CN116723047A - Flow restriction processing method, device, electronic equipment and medium - Google Patents
Flow restriction processing method, device, electronic equipment and medium Download PDFInfo
- Publication number
- CN116723047A CN116723047A CN202310928299.6A CN202310928299A CN116723047A CN 116723047 A CN116723047 A CN 116723047A CN 202310928299 A CN202310928299 A CN 202310928299A CN 116723047 A CN116723047 A CN 116723047A
- Authority
- CN
- China
- Prior art keywords
- factor
- flow
- dimensional
- scoring
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title description 5
- 238000000034 method Methods 0.000 claims abstract description 94
- 238000004458 analytical method Methods 0.000 claims abstract description 89
- 238000012545 processing Methods 0.000 claims abstract description 64
- 230000000670 limiting effect Effects 0.000 claims abstract description 59
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 55
- 238000004364 calculation method Methods 0.000 claims abstract description 22
- 239000002131 composite material Substances 0.000 claims abstract description 22
- 238000005206 flow analysis Methods 0.000 claims description 33
- 230000006870 function Effects 0.000 claims description 33
- 238000004891 communication Methods 0.000 claims description 13
- 238000006243 chemical reaction Methods 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 8
- 238000012216 screening Methods 0.000 claims description 7
- 238000007781 pre-processing Methods 0.000 claims description 6
- 230000003068 static effect Effects 0.000 claims description 6
- 230000000007 visual effect Effects 0.000 claims description 5
- 230000008569 process Effects 0.000 abstract description 33
- 208000012260 Accidental injury Diseases 0.000 abstract description 10
- 208000014674 injury Diseases 0.000 abstract description 9
- 239000003795 chemical substances by application Substances 0.000 description 9
- 230000003993 interaction Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 8
- 230000001680 brushing effect Effects 0.000 description 6
- 230000000694 effects Effects 0.000 description 6
- 230000002159 abnormal effect Effects 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 5
- 230000002829 reductive effect Effects 0.000 description 5
- 230000007123 defense Effects 0.000 description 4
- 238000011156 evaluation Methods 0.000 description 4
- 238000005242 forging Methods 0.000 description 4
- 235000019580 granularity Nutrition 0.000 description 4
- 230000003405 preventing effect Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000001960 triggered effect Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000002411 adverse Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000000556 factor analysis Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000036961 partial effect Effects 0.000 description 1
- 230000000246 remedial effect Effects 0.000 description 1
- 239000000758 substrate Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The disclosure relates to a method, a device, an electronic device and a medium for flow restriction processing, wherein the method comprises the following steps: acquiring flow factor information corresponding to a target access request in an analysis period; the flow factor information covers flow factors of at least two different analysis dimensions; determining factor scoring configuration information matched with the target access request; the factor scoring configuration information includes: a multi-dimensional factor scoring algorithm and a multi-dimensional factor access constraint; performing scoring calculation on the flow factor information based on the multi-dimensional factor scoring algorithm to obtain a multi-dimensional comprehensive score; determining whether said multi-dimensional composite score hits said multi-dimensional factor access constraint; and when the multi-dimensional factor access limiting condition is hit, performing a flow limiting process on the target access request. The method can efficiently identify illegal flow, reduce accidental injury to normal flow as much as possible, and improve the running stability of an application system.
Description
Technical Field
The disclosure relates to the technical field of internet, and in particular relates to a method, a device, electronic equipment and a medium for flow restriction processing.
Background
In the internet field, as traffic data of various applications is more and more important for supporting and analyzing services, identification of illegal traffic or malicious traffic is more and more critical. For example, there are often some behaviors of performing traffic brushing or participating in preferential activities of various e-commerce platforms based on malicious crawler programs, and how a service end ensures stability of services in a high concurrency scenario, avoids downtime caused by a large amount of traffic, can identify normal access traffic and illegal access traffic, and effectively blocks or limits the illegal traffic is a very critical and challenging problem.
In the process of implementing the disclosed concept, the inventor finds that the following technical problems exist in the related art: in the related art, some of the technologies adopt an IP (Internet protocol) address flow limiting strategy, and because the access frequency difference of the fake IP address and the real IP address is difficult to distinguish, a plurality of normal flows are accidentally injured in the flow limiting process in some cases, or the flow limiting effect on illegal flows in some cases is poor; some of the traffic is limited by configuring the whole traffic threshold of the system, and the method can block access of illegal traffic and improve the stability of the service system, but can injure normal traffic or new traffic to a great extent, thereby having great influence on actual service. Therefore, there is a need to solve the following technical problems in the related art: in a high concurrency scene, how to efficiently identify illegal traffic and reduce the accidental injury to normal traffic as much as possible, and improve the running stability of an application system.
Disclosure of Invention
In order to solve the above technical problems or at least partially solve the above technical problems, embodiments of the present disclosure provide a method, an apparatus, an electronic device, and a medium for flow restriction processing.
In a first aspect, embodiments of the present disclosure provide a method of flow restriction processing. The method comprises the following steps: acquiring flow factor information corresponding to a target access request in an analysis period; the flow factor information covers flow factors of at least two different analysis dimensions; determining factor scoring configuration information matched with the target access request; the factor scoring configuration information includes: a multi-dimensional factor scoring algorithm and a multi-dimensional factor access constraint; performing scoring calculation on the flow factor information based on the multi-dimensional factor scoring algorithm to obtain a multi-dimensional comprehensive score; determining whether said multi-dimensional composite score hits said multi-dimensional factor access constraint; and when the multi-dimensional factor access limiting condition is hit, performing a flow limiting process on the target access request.
According to an embodiment of the present disclosure, the multi-dimensional factor scoring algorithm includes: the method comprises a conversion algorithm between the access times of a single factor and scoring, a target factor for comprehensive scoring in multiple dimensions and a corresponding scoring algorithm. Scoring calculation is carried out on the flow factor information based on the multidimensional factor scoring algorithm to obtain a multidimensional comprehensive score, and the method comprises the following steps: determining target access times corresponding to the target factors in the flow factor information; processing the target access times based on the conversion algorithm to obtain the scoring of the target factors; and processing the scoring of the target factors based on the scoring algorithm to obtain the multi-dimensional comprehensive score.
According to an embodiment of the present disclosure, determining whether the multi-dimensional composite score hits the multi-dimensional factor access restriction condition comprises: determining whether the multi-dimensional composite score is greater than a multi-dimensional score limit threshold; and considering that the multi-dimensional comprehensive score hits the multi-dimensional factor access limiting condition when the multi-dimensional comprehensive score is larger than the multi-dimensional score limiting threshold.
According to an embodiment of the present disclosure, the factor scoring configuration information further includes: single factor access restriction conditions. The method further comprises the following steps: analyzing according to the flow factor information to determine whether the target access request is in the single factor access limiting condition; wherein, in the event that the above single factor access restriction condition is not in command, the following steps are performed: performing scoring calculation on the flow factor information based on the multi-dimensional factor scoring algorithm to obtain a multi-dimensional comprehensive score; and when the single factor access limiting condition is hit, performing a flow limiting process on the target access request.
According to an embodiment of the present disclosure, the above single factor access restriction condition includes at least one of: access times limitation conditions for the first factor; blacklist constraints for the second factor.
According to an embodiment of the present disclosure, the above-described flow factor information includes at least two of the following information: request IP address information, request header information, browser user agent information, request device number, request device type, request resource location identification, user identity identification information.
According to the embodiment of the disclosure, the method is applied to a traffic analysis server, the traffic analysis server is used as a pre-processing end of the server, and the server is used for providing access request processing services for terminal equipment. The obtaining the flow factor information corresponding to the target access request in the analysis period includes: in the analysis period, receiving flow factor assembly information of an access request sent by a terminal device; analyzing the flow factor assembly information to obtain flow factor information and a module identifier; the module identifier is used for representing the type of the access interface corresponding to the access request; and screening the flow factor information in the analysis period based on the access interface type to obtain the flow factor information corresponding to the target access request.
According to an embodiment of the present disclosure, the analysis period is a unit period corresponding to a flow analysis period divided into time granularities; the flow analysis period corresponds to an on period of a flow analysis function of the terminal device, the flow analysis function being set by a user to function on or off.
According to an embodiment of the present disclosure, the current limiting process for the target access request includes: and returning a preset static access error page to the terminal equipment. The method further comprises the following steps: and forwarding the target access request to the server side under the condition that the access limit condition of the multi-dimensional factor is not missed.
According to an embodiment of the present disclosure, determining factor scoring configuration information matching the target access request includes: screening in a factor scoring configuration strategy library according to the request type of the target access request to obtain factor scoring configuration information matched with the request type; the factor scoring configuration strategy library is generated according to factor scoring configuration information configured by a user on a visual interface.
In a second aspect, embodiments of the present disclosure provide an apparatus for flow restriction processing. The device comprises: the system comprises an information acquisition module, a scoring configuration strategy determination module, a calculation module, a current limit determination module and a current limit processing module. The information acquisition module is used for acquiring flow factor information corresponding to the target access request in the analysis period; the flow factor information described above encompasses flow factors of at least two different analysis dimensions. The scoring configuration strategy determining module is used for determining factor scoring configuration information matched with the target access request; the factor scoring configuration information includes: a multi-dimensional factor scoring algorithm and a multi-dimensional factor access constraint. The calculation module is used for scoring calculation on the flow factor information based on the multidimensional factor scoring algorithm to obtain multidimensional comprehensive scores. The current limit determination module is configured to determine whether the multi-dimensional composite score hits the multi-dimensional factor access limit. The current limiting processing module is used for performing current limiting processing on the target access request under the condition of hitting the multi-dimensional factor access limiting condition.
In a third aspect, embodiments of the present disclosure provide an electronic device. The electronic equipment comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus; a memory for storing a computer program; and a processor for implementing the method of flow restriction processing described above when executing the program stored on the memory.
In a fourth aspect, embodiments of the present disclosure provide a computer-readable storage medium. The computer-readable storage medium stores a computer program which, when executed by a processor, implements the method of flow restriction processing described above.
The technical scheme provided by the embodiment of the disclosure at least has part or all of the following advantages:
since the flow factor information covers at least two flow factors of different analysis dimensions, the flow factors of multiple dimensions can relatively objectively exhibit the variability between normal flow and abnormal flow; under the condition that factor scoring configuration information matched with a target access request is determined, the flow factor information can be scored and calculated based on a multidimensional scoring algorithm in the factor scoring configuration information to obtain a multidimensional comprehensive score, the multidimensional comprehensive score is a comprehensive evaluation result obtained by covering a plurality of analysis dimensions, and the operation of current limiting processing is triggered based on whether the multidimensional comprehensive score hits a multidimensional factor access limiting condition or not, so that illegal access flow can be relatively accurately identified, the accidental injury to normal flow can be reduced as far as possible, and due to the high cost of counterfeiting the multidimensional factor by malicious flow, a defense strategy is not easy to be recognized and a longer-time current limiting and brushing preventing effect can be maintained; meanwhile, the generation forms or emphasis points of corresponding illegal flows under different access scenes are different, and attack forms of the illegal flows are very various and continuously evolved, so that the embodiment of the invention supports personalized customized factor scoring configuration strategies, can be adapted to different access requests and has corresponding factor scoring configuration information, and can effectively promote the accurate identification of illegal accesses under various access scenes; and the difficulty and the forging cost of breaking the whole current limiting mode by illegal traffic or malicious traffic can be increased by dynamically updating factor scoring configuration strategies, thereby being beneficial to improving network safety and stability of system service.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure.
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings that are required to be used in the description of the embodiments or the related art will be briefly described below, and it will be apparent to those skilled in the art that other drawings can be obtained from these drawings without inventive effort.
FIG. 1A schematically illustrates a system architecture and flow analysis function on-state interaction process diagram for a method of flow restriction processing applicable to embodiments of the present disclosure;
FIG. 1B schematically illustrates a system architecture and flow analysis function off state interaction process diagram for a method of flow restriction processing suitable for use in embodiments of the present disclosure;
FIG. 2 schematically illustrates a flow chart of a method of flow restriction processing according to an embodiment of the disclosure;
FIG. 3 schematically illustrates a detailed implementation flowchart of step S230 according to an embodiment of the present disclosure;
FIG. 4 schematically illustrates a flow chart of a method of flow restriction processing according to another embodiment of the present disclosure;
FIG. 5 schematically illustrates a flow chart of a method of flow restriction processing according to yet another embodiment of the present disclosure;
fig. 6 schematically illustrates an interaction process between a terminal device and a traffic analysis server according to an embodiment of the present disclosure;
FIG. 7 schematically illustrates a block diagram of an apparatus for flow restriction processing according to an embodiment of the present disclosure; and
fig. 8 schematically shows a block diagram of an electronic device provided by an embodiment of the present disclosure.
Detailed Description
In the related art, for example, in an e-commerce application, there are often many ways to perform preferential activity based on malicious crawler programs, which leads to preemption of the nominal value of a normal flow user; or in some short video applications and news information applications, some users perform flow brushing based on malicious crawler programs, so that the flow pressure on a system service end is high, the operation and maintenance cost is high due to the mode of simply expanding a service cluster or service resources to accept a large amount of flow, and the server may be down when the server is high in promotion, preferential activity and the like and frequently occurs. Therefore, how to ensure the stability of the service, avoid downtime caused by a large amount of traffic, and identify normal access traffic and illegal access traffic and effectively block or limit the illegal traffic at the same time in a high concurrency scene is a very critical and challenging problem.
In order to prevent illegal access problems caused by malicious crawler programs, in related technologies, flow restriction is mostly performed based on an IP (internet protocol) address flow restriction policy or by configuring a system overall flow threshold; some blacklists or suspicious account numbers are also subject to a current limiting process.
However, in the IP address flow limiting policy, since the difference of access times of accessing the fake IP address and the real IP address is difficult to distinguish, many normal flows are accidentally damaged in the flow limiting process in some cases, or the flow limiting effect on illegal flows is poor in some cases. By configuring the whole flow threshold of the system, access of some illegal flows can be blocked, and the stability of the service system is improved, but some normal flows or new flows can be accidentally injured to a great extent, and the actual business is greatly influenced. The current limiting of account dimension generally belongs to remedial measures, and is screened and limited from continuing access after being broken by a malicious user, and after the user changes an attack account, the account can continue to be disliked without eliminating hidden danger.
In view of this, embodiments of the present disclosure provide a method, an apparatus, an electronic device, and a medium for flow restriction processing, where the method includes: acquiring flow factor information corresponding to a target access request in an analysis period; the flow factor information covers flow factors of at least two different analysis dimensions; determining factor scoring configuration information matched with the target access request; the factor scoring configuration information includes: a multi-dimensional factor scoring algorithm and a multi-dimensional factor access constraint; performing scoring calculation on the flow factor information based on the multi-dimensional factor scoring algorithm to obtain a multi-dimensional comprehensive score; determining whether said multi-dimensional composite score hits said multi-dimensional factor access constraint; and when the multi-dimensional factor access limiting condition is hit, performing a flow limiting process on the target access request.
The flow factors with multiple dimensions can relatively objectively present the difference between normal flow and abnormal flow; the multi-dimensional scoring algorithm in the factor scoring configuration information is used for scoring calculation on the flow factor information to obtain a multi-dimensional comprehensive score, the multi-dimensional comprehensive score is a comprehensive evaluation result obtained by covering a plurality of analysis dimensions, the operation of current limiting treatment is triggered based on whether the multi-dimensional comprehensive score hits a multi-dimensional factor access limiting condition or not, illegal access flow can be relatively accurately identified, accidental injury to normal flow can be reduced as much as possible, moreover, due to the fact that the cost of counterfeiting the multi-dimensional factor by malicious flow is high, a defense strategy is not easy to be recognized and broken, and a current limiting and brushing preventing effect for a long time can be maintained; meanwhile, a personalized customization factor scoring configuration strategy is supported, so that the method can be adapted to different access requests and has corresponding factor scoring configuration information, and the accurate identification of illegal access in each access scene can be effectively improved; and the difficulty and the forging cost of breaking the whole current limiting mode by illegal traffic or malicious traffic can be increased by dynamically updating factor scoring configuration strategies, thereby being beneficial to improving network safety and stability of system service.
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present disclosure more apparent, the technical solutions of the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are some, but not all, embodiments of the present disclosure. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the disclosure, are within the scope of the disclosure.
FIG. 1A schematically illustrates a system architecture and flow analysis function on-state interaction process diagram for a method of flow restriction processing applicable to embodiments of the present disclosure; fig. 1B schematically illustrates a system architecture and an interactive process diagram in a flow analysis function off state for a method of flow restriction processing according to an embodiment of the present disclosure.
Referring to fig. 1A and 1B, a system architecture 100 suitable for use in a method of flow restriction processing of an embodiment of the present disclosure includes: terminal equipment 110, traffic analysis server 120, and server 130.
The above-mentioned terminal device 110 is an electronic device having a display screen, and may be installed with various client applications, for example, application a and application B are exemplified in fig. 1A, such as a shopping class application, a web browser application, a search class application, a short video class application, a video play class application, an image editing class application, an instant messaging tool, a mailbox client, social platform software, and the like; the terminal device 110 may also have traffic analysis functionality thereon, which may be presented, for example, in the form of a traffic analysis functionality class application, a functional plug-in or a tool, which may be used for traffic analysis of one or more applications on the terminal device. The terminal device may include, but is not limited to: smart phones, tablet computers, notebook computers, desktop computers, smart watches, smart bracelets, smart robots, smart car terminals, and the like.
The traffic analysis server 120 is configured to provide service support for the traffic analysis function, and data interaction is performed between the traffic analysis server 120 and the terminal device 110 through a network. The traffic analysis server may be an application server, a cloud server, a service cluster, or the like.
The service end 130 is configured to provide service support for one or more applications installed on the terminal device 110, for example, the service end 130 is configured to provide access request processing service for the terminal device 110. Data interaction is performed between the server 130 and the terminal device 110, and between the server 130 and the traffic analysis server 120 through a network. For example, server 130 provides data processing services for application B (e.g., for shopping class applications). The server may be an application server, a cloud server, a service cluster, or the like.
In some embodiments, the method of flow restriction processing may be performed by the flow analysis server 120 in the system architecture 100.
In embodiments of the present disclosure, the flow analysis function may be turned on or off according to a user's control.
The interaction of the flow analysis function in the on state is illustrated in fig. 1A. As an example of a scenario, a user accesses a shopping website by operating application B on terminal device 110, the user clicking on an item (e.g., a hot item) on application B, as originating access request R1 (as an example of a targeted access request) to an item detail page for that item; since the traffic analysis function is already started, the traffic monitoring on each terminal device related to the application B is also in the on state, and the traffic analysis function class application, the function plug-in or the tool and the like on the terminal device monitor the request data (such as the request times, the request IP address information, the request header information, the browser user agent information, the request device number, the request device type, the request resource location identifier, the user identity identifier information, the module identifier (such as a recommendation module, a search module, a merchandise display module and the like in particular) of the access request R1 of the application B related to the item detail page. The flow analysis function class application, function plug-in, tool, etc. constructs flow factor assembly information (for example, the flow factor assembly information includes flow factor information and a module identifier, where the module identifier is used to indicate an access interface type corresponding to an access request) based on the request data, and sends the flow factor assembly information to the flow analysis server 120. Referring to the single arrow in fig. 1A, the access request R1 initiated by the user is not directly sent to the server 130, but is sent to the pre-processing end, i.e. the traffic analysis server 120.
The flow analysis server 120 executes the flow restriction processing method provided in the embodiments of the present disclosure to obtain a result of whether to perform the flow restriction processing. For example, one example of performing the flow restriction process is illustrated in fig. 1A using a single arrow: the traffic analysis server 120 returns a preset static access error page to the terminal device 110. One example of not performing the flow restriction process is illustrated in fig. 1A using double arrows: the traffic analysis server 120 forwards the access request R1 to the server 130; after the server 130 processes the access request R1, a request response result is fed back to the terminal device 130.
Because a large number of users (for example, hundreds of thousands or even hundreds of millions) initiate the access request R1 for the same article in a short time (for example, in minutes or tens of seconds), the access request R1 is directly sent to the server 130 for processing without flow analysis, and the access pressure is likely to be caused to the server 130 due to the large amount of illegal flow access and the normal flow access is likely to be influenced, so that adverse effect is caused to the service; in the embodiment of the disclosure, by performing relatively accurate identification and flow limiting processing on illegal traffic based on the pre-processing of the traffic analysis server 120 and according to the multidimensional traffic factor, the partial traffic is not directed to the server 130 any more, so that the access pressure of the identified illegal traffic to the server 130 can be effectively eliminated, meanwhile, the conventional access of the normal traffic is not affected due to smaller accidental injury of the method to the normal traffic, and the traffic analysis function has better compatibility to the application (such as network purchase service) function. In addition, as the identification accuracy of illegal or malicious traffic is improved and the accidental injury to normal traffic is reduced, the cost of large-scale capacity expansion of high concurrency scenes can be effectively saved, and the high traffic pressure can be borne only by properly expanding the capacity of the server aiming at real traffic scenes.
The interaction of the flow analysis function in the off state is illustrated in fig. 1B. In this case, after the user initiates the access request R1 based on the terminal device 110, the terminal device 110 will send the access request R1 to the server 130. After the server 130 processes the access request R1, a request response result is fed back to the terminal device 130.
It should be understood that the number of terminal devices, traffic analysis servers, and servers in fig. 1A and 1B are merely illustrative. Any number of terminal devices, traffic analysis servers and servers may be provided as desired.
A first exemplary embodiment of the present disclosure provides a method of flow restriction processing. The method for flow restriction processing provided in the embodiments of the present disclosure is applied to the flow analysis server 120 in the system architecture 100, where the flow analysis server 120 is used as a pre-processing end of the server 130, and the server 130 is used to provide access request processing services for the terminal device 110.
Fig. 2 schematically illustrates a flow chart of a method of flow restriction processing according to an embodiment of the present disclosure.
Referring to fig. 2, a method for flow restriction processing provided in an embodiment of the present disclosure includes the following steps: s210, S220, S230, S240, and S251.
In step S210, flow factor information corresponding to the target access request in the analysis period is obtained; the flow factor information described above encompasses flow factors of at least two different analysis dimensions.
The flow factors of multiple dimensions can relatively objectively exhibit a difference between normal flow and abnormal flow.
In some embodiments, the above traffic factor information includes at least two of the following: request IP address information, request header information, browser User Agent (User Agent) information, request device number (e.g., uuid), request device type, request resource location identification (e.g., url), user identification information (e.g., user account number, user cell phone number, user PIN code, etc.). The request header information includes an address of a source page of the current request page, that is, indicates that the current page is entered through a link in the source page.
In the analysis period, with the sequential initiation of multiple target access requests (e.g., the access request R1 in the foregoing example), statistics may be performed on the access times of the flow factor information corresponding to each target access request. The target access request refers to an access request under a certain function module of an application to be analyzed, and can cover a scene of multiple access requests initiated by the same user or a scene of multiple access requests initiated by different users.
According to an embodiment of the present disclosure, the analysis period is a unit period corresponding to a flow analysis period divided into time granularities; the flow analysis period corresponds to an on period of a flow analysis function of the terminal device, the flow analysis function being set by a user to function on or off.
For example, the traffic analysis period is a period from a certain time (for example, 2023, 6, 14, 8 am) to the same time of the next day (for example, 2023, 6, 15, 8 am); the time granularity of the division may be calculated in hours, minutes, seconds, etc., for example, 1 minute is taken as an analysis period, statistics and analysis are required for access data within each 1 minute, and access requests within the 1 minute are sequentially processed to determine whether the current limit processing is required.
It will be appreciated that during actual application, the time within the analysis period is gradually occurring and elapsed, and accordingly, the analysis period also dynamically changes over time, for example, the current analysis period is 8:00-8:01 am on day 14 of year 2023, and after 8:01, the next analysis period is 8:01-8:02 on day 14 of year 2023. Correspondingly, the statistical result of the flow factor information corresponding to the target access request is also updated dynamically in synchronization.
Determining factor scoring configuration information matched with the target access request in step S220; the factor scoring configuration information includes: a multi-dimensional factor scoring algorithm and a multi-dimensional factor access constraint.
In some embodiments, the traffic analysis server 120 may access a factor scoring configuration policy repository, where scoring configuration information corresponding to at least one request type is stored. Different request types are used for identifying different service scenes, application modules or functional units and the like, and scoring configuration information corresponding to the different request types has differences.
In some embodiments, the traffic analysis function supports personalized customization factor scoring configuration policies. For example, a user (e.g., an administrator of a traffic analysis class application, business personnel of an application to be traffic analyzed, etc.) may perform personalized settings of factor scoring configuration information for different access scenarios. The process of setting the scoring configuration information may be implemented by interacting with a visual interface, for example, as shown in the system architecture 100 shown in fig. 1A, where the user may perform configuration of a factor scoring policy in the traffic analysis function of the terminal device 110, to obtain factor scoring configuration information corresponding to different request types (for example, a content search request type, a short video request type, a shopping web page request type, etc.). And storing the factor scoring configuration information into a factor scoring configuration strategy library.
The embodiment of the disclosure supports a personalized customization factor scoring configuration strategy, can be adapted to different access requests and has corresponding factor scoring configuration information, and can effectively promote the accurate identification of illegal access in various access scenes; and the difficulty and the forging cost of breaking the whole current limiting mode by illegal traffic or malicious traffic can be increased by dynamically updating factor scoring configuration strategies, thereby being beneficial to improving network safety and stability of system service.
According to an embodiment of the present disclosure, in the step S220, determining factor scoring configuration information matched with the target access request includes: screening in a factor scoring configuration strategy library according to the request type of the target access request to obtain factor scoring configuration information matched with the request type; the factor scoring configuration strategy library is generated according to factor scoring configuration information configured by a user on a visual interface.
In step S230, scoring computation is performed on the flow factor information based on the multi-dimensional factor scoring algorithm, so as to obtain a multi-dimensional comprehensive score.
According to an embodiment of the present disclosure, the multi-dimensional factor scoring algorithm includes: the method comprises a conversion algorithm between the access times of a single factor and scoring, a target factor for comprehensive scoring in multiple dimensions and a corresponding scoring algorithm. The target factors mentioned above refer to factors to participate in the composite score.
In the above conversion algorithm, a preset value of the basic access times may be configured for each factor, and then a specific score interval may be determined according to a difference between the actual access times and the preset value of the basic access times. The base access times preset values of different factors may have differences or may be the same.
As an example, for the access type corresponding to the access request R1 of the application B, the preset value of the basic access value number of factors such as the IP address, browser User Agent (User Agent) information, request device number uuid, user identity information pin, etc. is, for example, 100 (indicating that the basic access number in the analysis period is 100). In one embodiment, the score of each factor is divided into 10 equal parts, 1-10, and the access times per part are as follows: 2n,2 is the base, n (1-10) is the power, the score rules can be customized, and 10 equal scores are assumed to be 10, 20, 30, 40, 50, 60, 70, 80, 90, 100.
In the conversion algorithm between the access times and the scoring of the single factor, taking the access times as an example of the factor, comparing the difference value between the access times and the preset value of the basic access times with the power of n of 2, and taking the obtained value of n as the basis of scoring the value. As an example, the number of accesses is 250 (indicating that the total number of accesses in the analysis period is 250), the base access number preset value is 100 (indicating that the base access number in the analysis period is 100), and the scoring calculation process is: 2^7 (representing the 7 th power of 2) < (250-100) < 2^8, the number of accesses 250 corresponds to a score of 70.
In different scenarios, the multi-dimensional factor scoring algorithm may vary depending on the modules (which may be distinguished by module identification) that are accessed.
Fig. 3 schematically illustrates a detailed implementation flowchart of step S230 according to an embodiment of the present disclosure.
In some embodiments, referring to fig. 3, in the step S230, the scoring calculation is performed on the flow factor information based on the multi-dimensional factor scoring algorithm to obtain a multi-dimensional composite score, which includes the following steps: s310, S320 and S330.
In step S310, the number of target accesses corresponding to the target factor is determined in the flow factor information.
For example, assume that, among the target factors, the number of IP accesses is 250, the number of accesses to browser User Agent (User Agent) information is 200, the number of accesses to device number uuid is 150, and the number of accesses to User account pin is 50.
In step S320, the target access times are processed based on the conversion algorithm, so as to obtain a score of the target factor.
For example, according to the conversion process about 250 times in the above example, the score corresponding to the number of IP accesses may be obtained as 70, the score corresponding to the number of ua accesses may be obtained as 60, the score corresponding to the number of device number uuid accesses may be obtained as 50, and the score corresponding to the number of user account pin accesses may be obtained as 0.
In step S330, the scoring of the target factors is processed based on the scoring algorithm to obtain the multi-dimensional composite score.
In some embodiments, the scoring algorithm may be a way to weight and calculate scores of target factors, and the weights of the target factors may be preset by a user or dynamically adjusted according to the flow restriction effect.
For example, the scoring algorithm herein takes the form of summing the scores of the individual target factors, resulting in a multi-dimensional composite score of 180 points, as an example.
In the embodiment including steps S310 to S330, the number of accesses of the factors under each analysis dimension corresponding to the target access request may be counted in the analysis period, and the number of accesses of each factor may be converted into a score by the conversion algorithm; when comprehensive scoring is performed in multiple dimensions, comprehensive scoring calculation can be performed on the designated target factors based on the scoring algorithm, and multi-dimensional comprehensive scoring is obtained.
The multi-dimensional comprehensive score is a comprehensive evaluation result obtained by covering a plurality of analysis dimensions, and triggers the operation of the current limiting treatment based on whether the multi-dimensional comprehensive score hits the multi-dimensional factor access limiting condition, so that illegal access flow can be identified relatively accurately, accidental injuries to normal flow can be reduced as much as possible, moreover, due to the high cost of counterfeiting the multi-dimensional factor by malicious flow, a defense strategy is not easy to be identified and broken, and a current limiting and brushing preventing effect for a long time can be maintained.
In step S240, it is determined whether the multi-dimensional composite score hits the multi-dimensional factor access restriction condition.
According to an embodiment of the present disclosure, determining whether the multi-dimensional composite score hits the multi-dimensional factor access restriction condition comprises: determining whether the multi-dimensional composite score is greater than a multi-dimensional score limit threshold; and considering that the multi-dimensional comprehensive score hits the multi-dimensional factor access limiting condition when the multi-dimensional comprehensive score is larger than the multi-dimensional score limiting threshold.
For example, the multi-dimensional score limit threshold is 150, and since the multi-dimensional composite score 180 > 150, a hit multi-dimensional factor access limit condition is determined.
It will be appreciated that the above embodiment is only one example of a hit for a multi-dimensional factor access constraint, and that the multi-dimensional factor access constraint may comprise multiple sets of constraints, one of which is considered a hit as long as it is hit.
In other embodiments, multiple constraints may be included in a set of constraints, such as not only the multi-dimensional score limit threshold described above, but also constraints on individual one or more dimension factors.
In step S251, when the multi-dimensional factor access restriction condition is hit, the target access request is subjected to a flow restriction process.
According to an embodiment of the present disclosure, referring to the single arrow in fig. 1A, the current limiting process is performed on the target access request, including: a preset static access error page, for example, a returned CDN (content delivery network) static access error page illustrated in fig. 6, is returned to the terminal device 110.
In the embodiment including the steps S210 to S251, since the flow factor information covers at least two flow factors of different analysis dimensions, the flow factors of multiple dimensions can relatively objectively exhibit the difference between the normal flow and the abnormal flow; under the condition that factor scoring configuration information matched with a target access request is determined, the flow factor information can be scored and calculated based on a multidimensional scoring algorithm in the factor scoring configuration information to obtain a multidimensional comprehensive score, the multidimensional comprehensive score is a comprehensive evaluation result obtained by covering a plurality of analysis dimensions, and the operation of current limiting processing is triggered based on whether the multidimensional comprehensive score hits a multidimensional factor access limiting condition or not, so that illegal access flow can be relatively accurately identified, the accidental injury to normal flow can be reduced as far as possible, and due to the high cost of counterfeiting the multidimensional factor by malicious flow, a defense strategy is not easy to be recognized and a longer-time current limiting and brushing preventing effect can be maintained; meanwhile, the generation forms or emphasis points of corresponding illegal flows under different access scenes are different, and attack forms of the illegal flows are very various and continuously evolved, so that the embodiment of the invention supports personalized customized factor scoring configuration strategies, can be adapted to different access requests and has corresponding factor scoring configuration information, and can effectively promote the accurate identification of illegal accesses under various access scenes; and the difficulty and the forging cost of breaking the whole current limiting mode by illegal traffic or malicious traffic can be increased by dynamically updating factor scoring configuration strategies, thereby being beneficial to improving network safety and stability of system service.
Fig. 4 schematically illustrates a flow chart of a method of flow restriction processing according to another embodiment of the present disclosure.
Referring to fig. 1B and fig. 4, in other embodiments, the method of the flow restriction processing includes, for the same access request, step S252 in addition to steps S210, S220, S230, and S240; alternatively, in the case of including a plurality of access requests, steps S251 and S252 corresponding to two branches may exist at the same time in the above-described method of flow restriction processing.
In step S252: in the event that the multi-dimensional factor access restriction condition is missed, the target access request is forwarded to the server 130.
Fig. 5 schematically illustrates a flow chart of a method of flow restriction processing according to yet another embodiment of the present disclosure.
Referring to fig. 5, according to an embodiment of the present disclosure, the step S220 is specifically implemented as S220a, and the determined factor scoring configuration information includes, in addition to the multi-dimensional factor scoring algorithm and the multi-dimensional factor access constraint, the following steps: single factor access restriction conditions.
The flow restriction processing method includes the steps S210, S220a, S510, S230, S240, and S251; or may include S210, S220a, S510, S230, S240, S251 and S252 described above.
In step S510, analysis is performed according to the traffic factor information to determine whether the target access request is to hit the single factor access restriction condition.
Wherein, in the case where the above-mentioned single factor access restriction condition is not in command, the above-mentioned step S230 is performed: and scoring calculation is carried out on the flow factor information based on the multidimensional factor scoring algorithm, so that multidimensional comprehensive scores are obtained.
Referring to the broken line arrow in fig. 5, in step S520, when the single factor access restriction condition is hit, the target access request is subjected to the restriction processing.
According to an embodiment of the present disclosure, the above single factor access restriction condition includes at least one of: access times limitation conditions for the first factor; blacklist constraints for the second factor.
For example, the first factor is an IP address, and in the embodiment of the present disclosure, the access number limitation condition of the first factor is higher than the access number limitation threshold in the single factor IP flow limitation policy, which is helpful for reducing the accidental injury to the normal traffic, and meanwhile, the illegal traffic can be identified with high efficiency and the traffic can be limited pertinently. For example, the second factor is the request resource location identification (url).
The strategy of limiting the flow based on comprehensive scoring of the multidimensional flow factor provided by the embodiment is combined with some existing strategies, for example, aiming at blacklist accounts or blacklist url and the like which are identified by history, illegal flow identification can be directly carried out by utilizing the information; the combination scheme provided by the embodiment of the disclosure can set the access threshold of the IP address to be relatively higher (higher than the IP access threshold of a single factor) than the combination scheme provided by the conventional IP flow limiting policy, and can be regarded as illegal traffic only when the IP access threshold is hit; under the condition that the access threshold is lower than the high access threshold, the illegal flow can be identified by adopting a multi-flow factor analysis mode, and the combined strategy is beneficial to reducing the accidental injury to the normal flow.
Fig. 6 schematically illustrates an interaction process between a terminal device and a traffic analysis server according to an embodiment of the present disclosure.
Referring to fig. 6, steps S210 to S251 and S252 are executed by the traffic analysis server.
In the step S210, the flow factor information corresponding to the target access request in the analysis period is obtained, which includes the following steps: s610, S620, and S630.
In step S610, in the analysis period, flow factor assembly information of the access request transmitted by the terminal device is received.
In step S620, the flow factor assembly information is parsed to obtain flow factor information and a module identifier. The module identifier is used for indicating the type of the access interface corresponding to the access request.
For example, the flow analysis function is an SDK (software development tool) package, which is used as a single component or plug-in unit, and can be accessed into each service module required to be analyzed, so as to obtain the flow data of the service module to be analyzed, and forward the flow data to the flow analysis server to analyze and score each flow factor.
In some scenes, such as under the condition of daily non-promotion, abnormal traffic is not very active, so that normal business cannot be bothered, at the moment, a switch can be closed, and business logic is normally executed; for some promotion scenarios or scenarios requiring illegal flow restriction, the corresponding flow restriction processing logic may be implemented by turning on the switch of the flow analysis function. After the switch is turned on, the terminal equipment assembles the monitored flow factor information and the module identifier, and can send the flow factor information and the module identifier to the flow analysis server through a UDP (user datagram protocol) form.
In some embodiments, the module identifier marks which service module (may have a mapping relationship with the type of the access interface) is associated with the corresponding traffic factor information, for example, if the number of times of access of a certain traffic factor (for example, a user account PIN) in an analysis period is 50, the number of times of corresponding statistics may cover a plurality of service modules, for example, a search module and a shopping module, and the number of times of access corresponding to a target service module (for example, a shopping module) can be counted more accurately through the module identifier, thereby improving the effect of accurate current limiting.
In step S630, the flow factor information in the analysis period is filtered based on the access interface type, so as to obtain flow factor information corresponding to the target access request.
In some refinement scenarios, the traffic analysis server may place the parsed data into corresponding storage pools according to multidimensional factors, respectively. The processing process X may be responsible for maintaining the sample data in the dimension of the last 1 minute according to the FIFO (first in first out) principle, and summarizing the sample data in each dimension, and placing the sample data in a specified data queue after sorting according to the number of accesses from large to small. And then, under the condition of all the data are stored in the data queue, pool data of a storage pool can be emptied, and the storage space corresponding to the data pool is reused for receiving the original factor data under a new analysis period. And the processing process Y acquires the ordered sample data in the data queue for analysis. The analysis process may employ logic corresponding to steps S220 to S251 and S252.
A second exemplary embodiment of the present disclosure provides an apparatus for flow restriction processing.
Fig. 7 schematically shows a block diagram of an apparatus for flow restriction processing according to an embodiment of the present disclosure.
Referring to fig. 7, an apparatus 700 for flow restriction processing according to an embodiment of the present disclosure includes: an information acquisition module 701, a scoring configuration policy determination module 702, a calculation module 703, a current limit determination module 704, and a current limit processing module 705.
The information obtaining module 701 is configured to obtain flow factor information corresponding to a target access request in an analysis period; the flow factor information described above encompasses flow factors of at least two different analysis dimensions.
The scoring configuration policy determining module 702 is configured to determine factor scoring configuration information that matches the target access request; the factor scoring configuration information includes: a multi-dimensional factor scoring algorithm and a multi-dimensional factor access constraint.
The calculation module 703 is configured to perform scoring calculation on the flow factor information based on the multi-dimensional factor scoring algorithm, so as to obtain a multi-dimensional composite score.
The current limit determination module 704 is configured to determine whether the multi-dimensional composite score hits the multi-dimensional factor access limitation condition.
The current limit processing module 705 is configured to perform a current limit process on the target access request when the multi-dimensional factor access limitation condition is hit.
According to an embodiment of the present disclosure, the multi-dimensional factor scoring algorithm includes: the method comprises a conversion algorithm between the access times of a single factor and scoring, a target factor for comprehensive scoring in multiple dimensions and a corresponding scoring algorithm. Scoring calculation is carried out on the flow factor information based on the multidimensional factor scoring algorithm to obtain a multidimensional comprehensive score, and the method comprises the following steps: determining target access times corresponding to the target factors in the flow factor information; processing the target access times based on the conversion algorithm to obtain the scoring of the target factors; and processing the scoring of the target factors based on the scoring algorithm to obtain the multi-dimensional comprehensive score.
According to an embodiment of the present disclosure, determining whether the multi-dimensional composite score hits the multi-dimensional factor access restriction condition comprises: determining whether the multi-dimensional composite score is greater than a multi-dimensional score limit threshold; and considering that the multi-dimensional comprehensive score hits the multi-dimensional factor access limiting condition when the multi-dimensional comprehensive score is larger than the multi-dimensional score limiting threshold.
According to an embodiment of the present disclosure, the factor scoring configuration information further includes: single factor access restriction conditions. The apparatus 700 further includes: a single factor limit determination module.
The single factor limit determining module is used for analyzing according to the flow factor information and determining whether the target access request is in the single factor access limit condition.
Wherein, in the event that the above single factor access restriction condition is not in command, the following steps are performed: performing scoring calculation on the flow factor information based on the multi-dimensional factor scoring algorithm to obtain a multi-dimensional comprehensive score; and when the single factor access limiting condition is hit, performing a flow limiting process on the target access request.
According to an embodiment of the present disclosure, the above single factor access restriction condition includes at least one of: access times limitation conditions for the first factor; blacklist constraints for the second factor.
According to an embodiment of the present disclosure, the above-described flow factor information includes at least two of the following information: request IP address information, request header information, browser user agent information, request device number, request device type, request resource location identification, user identity identification information.
According to an embodiment of the disclosure, the device is a traffic analysis server, where the traffic analysis server is used as a pre-processing end of the server, and the server is configured to provide an access request processing service for a terminal device. The obtaining the flow factor information corresponding to the target access request in the analysis period includes: in the analysis period, receiving flow factor assembly information of an access request sent by a terminal device; analyzing the flow factor assembly information to obtain flow factor information and a module identifier; the module identifier is used for representing the type of the access interface corresponding to the access request; and screening the flow factor information in the analysis period based on the access interface type to obtain the flow factor information corresponding to the target access request.
According to an embodiment of the present disclosure, the analysis period is a unit period corresponding to a flow analysis period divided into time granularities; the flow analysis period corresponds to an on period of a flow analysis function of the terminal device, the flow analysis function being set by a user to function on or off.
According to an embodiment of the present disclosure, the current limiting process for the target access request includes: and returning a preset static access error page to the terminal equipment. The device further comprises: and a request forwarding module.
The request forwarding module is configured to forward the target access request to the server under a condition that the multi-dimensional factor access restriction condition is not met.
According to an embodiment of the present disclosure, determining factor scoring configuration information matching the target access request includes: screening in a factor scoring configuration strategy library according to the request type of the target access request to obtain factor scoring configuration information matched with the request type; the factor scoring configuration strategy library is generated according to factor scoring configuration information configured by a user on a visual interface.
For more details of this embodiment, reference may be made to the detailed description of the first embodiment, which will not be repeated here.
Any of the functional modules included in the apparatus 700 may be combined and implemented in one module, or any of the modules may be split into a plurality of modules. Alternatively, at least some of the functionality of one or more of the modules may be combined with at least some of the functionality of other modules and implemented in one module. At least one of the functional modules included in the apparatus 700 may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or in hardware or firmware in any other reasonable manner of integrating or packaging the circuits, or in any one of or a suitable combination of three of software, hardware, and firmware. Alternatively, at least one of the functional modules included in the apparatus 700 may be implemented at least partially as a computer program module, which when executed, performs the corresponding functions.
A third exemplary embodiment of the present disclosure provides an electronic device.
Fig. 8 schematically shows a block diagram of an electronic device provided by an embodiment of the disclosure.
Referring to fig. 8, an electronic device 800 provided in an embodiment of the present disclosure includes a processor 801, a communication interface 802, a memory 803, and a communication bus 804, where the processor 801, the communication interface 802, and the memory 803 complete communication with each other through the communication bus 804; a memory 803 for storing a computer program; the processor 801 is configured to execute a program stored in a memory, thereby implementing the flow restriction processing method described above.
The fourth exemplary embodiment of the present disclosure also provides a computer-readable storage medium. The computer-readable storage medium stores a computer program which, when executed by a processor, implements the method of flow restriction processing described above.
The computer-readable storage medium may be embodied in the apparatus/means described in the above embodiments; or may exist alone without being assembled into the apparatus/device. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
It should be noted that, in the technical solution provided by the embodiment of the present disclosure, the related aspects of collecting, updating, analyzing, processing, using, transmitting, storing, etc. of the personal information of the user all conform to the rules of relevant laws and regulations, and are used for legal purposes without violating the public order colloquial. Necessary measures are taken for the personal information of the user, illegal access to the personal information data of the user is prevented, and the personal information security, network security and national security of the user are maintained.
It should be noted that in this document, relational terms such as "first" and "second" and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing is merely a specific embodiment of the disclosure to enable one skilled in the art to understand or practice the disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (13)
1. A method of flow restriction processing, the method comprising:
acquiring flow factor information corresponding to a target access request in an analysis period; the flow factor information encompasses flow factors of at least two different analysis dimensions;
determining factor scoring configuration information matched with the target access request; the factor scoring configuration information comprises: a multi-dimensional factor scoring algorithm and a multi-dimensional factor access constraint;
performing scoring calculation on the flow factor information based on the multi-dimensional factor scoring algorithm to obtain a multi-dimensional comprehensive score;
determining whether the multi-dimensional composite score hits the multi-dimensional factor access constraint;
and carrying out flow limiting processing on the target access request under the condition that the access limit condition of the multi-dimensional factor is hit.
2. The method of claim 1, wherein the multi-dimensional factor scoring algorithm comprises: a conversion algorithm between the visit times of the single factors and scoring, a target factor for comprehensive scoring and a corresponding scoring algorithm under multiple dimensions;
performing scoring calculation on the flow factor information based on the multi-dimensional factor scoring algorithm to obtain a multi-dimensional comprehensive score, wherein the method comprises the following steps of:
Determining target access times corresponding to a target factor in the flow factor information;
processing the target access times based on the conversion algorithm to obtain the scoring of the target factors;
and processing the scoring of the target factors based on the scoring algorithm to obtain the multi-dimensional comprehensive score.
3. The method of claim 2, wherein determining whether the multi-dimensional composite score hits the multi-dimensional factor access constraint comprises:
determining whether the multi-dimensional composite score is greater than a multi-dimensional score limit threshold;
and when the multi-dimensional comprehensive score is larger than the multi-dimensional score limit threshold, the multi-dimensional comprehensive score is regarded as hitting the multi-dimensional factor access limit condition.
4. The method of claim 1, wherein the factor scoring configuration information further comprises: single factor access restriction conditions;
the method further comprises the steps of:
analyzing according to the flow factor information, and determining whether the target access request hits the single factor access limiting condition;
wherein, in case of a miss of the single factor access restriction condition, the following steps are performed: performing scoring calculation on the flow factor information based on the multi-dimensional factor scoring algorithm to obtain a multi-dimensional comprehensive score;
And carrying out flow limiting processing on the target access request under the condition that the single factor access limiting condition is hit.
5. The method of claim 4, wherein the single factor access restriction condition comprises at least one of:
access times limitation conditions for the first factor;
blacklist constraints for the second factor.
6. The method of claim 1, wherein the flow factor information comprises at least two of the following: request IP address information, request header information, browser user agent information, request device number, request device type, request resource location identification, user identity identification information.
7. The method according to any one of claims 1-6, wherein the method is applied to a traffic analysis server, the traffic analysis server being a pre-processing end of the server, the server being configured to provide access request processing services for terminal devices;
the obtaining flow factor information corresponding to the target access request in the analysis period includes:
in the analysis period, receiving flow factor assembly information of an access request sent by a terminal device;
Analyzing the flow factor assembly information to obtain flow factor information and a module identifier; the module identifier is used for representing the type of the access interface corresponding to the access request;
and screening the flow factor information in the analysis period based on the access interface type to obtain the flow factor information corresponding to the target access request.
8. The method of claim 7, wherein the analysis period is a corresponding unit period after dividing the traffic analysis period by a time granularity; the flow analysis period corresponds to an on period of a flow analysis function of the terminal device, the flow analysis function being set by a user to function on or off.
9. The method of claim 7, wherein throttling the target access request comprises: returning a preset static access error page to the terminal equipment;
the method further comprises the steps of:
and under the condition that the access limiting condition of the multi-dimensional factor is not missed, forwarding the target access request to the server.
10. The method of claim 1, wherein determining factor scoring configuration information that matches the target access request comprises:
Screening in a factor scoring configuration strategy library according to the request type of the target access request to obtain factor scoring configuration information matched with the request type; the factor scoring configuration strategy library is generated according to factor scoring configuration information configured by a user on a visual interface.
11. An apparatus for flow restriction processing, comprising:
the information acquisition module is used for acquiring flow factor information corresponding to the target access request in the analysis period; the flow factor information encompasses flow factors of at least two different analysis dimensions;
the scoring configuration strategy determining module is used for determining factor scoring configuration information matched with the target access request; the factor scoring configuration information comprises: a multi-dimensional factor scoring algorithm and a multi-dimensional factor access constraint;
the calculation module is used for scoring and calculating the flow factor information based on the multidimensional factor scoring algorithm to obtain a multidimensional comprehensive score;
a current limit determination module for determining whether the multi-dimensional composite score hits the multi-dimensional factor access limit condition;
and the current limiting processing module is used for carrying out current limiting processing on the target access request under the condition of hitting the access limiting condition of the multi-dimensional factors.
12. The electronic equipment is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
a memory for storing a computer program;
a processor for implementing the method of any one of claims 1-10 when executing a program stored on a memory.
13. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the method of any of claims 1-10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310928299.6A CN116723047A (en) | 2023-07-26 | 2023-07-26 | Flow restriction processing method, device, electronic equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310928299.6A CN116723047A (en) | 2023-07-26 | 2023-07-26 | Flow restriction processing method, device, electronic equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116723047A true CN116723047A (en) | 2023-09-08 |
Family
ID=87869944
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310928299.6A Pending CN116723047A (en) | 2023-07-26 | 2023-07-26 | Flow restriction processing method, device, electronic equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116723047A (en) |
-
2023
- 2023-07-26 CN CN202310928299.6A patent/CN116723047A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2936337B1 (en) | Interactivity analyses of web resources based on reload events | |
| JP6095491B2 (en) | How to predict call topics | |
| CN110417778B (en) | Access request processing method and device | |
| WO2015043491A1 (en) | Method and system for performing security verification on login of internet account | |
| US10282542B2 (en) | Information processing apparatus, information processing method, and computer readable medium | |
| WO2017113677A1 (en) | User behavior data processing method and system | |
| CN109669795B (en) | Crash information processing method and device | |
| EP3085023B1 (en) | Communications security | |
| JP2019517088A (en) | Security vulnerabilities and intrusion detection and remediation in obfuscated website content | |
| CN107426231B (en) | Method and device for identifying user behavior | |
| CN111786950A (en) | Situation awareness-based network security monitoring method, device, equipment and medium | |
| CN112733045B (en) | User behavior analysis method and device and electronic equipment | |
| CN104980421B (en) | Batch request processing method and system | |
| WO2018161880A1 (en) | Media search keyword pushing method, device and data storage media | |
| CN111612085B (en) | Method and device for detecting abnormal points in peer-to-peer group | |
| CN111158926B (en) | Service request analysis method, device and equipment | |
| US9348999B2 (en) | User terminal, reliability management server, and method and program for preventing unauthorized remote operation | |
| CN108804501B (en) | Method and device for detecting effective information | |
| CN110955890A (en) | Method and device for detecting malicious batch access behaviors and computer storage medium | |
| CN110460593B (en) | Network address identification method, device and medium for mobile traffic gateway | |
| CN115051867B (en) | Illegal external connection behavior detection method and device, electronic equipment and medium | |
| CN116723047A (en) | Flow restriction processing method, device, electronic equipment and medium | |
| TW201928746A (en) | Method and apparatus for detecting malware | |
| CN108257011B (en) | Drop list processing method and device | |
| CN114969530A (en) | Service data processing method and device and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |