting abnormal access according to the embodiment of the present invention;
FIG. 5 is another schematic flow chart of an abnormal access interception method according to an embodiment of the present invention;
FIG. 6 is a schematic block diagram of an abnormal access interception device according to an embodiment of the present invention;
FIG. 7 is a schematic block diagram of a subunit of an abnormal access blocking apparatus according to an embodiment of the present invention;
FIG. 8 is a schematic block diagram of another subunit of an abnormal access blocking apparatus according to an embodiment of the present invention;
FIG. 9 is a schematic block diagram of another subunit of an abnormal access blocking apparatus according to an embodiment of the present invention;
FIG. 10 is a schematic block diagram of another subunit of an abnormal access blocking apparatus according to an embodiment of the present invention;
fig. 11 is a schematic block diagram of a computer device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be understood that the terms "comprises" and "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
Referring to fig. 1, fig. 1 is a flowchart illustrating an abnormal access interception method according to an embodiment of the present invention. The abnormal access interception method is applied to the management server, and the method is executed through application software installed in the management server, and the management server is an enterprise terminal for executing the abnormal access interception method to identify and intercept the abnormal access request sent to the management server.
As shown in fig. 1, the method includes steps S110 to S140.
And S110, monitoring the management server in real time according to a preset monitoring task to obtain server monitoring information.
And monitoring the management server in real time according to a preset monitoring task to obtain server monitoring information. Specifically, the preset monitoring task is task information for monitoring the management server, and the preset monitoring task includes an application interface access monitoring rule and a server flow monitoring rule. The management server provides network access service for other terminals in the Internet, the other terminals send access request information to the management server through the Internet, the management server acquires the access request information and feeds back data information to the terminals to provide the network access service, and each network access received by the management server is monitored by a preset monitoring task.
In one embodiment, as shown in FIG. 2, step S110 includes sub-steps S111, S112, and S113.
And S111, monitoring the management server in real time according to an application interface access monitoring rule in a preset monitoring task to acquire the application interface access times of the management server.
And monitoring the management server in real time according to the application interface access monitoring rule in the preset monitoring task to acquire the application interface access times of the management server. Specifically, the application program is deployed in the management server, the deployed application program includes a plurality of interfaces, and each piece of access request information is accessed by a certain interface of the application program in the management server, so that the access request information received by each interface of the application program in the management server can be monitored according to the application interface access monitoring rule in the preset monitoring task, so as to obtain the times of the access request information received by each interface in the application program and count according to unit time, and the access times of the application interface of the management server can be finally obtained. The unit time can be set by a user in a preset monitoring task.
For example, an application deployed in a certain management server includes five interfaces, and the number of access times corresponding to the obtained application interfaces is shown in table 1.
| Interface | Interface 1 | Interface 2 | Interface 3 | Interface 4 | Interface 5 |
| Number of accesses | 500 | 300 | 1200 | 800 | 400 |
TABLE 1
And S112, monitoring the management server in real time according to a server flow monitoring rule in a preset monitoring task so as to acquire access flow information of the management server.
And monitoring the management server in real time according to a server flow monitoring rule in a preset monitoring task to acquire access flow information of the management server. All the access request information received by the management server can be obtained in real time through the server flow monitoring rule, and the access flow information of the management server can be obtained by counting all the received access request information according to unit time. The unit time can be set by a user in a preset monitoring task.
S113, acquiring the access times of the application interface and the access flow information to obtain server monitoring information.
And acquiring the access times of the application interface and the access flow information to obtain server monitoring information. The server monitoring information is monitoring information generated by monitoring the management server through a preset monitoring task, and the server monitoring information comprises the access times and the access flow information of the application interface.
And S120, judging whether the monitoring information of the server exceeds a preset monitoring threshold value or not to obtain a monitoring information judging result.
Judging whether the monitoring information of the server exceeds a preset monitoring threshold value or not to obtain a monitoring information judging result. Specifically, the preset monitoring threshold value comprises an interface access frequency threshold value and an access flow threshold value, and if the service monitoring information exceeds the interface access threshold value or exceeds the access flow threshold value, the judgment result of the monitoring information is that the server monitoring information exceeds the preset monitoring threshold value; if the service monitoring information does not exceed the interface access threshold and does not exceed the access flow threshold, the judgment result of the monitoring information is that the server monitoring information does not exceed the preset monitoring threshold.
In one embodiment, as shown in FIG. 3, step S120 includes substeps S121, S122, and S123.
S121, judging whether the server monitoring information exceeds an interface access frequency threshold value in the preset monitoring threshold value or not to obtain an interface access judgment result.
Judging whether the server monitoring information exceeds an interface access frequency threshold value in the preset monitoring threshold value or not to obtain an interface access judging result. Specifically, the access times of the application interfaces in the server monitoring information are obtained, whether the access times of each interface in the application interface access times exceed an interface access time threshold or not is judged, and if the access times of a certain interface exceed the interface access time threshold, an interface access judgment result is obtained, wherein the server monitoring information exceeds the interface access time threshold in a preset monitoring threshold; if the access times of all the interfaces do not exceed the interface access times threshold, obtaining an interface access judgment result that the server monitoring information does not exceed the interface access times threshold in the preset monitoring threshold.
For example, if the threshold of the number of access times of the interface in the preset monitoring threshold is 1000, the counted number of access times of the application interface in table 1 is judged, and the interface access judgment result is that the monitoring information of the server exceeds the threshold of the number of access times of the interface in the preset monitoring threshold.
S122, judging whether the server monitoring information exceeds an access flow threshold value in the preset monitoring threshold value or not to obtain a flow threshold value judging result.
Judging whether the server monitoring information exceeds an access flow threshold value in the preset monitoring threshold value or not to obtain a flow threshold value judging result. Specifically, access flow information in the server monitoring information is obtained, and a flow threshold judgment result can be obtained if the access flow information exceeds an access flow threshold in a preset monitoring threshold.
For example, if the access flow threshold in the preset monitoring threshold is 30% of the total access amount, the total access amount is 10000, and the access flow information is 3200, the obtained flow threshold judgment result is that the server monitoring information exceeds the access flow threshold in the preset monitoring threshold.
And S123, determining a monitoring information judgment result according to the interface access judgment result and the flow threshold judgment result.
And determining a monitoring information judgment result according to the interface access judgment result and the flow threshold judgment result. If the flow threshold value judging result is that the server monitoring information exceeds the access flow threshold value in the preset monitoring threshold value or the interface access judging result is that the server monitoring information exceeds the interface access frequency threshold value in the preset monitoring threshold value, the monitoring information judging result is obtained to be that the server monitoring information exceeds the preset monitoring threshold value, otherwise, the monitoring information judging result is obtained to be that the server monitoring information does not exceed the preset monitoring threshold value.
And S130, if the monitoring information judging result is that the server monitoring information exceeds a preset monitoring threshold, judging the server monitoring information according to a preset abnormal request judging rule so as to acquire an abnormal access request.
And if the monitoring information judging result is that the server monitoring information exceeds a preset monitoring threshold value, judging the server monitoring information according to a preset abnormal request judging rule so as to acquire an abnormal access request. If the server monitoring information exceeds the preset monitoring threshold, judging the access request information contained in the monitored server monitoring information, and acquiring an abnormal access request with an abnormality in the access request information. The preset abnormal request judging rule is rule information for judging the access request information to acquire an abnormal access request.
In one embodiment, as shown in FIG. 4, step S130 includes sub-steps S131, S132, and S133.
S131, analyzing the request data packet of each piece of access request information contained in the server monitoring information to obtain the main structure of each request data packet.
And analyzing the request data packet of each piece of access request information contained in the server monitoring information to acquire the main structure of each request data packet. The terminal performs data information interaction with the server to be monitored through the Internet in the form of sending data packets, namely, each piece of access request information corresponds to one request data packet, and the one request data packet comprises a head structure and a main body structure. And analyzing the request data packet of each access request message in the server monitoring message to obtain a main body structure of each request data packet, wherein the main body structure comprises specific data information of the access request message.
S132, judging whether the main structure of each request data packet exceeds a data threshold value in the abnormal request judging rule so as to acquire the abnormal request data packet exceeding the data threshold value.
Judging whether the main structure of each request data packet exceeds a data threshold value in the abnormal request judging rule or not so as to acquire the abnormal request data packet exceeding the data threshold value. Specifically, the data threshold is threshold information for determining the size of the main structure of the request packet, the size of the main structure is expressed in bytes (bytes), and the request packet whose main structure exceeds the data threshold is acquired as an abnormal request packet.
For example, if a main structure of a certain request data packet is 350kB and a data threshold is 20kB, and the main structure of the request data packet is greater than the data threshold, the request data packet is an abnormal request data packet.
S133, judging whether the number of placeholders contained in the main structure of the abnormal request data packet exceeds a placeholder threshold value in the abnormal request judging rule, so as to take access request information corresponding to the abnormal request data packet exceeding the placeholder threshold value as an abnormal access request.
Judging whether the number of placeholders contained in the main structure of the abnormal request data packet exceeds a placeholder threshold value in the abnormal request judging rule, and taking access request information corresponding to the abnormal request data packet exceeding the placeholder threshold value as an abnormal access request. The number of placeholders included in the main structure of the request data packet corresponding to the normal access request information is limited, and the access request information with more placeholders may include viruses or other malicious codes, so that a placeholder threshold value can be set to judge whether the number of the placeholders included in the main structure of the abnormal request data packet exceeds the placeholder threshold value or not, so as to obtain an abnormal access request according to a judging result.
For example, if the threshold of placeholders in the exception request judgment rule is 10 and the number of placeholders included in the main structure of a certain exception request packet is 12, access request information corresponding to the exception request packet is acquired as an exception access request.
S140, intercepting the access request information which is sent again by the terminal corresponding to the abnormal access request through a preset interception script as abnormal access request information.
And intercepting the access request information which is sent again by the terminal corresponding to the abnormal access request through a preset interception script as abnormal access request information. Specifically, the script is a computer programming language, the script is a combination of a series of operation actions of a control computer, and the preset interception script is a script for intercepting access request information sent to a server to be monitored by the terminal.
In one embodiment, as shown in FIG. 5, step S140 includes sub-steps S141 and S142.
S141, analyzing the request data packet of the abnormal access request to acquire corresponding abnormal address information from the head structure of the request data packet.
And analyzing the request data packet of the abnormal access request to acquire corresponding abnormal address information from the head structure of the request data packet. Each access request message corresponds to a request data packet, the request data packet comprises a header structure and a main structure, the header structure of the request data packet comprises interface information of a required access application program, network address information of a terminal sending the access request message and the like, the request data packet of the abnormal access request is obtained, and the request data packet is analyzed, so that the network address information of the terminal sending the abnormal access request can be obtained from the header structure of the request data packet, namely, the abnormal address information is obtained.
S142, intercepting the access request information which is sent again by the terminal corresponding to the abnormal address information through a preset interception script as abnormal access request information.
And intercepting the access request information which is sent again by the terminal corresponding to the abnormal address information as abnormal access request information through a preset interception script. Specifically, if new access request information is received, network address information of a terminal sending the access request information is obtained, and if the network address information corresponding to the access request information is abnormal address information, the access request information is intercepted through a preset interception script, that is, network access of the access request information to a server to be monitored is forbidden.
The server is monitored to obtain server monitoring information, whether the server monitoring information exceeds a monitoring threshold value is judged, if yes, a terminal corresponding to the abnormal access request is obtained, and access request information sent again by the terminal is taken as abnormal access request information to be intercepted. By the method for intercepting the abnormal access, the accuracy of identifying and intercepting the abnormal access request can be improved, and a good technical effect is achieved in the practical application process.
The embodiment of the invention also provides an abnormal access interception device which is used for executing any embodiment of the abnormal access interception method. Specifically, referring to fig. 6, fig. 6 is a schematic block diagram of an abnormal access interception apparatus according to an embodiment of the present invention. The abnormal access intercepting means may be configured in the management server.
As shown in fig. 6, the abnormal access interception apparatus 100 includes a monitoring information acquisition unit 110, a monitoring information judgment unit 120, an abnormal access request acquisition unit 130, and an access request information interception unit 140.
The monitoring information obtaining unit 110 is configured to monitor the management server in real time according to a preset monitoring task to obtain server monitoring information.
And monitoring the management server in real time according to a preset monitoring task to obtain server monitoring information. Specifically, the preset monitoring task is task information for monitoring the management server, and the preset monitoring task includes an application interface access monitoring rule and a server flow monitoring rule. The management server provides network access service for other terminals in the Internet, the other terminals send access request information to the management server through the Internet, the management server acquires the access request information and feeds back data information to the terminals to provide the network access service, and each network access received by the management server is monitored by a preset monitoring task.
In other embodiments of the present invention, as shown in fig. 7, the monitoring information obtaining unit 110 includes a subunit: the application interface access monitoring unit 111, the access flow information acquisition unit 112, and the server monitoring information acquisition unit 113.
The application interface access monitoring unit 111 is configured to monitor the management server in real time according to an application interface access monitoring rule in a preset monitoring task, so as to obtain the number of application interface accesses of the management server.
And monitoring the management server in real time according to the application interface access monitoring rule in the preset monitoring task to acquire the application interface access times of the management server. Specifically, the application program is deployed in the management server, the deployed application program includes a plurality of interfaces, and each piece of access request information is accessed by a certain interface of the application program in the management server, so that the access request information received by each interface of the application program in the management server can be monitored according to the application interface access monitoring rule in the preset monitoring task, so as to obtain the times of the access request information received by each interface in the application program and count according to unit time, and the access times of the application interface of the management server can be finally obtained. The unit time can be set by a user in a preset monitoring task.
The access flow information obtaining unit 112 is configured to monitor the management server in real time according to a server flow monitoring rule in a preset monitoring task, so as to obtain access flow information of the management server.
And monitoring the management server in real time according to a server flow monitoring rule in a preset monitoring task to acquire access flow information of the management server. All the access request information received by the management server can be obtained in real time through the server flow monitoring rule, and the access flow information of the management server can be obtained by counting all the received access request information according to unit time. The unit time can be set by a user in a preset monitoring task.
The server monitoring information obtaining unit 113 is configured to obtain the access times of the application interface and the access flow information to obtain server monitoring information.
And acquiring the access times of the application interface and the access flow information to obtain server monitoring information. The server monitoring information is monitoring information generated by monitoring the management server through a preset monitoring task, and the server monitoring information comprises the access times and the access flow information of the application interface.
The monitoring information judging unit 120 is configured to judge whether the server monitoring information exceeds a preset monitoring threshold value, so as to obtain a monitoring information judging result.
Judging whether the monitoring information of the server exceeds a preset monitoring threshold value or not to obtain a monitoring information judging result. Specifically, the preset monitoring threshold value comprises an interface access frequency threshold value and an access flow threshold value, and if the service monitoring information exceeds the interface access threshold value or exceeds the access flow threshold value, the judgment result of the monitoring information is that the server monitoring information exceeds the preset monitoring threshold value; if the service monitoring information does not exceed the interface access threshold and does not exceed the access flow threshold, the judgment result of the monitoring information is that the server monitoring information does not exceed the preset monitoring threshold.
In other embodiments of the present invention, as shown in fig. 8, the monitoring information determining unit 120 includes a subunit: an interface access determination unit 121, a flow determination unit 122, and a determination result acquisition unit 123.
The interface access judging unit 121 is configured to judge whether the server monitoring information exceeds an interface access frequency threshold in the preset monitoring threshold, so as to obtain an interface access judging result.
Judging whether the server monitoring information exceeds an interface access frequency threshold value in the preset monitoring threshold value or not to obtain an interface access judging result. Specifically, the access times of the application interfaces in the server monitoring information are obtained, whether the access times of each interface in the application interface access times exceed an interface access time threshold or not is judged, and if the access times of a certain interface exceed the interface access time threshold, an interface access judgment result is obtained, wherein the server monitoring information exceeds the interface access time threshold in a preset monitoring threshold; if the access times of all the interfaces do not exceed the interface access times threshold, obtaining an interface access judgment result that the server monitoring information does not exceed the interface access times threshold in the preset monitoring threshold.
The flow judging unit 122 is configured to judge whether the server monitoring information exceeds an access flow threshold in the preset monitoring threshold, so as to obtain a flow threshold judging result.
Judging whether the server monitoring information exceeds an access flow threshold value in the preset monitoring threshold value or not to obtain a flow threshold value judging result. Specifically, access flow information in the server monitoring information is obtained, and a flow threshold judgment result can be obtained if the access flow information exceeds an access flow threshold in a preset monitoring threshold.
And a judgment result obtaining unit 123, configured to determine a judgment result of the monitoring information according to the interface access judgment result and the traffic threshold judgment result.
And determining a monitoring information judgment result according to the interface access judgment result and the flow threshold judgment result. If the flow threshold value judging result is that the server monitoring information exceeds the access flow threshold value in the preset monitoring threshold value or the interface access judging result is that the server monitoring information exceeds the interface access frequency threshold value in the preset monitoring threshold value, the monitoring information judging result is obtained to be that the server monitoring information exceeds the preset monitoring threshold value, otherwise, the monitoring information judging result is obtained to be that the server monitoring information does not exceed the preset monitoring threshold value.
The abnormal access request obtaining unit 130 is configured to determine the server monitoring information according to a preset abnormal request determining rule to obtain an abnormal access request if the monitoring information determination result indicates that the server monitoring information exceeds a preset monitoring threshold.
And if the monitoring information judging result is that the server monitoring information exceeds a preset monitoring threshold value, judging the server monitoring information according to a preset abnormal request judging rule so as to acquire an abnormal access request. If the server monitoring information exceeds the preset monitoring threshold, judging the access request information contained in the monitored server monitoring information, and acquiring an abnormal access request with an abnormality in the access request information. The preset abnormal request judging rule is rule information for judging the access request information to acquire an abnormal access request.
In other embodiments of the invention, as shown in fig. 9, the abnormal access request obtaining unit 130 includes a subunit: a request packet parsing unit 131, an abnormal packet acquisition unit 132, and a placeholder number judgment unit 133.
The request packet parsing unit 131 is configured to parse the request packet of each access request message included in the server monitoring message to obtain a main structure of each request packet.
And analyzing the request data packet of each piece of access request information contained in the server monitoring information to acquire the main structure of each request data packet. The terminal performs data information interaction with the server to be monitored through the Internet in the form of sending data packets, namely, each piece of access request information corresponds to one request data packet, and the one request data packet comprises a head structure and a main body structure. And analyzing the request data packet of each access request message in the server monitoring message to obtain a main body structure of each request data packet, wherein the main body structure comprises specific data information of the access request message.
An abnormal data packet obtaining unit 132, configured to determine whether the main structure of each request data packet exceeds a data threshold in the abnormal request determining rule, so as to obtain an abnormal request data packet exceeding the data threshold.
Judging whether the main structure of each request data packet exceeds a data threshold value in the abnormal request judging rule or not so as to acquire the abnormal request data packet exceeding the data threshold value. Specifically, the data threshold is threshold information for determining the size of the main structure of the request packet, the size of the main structure is expressed in bytes (bytes), and the request packet whose main structure exceeds the data threshold is acquired as an abnormal request packet.
And a placeholder number judging unit 133, configured to judge whether the number of placeholders included in the main structure of the abnormal request packet exceeds a placeholder threshold in the abnormal request judging rule, so as to use access request information corresponding to the abnormal request packet exceeding the placeholder threshold as an abnormal access request.
Judging whether the number of placeholders contained in the main structure of the abnormal request data packet exceeds a placeholder threshold value in the abnormal request judging rule, and taking access request information corresponding to the abnormal request data packet exceeding the placeholder threshold value as an abnormal access request. The number of placeholders included in the main structure of the request data packet corresponding to the normal access request information is limited, and the access request information with more placeholders may include viruses or other malicious codes, so that a placeholder threshold value can be set to judge whether the number of the placeholders included in the main structure of the abnormal request data packet exceeds the placeholder threshold value or not, so as to obtain an abnormal access request according to a judging result.
And the access request information interception unit 140 is configured to intercept, by using a preset interception script, access request information that is sent again by the terminal corresponding to the abnormal access request as abnormal access request information.
And intercepting the access request information which is sent again by the terminal corresponding to the abnormal access request through a preset interception script as abnormal access request information. Specifically, the script is a computer programming language, the script is a combination of a series of operation actions of a control computer, and the preset interception script is a script for intercepting access request information sent to a server to be monitored by the terminal.
In other embodiments of the present invention, as shown in fig. 10, the access request information interception unit 140 includes a subunit: an abnormal address information acquisition unit 141 and an abnormal access interception unit 142.
The abnormal address information obtaining unit 141 is configured to parse a request packet of an abnormal access request to obtain corresponding abnormal address information from a header structure of the request packet.
And analyzing the request data packet of the abnormal access request to acquire corresponding abnormal address information from the head structure of the request data packet. Each access request message corresponds to a request data packet, the request data packet comprises a header structure and a main structure, the header structure of the request data packet comprises interface information of a required access application program, network address information of a terminal sending the access request message and the like, the request data packet of the abnormal access request is obtained, and the request data packet is analyzed, so that the network address information of the terminal sending the abnormal access request can be obtained from the header structure of the request data packet, namely, the abnormal address information is obtained.
The abnormal access interception unit 142 is configured to intercept, by using a preset interception script, access request information that is sent again by the terminal corresponding to the abnormal address information as abnormal access request information.
And intercepting the access request information which is sent again by the terminal corresponding to the abnormal address information as abnormal access request information through a preset interception script. Specifically, if new access request information is received, network address information of a terminal sending the access request information is obtained, and if the network address information corresponding to the access request information is abnormal address information, the access request information is intercepted through a preset interception script, that is, network access of the access request information to a server to be monitored is forbidden.
The server is monitored to obtain server monitoring information, whether the server monitoring information exceeds a monitoring threshold value is judged, if yes, a terminal corresponding to the abnormal access request is obtained, and access request information sent again by the terminal is taken as abnormal access request information to be intercepted. By the method for intercepting the abnormal access, the accuracy of identifying and intercepting the abnormal access request can be improved, and a good technical effect is achieved in the practical application process.
The above-described abnormal access interception means may be implemented in the form of a computer program that can be run on a computer device as shown in fig. 11.
Referring to fig. 11, fig. 11 is a schematic block diagram of a computer device according to an embodiment of the present invention.
With reference to FIG. 11, the computer device 500 includes a processor 502, memory, and a network interface 505 connected by a system bus 501, where the memory may include a non-volatile storage medium 503 and an internal memory 504.
The non-volatile storage medium 503 may store an operating system 5031 and a computer program 5032. The computer program 5032, when executed, may cause the processor 502 to perform an exception access interception method.
The processor 502 is used to provide computing and control capabilities to support the operation of the overall computer device 500.
The internal memory 504 provides an environment for the execution of a computer program 5032 in the non-volatile storage medium 503, which computer program 5032, when executed by the processor 502, causes the processor 502 to perform an abnormal access interception method.
The network interface 505 is used for network communication, such as providing for transmission of data information, etc. It will be appreciated by those skilled in the art that the structure shown in FIG. 11 is merely a block diagram of some of the structures associated with the present inventive arrangements and does not constitute a limitation of the computer device 500 to which the present inventive arrangements may be applied, and that a particular computer device 500 may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
Wherein the processor 502 is configured to execute a computer program 5032 stored in a memory to perform the following functions: real-time monitoring is carried out on the management server according to a preset monitoring task so as to obtain server monitoring information; judging whether the monitoring information of the server exceeds a preset monitoring threshold value or not to obtain a monitoring information judgment result; if the monitoring information judging result is that the server monitoring information exceeds a preset monitoring threshold value, judging the server monitoring information according to a preset abnormal request judging rule to acquire an abnormal access request; and intercepting the access request information which is sent again by the terminal corresponding to the abnormal access request through a preset interception script as abnormal access request information.
In one embodiment, the processor 502 performs the following operations when performing the step of monitoring the management server in real time according to the preset monitoring task to obtain the server monitoring information: monitoring a management server in real time according to an application interface access monitoring rule in a preset monitoring task to obtain the application interface access times of the management server; monitoring a management server in real time according to a server flow monitoring rule in a preset monitoring task to acquire access flow information of the management server; and acquiring the access times of the application interface and the access flow information to obtain server monitoring information.
In one embodiment, when the processor 502 performs the step of determining whether the server monitoring information exceeds the preset monitoring threshold to obtain the monitoring information determination result, the following operations are performed: judging whether the server monitoring information exceeds an interface access frequency threshold value in the preset monitoring threshold value or not to obtain an interface access judgment result; judging whether the server monitoring information exceeds an access flow threshold value in the preset monitoring threshold value or not to obtain a flow threshold value judging result; and determining a monitoring information judgment result according to the interface access judgment result and the flow threshold judgment result.
In one embodiment, when the processor 502 performs the step of determining the server monitoring information according to the preset abnormal request determination rule to obtain the abnormal access request if the monitoring information determination result is that the server monitoring information exceeds the preset monitoring threshold, the following operations are performed: analyzing a request data packet of each access request message contained in the server monitoring message to acquire a main structure of each request data packet; judging whether the main structure of each request data packet exceeds a data threshold value in the abnormal request judging rule so as to acquire an abnormal request data packet exceeding the data threshold value; judging whether the number of placeholders contained in the main structure of the abnormal request data packet exceeds a placeholder threshold value in the abnormal request judging rule, and taking access request information corresponding to the abnormal request data packet exceeding the placeholder threshold value as an abnormal access request.
In an embodiment, when executing the step of intercepting, by a preset interception script, the access request information sent again by the terminal corresponding to the abnormal access request as the abnormal access request information, the processor 502 executes the following operations: analyzing a request data packet of an abnormal access request to acquire corresponding abnormal address information from a head structure of the request data packet; and intercepting the access request information which is sent again by the terminal corresponding to the abnormal address information as abnormal access request information through a preset interception script.
Those skilled in the art will appreciate that the embodiment of the computer device shown in fig. 11 is not limiting of the specific construction of the computer device, and in other embodiments, the computer device may include more or less components than those shown, or certain components may be combined, or a different arrangement of components. For example, in some embodiments, the computer device may include only a memory and a processor, and in such embodiments, the structure and function of the memory and the processor are consistent with the embodiment shown in fig. 11, and will not be described again.
It should be appreciated that in an embodiment of the invention, the processor 502 may be a central processing unit (Central Processing Unit, CPU), the processor 502 may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSPs), application specific integrated circuits (Application Specific Integrated Circuit, ASICs), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. Wherein the general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
In another embodiment of the invention, a computer-readable storage medium is provided. The computer readable storage medium may be a non-volatile computer readable storage medium. The computer readable storage medium stores a computer program, wherein the computer program when executed by a processor performs the steps of: real-time monitoring is carried out on the management server according to a preset monitoring task so as to obtain server monitoring information; judging whether the monitoring information of the server exceeds a preset monitoring threshold value or not to obtain a monitoring information judgment result; if the monitoring information judging result is that the server monitoring information exceeds a preset monitoring threshold value, judging the server monitoring information according to a preset abnormal request judging rule to acquire an abnormal access request; and intercepting the access request information which is sent again by the terminal corresponding to the abnormal access request through a preset interception script as abnormal access request information.
In an embodiment, the step of monitoring the management server in real time according to the preset monitoring task to obtain the server monitoring information includes: monitoring a management server in real time according to an application interface access monitoring rule in a preset monitoring task to obtain the application interface access times of the management server; monitoring a management server in real time according to a server flow monitoring rule in a preset monitoring task to acquire access flow information of the management server; and acquiring the access times of the application interface and the access flow information to obtain server monitoring information.
In an embodiment, the step of determining whether the server monitoring information exceeds a preset monitoring threshold to obtain a monitoring information determination result includes: judging whether the server monitoring information exceeds an interface access frequency threshold value in the preset monitoring threshold value or not to obtain an interface access judgment result; judging whether the server monitoring information exceeds an access flow threshold value in the preset monitoring threshold value or not to obtain a flow threshold value judging result; and determining a monitoring information judgment result according to the interface access judgment result and the flow threshold judgment result.
In an embodiment, if the monitoring information determination result is that the server monitoring information exceeds a preset monitoring threshold, determining the server monitoring information according to a preset abnormal request determination rule to obtain an abnormal access request includes: analyzing a request data packet of each access request message contained in the server monitoring message to acquire a main structure of each request data packet; judging whether the main structure of each request data packet exceeds a data threshold value in the abnormal request judging rule so as to acquire an abnormal request data packet exceeding the data threshold value; judging whether the number of placeholders contained in the main structure of the abnormal request data packet exceeds a placeholder threshold value in the abnormal request judging rule, and taking access request information corresponding to the abnormal request data packet exceeding the placeholder threshold value as an abnormal access request.
In an embodiment, the step of intercepting, by a preset interception script, the access request information sent again by the terminal corresponding to the abnormal access request as the abnormal access request information includes: analyzing a request data packet of an abnormal access request to acquire corresponding abnormal address information from a head structure of the request data packet; and intercepting the access request information which is sent again by the terminal corresponding to the abnormal address information as abnormal access request information through a preset interception script.
It will be clearly understood by those skilled in the art that, for convenience and brevity of description, specific working procedures of the apparatus, device and unit described above may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein. Those of ordinary skill in the art will appreciate that the elements and algorithm steps described in connection with the embodiments disclosed herein may be embodied in electronic hardware, in computer software, or in a combination of the two, and that the elements and steps of the examples have been generally described in terms of function in the foregoing description to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the several embodiments provided by the present invention, it should be understood that the disclosed apparatus, device and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, and for example, the division of the units is merely a logical function division, there may be another division manner in actual implementation, or units having the same function may be integrated into one unit, for example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. In addition, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices, or elements, or may be an electrical, mechanical, or other form of connection.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the embodiment of the present invention.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention is essentially or part of what contributes to the prior art, or all or part of the technical solution may be embodied in the form of a software product stored in a computer-readable storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned computer-readable storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a magnetic disk, an optical disk, or other various media capable of storing program codes.
While the invention has been described with reference to certain preferred embodiments, it will be understood by those skilled in the art that various changes and substitutions of equivalents may be made and equivalents will be apparent to those skilled in the art without departing from the scope of the invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.
Claims (9)
1. An abnormal access interception method, comprising:
real-time monitoring is carried out on the management server according to a preset monitoring task so as to obtain server monitoring information;
judging whether the monitoring information of the server exceeds a preset monitoring threshold value or not to obtain a monitoring information judgment result;
if the monitoring information judging result is that the server monitoring information exceeds a preset monitoring threshold value, judging the server monitoring information according to a preset abnormal request judging rule to acquire an abnormal access request;
intercepting access request information which is sent again by a terminal corresponding to the abnormal access request as abnormal access request information through a preset interception script;
the step of judging the server monitoring information according to a preset abnormal request judgment rule to obtain an abnormal access request comprises the following steps:
Analyzing a request data packet of each access request message contained in the server monitoring message to acquire a main structure of each request data packet;
judging whether the main structure of each request data packet exceeds a data threshold value in the abnormal request judging rule so as to acquire an abnormal request data packet exceeding the data threshold value;
judging whether the number of placeholders contained in the main structure of the abnormal request data packet exceeds a placeholder threshold value in the abnormal request judging rule, and taking access request information corresponding to the abnormal request data packet exceeding the placeholder threshold value as an abnormal access request.
2. The method for intercepting abnormal access according to claim 1, wherein the real-time monitoring of the management server according to the preset monitoring task to obtain the server monitoring information comprises:
monitoring a management server in real time according to an application interface access monitoring rule in a preset monitoring task to obtain the application interface access times of the management server;
monitoring a management server in real time according to a server flow monitoring rule in a preset monitoring task to acquire access flow information of the management server;
And acquiring the access times of the application interface and the access flow information to obtain server monitoring information.
3. The method of claim 1, wherein the determining whether the server monitoring information exceeds a preset monitoring threshold to obtain a monitoring information determination result includes:
judging whether the server monitoring information exceeds an interface access frequency threshold value in the preset monitoring threshold value or not to obtain an interface access judgment result;
judging whether the server monitoring information exceeds an access flow threshold value in the preset monitoring threshold value or not to obtain a flow threshold value judging result;
and determining a monitoring information judgment result according to the interface access judgment result and the flow threshold judgment result.
4. The abnormal access interception method according to claim 1, wherein intercepting, by a preset interception script, access request information re-transmitted by a terminal corresponding to the abnormal access request as abnormal access request information, comprises:
analyzing a request data packet of an abnormal access request to acquire corresponding abnormal address information from a head structure of the request data packet;
And intercepting the access request information which is sent again by the terminal and corresponds to the abnormal address information as abnormal access request information through a preset interception script.
5. An abnormal access interception apparatus, comprising:
the monitoring information acquisition unit is used for monitoring the management server in real time according to a preset monitoring task to obtain server monitoring information;
the monitoring information judging unit is used for judging whether the monitoring information of the server exceeds a preset monitoring threshold value or not so as to obtain a monitoring information judging result;
the abnormal access request acquisition unit is used for judging the server monitoring information according to a preset abnormal request judgment rule to acquire an abnormal access request if the monitoring information judgment result is that the server monitoring information exceeds a preset monitoring threshold;
the access request information interception unit is used for intercepting access request information which is sent again by the terminal corresponding to the abnormal access request as abnormal access request information through a preset interception script;
the abnormal access request acquisition unit includes a subunit: the request data packet analysis unit is used for analyzing the request data packet of each piece of access request information contained in the server monitoring information to acquire the main structure of each request data packet; an abnormal data packet obtaining unit, configured to determine whether a main structure of each request data packet exceeds a data threshold in the abnormal request determination rule, so as to obtain an abnormal request data packet exceeding the data threshold; and the placeholder quantity judging unit is used for judging whether the quantity of the placeholders contained in the main structure of the abnormal request data packet exceeds a placeholder threshold value in the abnormal request judging rule or not, so that access request information corresponding to the abnormal request data packet exceeding the placeholder threshold value is used as an abnormal access request.
6. The abnormal access interception apparatus according to claim 5, wherein said monitoring information acquisition unit comprises:
the application interface access monitoring unit is used for monitoring the management server in real time according to an application interface access monitoring rule in a preset monitoring task so as to acquire the application interface access times of the management server;
the access flow information acquisition unit is used for monitoring the management server in real time according to a server flow monitoring rule in a preset monitoring task so as to acquire access flow information of the management server;
the server monitoring information acquisition unit is used for acquiring the access times of the application interface and the access flow information to obtain server monitoring information.
7. The abnormal access interception apparatus according to claim 5, wherein said monitoring information judgment unit comprises:
the interface access judging unit is used for judging whether the server monitoring information exceeds an interface access frequency threshold value in the preset monitoring threshold value or not so as to obtain an interface access judging result;
the flow judging unit is used for judging whether the server monitoring information exceeds an access flow threshold value in the preset monitoring threshold value or not so as to obtain a flow threshold value judging result;
And the judging result obtaining unit is used for determining a monitoring information judging result according to the interface access judging result and the flow threshold judging result.
8. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the abnormal access interception method of any one of claims 1 to 4 when executing the computer program.
9. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program which, when executed by a processor, causes the processor to perform the abnormal access interception method according to any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910299815.7A CN110177075B (en) | 2019-04-15 | 2019-04-15 | Abnormal access interception method, device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910299815.7A CN110177075B (en) | 2019-04-15 | 2019-04-15 | Abnormal access interception method, device, computer equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110177075A CN110177075A (en) | 2019-08-27 |
| CN110177075B true CN110177075B (en) | 2023-08-22 |
Family
ID=67689462
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910299815.7A Active CN110177075B (en) | 2019-04-15 | 2019-04-15 | Abnormal access interception method, device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110177075B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111507734B (en) * | 2020-04-15 | 2023-07-04 | 抖音视界有限公司 | Method and device for identifying cheating request, electronic equipment and computer storage medium |
| CN115174270B (en) * | 2022-09-05 | 2022-11-29 | 杭州安恒信息技术股份有限公司 | Behavior abnormity detection method, device, equipment and medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104137506A (en) * | 2012-02-29 | 2014-11-05 | 惠普发展公司,有限责任合伙企业 | Network service interface analysis |
| CN105100070A (en) * | 2015-06-29 | 2015-11-25 | 北京奇虎科技有限公司 | Method and device for preventing malicious attacks to interface service |
| CN108073465A (en) * | 2017-12-29 | 2018-05-25 | 中国平安人寿保险股份有限公司 | Dynamic current limiting method, Nginx servers, storage medium and device |
| CN108377240A (en) * | 2018-02-07 | 2018-08-07 | 平安科技(深圳)有限公司 | Exceptional interface detection method, device, computer equipment and storage medium |
| CN108804940A (en) * | 2018-05-11 | 2018-11-13 | 同程网络科技股份有限公司 | A kind of anti-brush method of Web Api interfaces |
| CN109246026A (en) * | 2018-08-13 | 2019-01-18 | 中国平安人寿保险股份有限公司 | Traffic management and control method, apparatus, equipment and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108352196A (en) * | 2015-10-30 | 2018-07-31 | 皇家飞利浦有限公司 | There is no hospital's matching in the health care data library for going mark of apparent standard identifier |
-
2019
- 2019-04-15 CN CN201910299815.7A patent/CN110177075B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104137506A (en) * | 2012-02-29 | 2014-11-05 | 惠普发展公司,有限责任合伙企业 | Network service interface analysis |
| CN105100070A (en) * | 2015-06-29 | 2015-11-25 | 北京奇虎科技有限公司 | Method and device for preventing malicious attacks to interface service |
| CN108073465A (en) * | 2017-12-29 | 2018-05-25 | 中国平安人寿保险股份有限公司 | Dynamic current limiting method, Nginx servers, storage medium and device |
| CN108377240A (en) * | 2018-02-07 | 2018-08-07 | 平安科技(深圳)有限公司 | Exceptional interface detection method, device, computer equipment and storage medium |
| CN108804940A (en) * | 2018-05-11 | 2018-11-13 | 同程网络科技股份有限公司 | A kind of anti-brush method of Web Api interfaces |
| CN109246026A (en) * | 2018-08-13 | 2019-01-18 | 中国平安人寿保险股份有限公司 | Traffic management and control method, apparatus, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110177075A (en) | 2019-08-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10122746B1 (en) | Correlation and consolidation of analytic data for holistic view of malware attack | |
| CN106713049B (en) | Monitoring alarm method and device | |
| CN109743295B (en) | Access threshold adjusting method and device, computer equipment and storage medium | |
| CN109347827B (en) | Method, device, equipment and storage medium for predicting network attack behavior | |
| JP2020521383A5 (en) | ||
| CN109039819B (en) | Time delay statistical method, device, system and storage medium | |
| CN109656574B (en) | Transaction time delay measurement method and device, computer equipment and storage medium | |
| CN110417747B (en) | Method and device for detecting violent cracking behavior | |
| CN110188121B (en) | Service data monitoring method, device, computer equipment and storage medium | |
| CN110177075B (en) | Abnormal access interception method, device, computer equipment and storage medium | |
| WO2020000744A1 (en) | Deduplication traffic prompting method and apparatus, and server and storage medium | |
| CN110959158A (en) | Information processing apparatus, information processing method, and information processing program | |
| CN105959290A (en) | Detection method and device of attack message | |
| CN111585837A (en) | Internet of things data link monitoring method and device, computer equipment and storage medium | |
| US20150215333A1 (en) | Network filtering apparatus and filtering method | |
| CN108347359B (en) | Method and device for judging large Network Address Translation (NAT) outlet | |
| CN112383513B (en) | Crawler behavior detection method and device based on proxy IP address pool and storage medium | |
| EP3278536A1 (en) | Network operation | |
| CN113098852A (en) | Log processing method and device | |
| CN112181832A (en) | Test data generation method and device, computer equipment and storage medium | |
| CN111159129A (en) | Statistical method and device for log report | |
| CN108804152B (en) | Method and device for adjusting configuration parameters | |
| JP2017199250A (en) | Computer system, analysis method of data, and computer | |
| TWI644228B (en) | Server and monitoring method thereof | |
| CN114221807A (en) | Access request processing method and device, monitoring equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |