CN100411344C - Web server load control method for resisting rejection service attack - Google Patents
Web server load control method for resisting rejection service attack Download PDFInfo
- Publication number
- CN100411344C CN100411344C CNB2004100139612A CN200410013961A CN100411344C CN 100411344 C CN100411344 C CN 100411344C CN B2004100139612 A CNB2004100139612 A CN B2004100139612A CN 200410013961 A CN200410013961 A CN 200410013961A CN 100411344 C CN100411344 C CN 100411344C
- Authority
- CN
- China
- Prior art keywords
- service
- user
- request
- web server
- dispatch
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 23
- 238000012544 monitoring process Methods 0.000 claims abstract description 24
- 230000002159 abnormal effect Effects 0.000 claims abstract description 14
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 claims description 3
- 230000005856 abnormality Effects 0.000 claims description 2
- 230000005764 inhibitory process Effects 0.000 claims description 2
- 206010033799 Paralysis Diseases 0.000 description 2
- 230000001681 protective effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The present invention relates to a Web server service dispatching and load controlling method for resisting rejection service attacks. The method comprises the following steps: (1) starting monitoring function to begin to monitor the state of a system; (2) receiving a network service request; (3) collecting the characteristic of the service request; (4) if the system is in an abnormal state, switching to step 7; (5) executing normal network service processing; (6) if the system continues running, switching to step 2; otherwise, switching to step 9; (7) analyzing the type of a user according to the state of the system and the characteristic of the service request of the user; (8) executing a dispatching service according to the type of the user and switching to step 6; (9) stopping the monitoring function of the state of the system; (10) ending. The present invention improves the identifying capability and the protection capability of the Web server for the rejection service attacks.
Description
Technical field
The present invention relates to Web server, the method for particularly a kind of service dispatch that can resist Denial of Service attack and load control.
Background technology
Web server is the vitals in the information system, can be widely used in the application such as portal website, E-Government, ecommerce of network environments such as Internet.Along with Web server is used to various important information system, also more and more higher to the requirement of its anti-attack performance.Denial of Service attack is one of common attack at Web server, and attack can cause server performance to descend significantly even can not effectively play a role.Because identification and protection to Denial of Service attack have big difficulty, present Web server often is faced with under attack and sinks into inoperable threat.
Summary of the invention
Main purpose of the present invention is weak, easy because of being attacked the problem that service can not effectively be provided to the identification and the protective capacities of Denial of Service attack at present Web server, provide a kind of and can more accurately discern the load control method of attacking and avoiding server service to paralyse, to improve the service performance of server.
For realizing described purpose of the present invention, the invention provides a kind of Web server service dispatch and load control method of anti-Denial of Service attack, this method may further comprise the steps: (1) starts monitoring function and begins system status monitoring; (2) accept network service request; (3) service request is carried out collection apparatus; When (4) being in normal condition as if system, the Request System service processing; If system is in abnormal condition, then forward step 7 to; (5) carry out the proper network service processing; (6) if system continues operation, then forward step 2 to, otherwise forward step 9 to; (7) carry out the user type analysis according to system mode and user's service request feature; (8) carry out dispatch service according to user type; Forward step 6 to; (9) halt system condition monitoring function; (10) finish.
Characteristics of the present invention are: strengthen identification and the protective capacities of Web server to Denial of Service attack, being unlikely to can not effectively be provided service because of attacking, can more accurately discern the load control method of attacking and avoiding server service to paralyse, improve the work service ability of server.
Below in conjunction with accompanying drawing most preferred embodiment is elaborated.
Description of drawings
Fig. 1 Web server load control system workflow diagram
The flow chart of Fig. 2 the inventive method
The flow chart of Fig. 3 system monitoring process
Embodiment
As shown in Figure 1, the Web server load control system is by asking to accept control, asking to accept, ask modules such as collection apparatus, system state monitoring, abnormal user identification, load dispatch control and service processing to be formed.It is the basic function structure of Web service system that control is accepted in request acceptance, service processing and request.For realizing the defence capability to DDoS, this method has added modules such as request collection apparatus, system state monitoring, abnormal user identification and load dispatch control.Request collection apparatus module real time monitoring record service request is given abnormal user identification module and system state monitoring module with analysis result.The system state monitoring module judges according to service request whether system is in a safe condition, and notifies abnormal user identification module and load dispatch control module with precarious position.The abnormal user identification module detects dystropic user according to the analysis result of request collection apparatus module, and the notification payload dispatching control module.What kind of service processing the decision of load dispatch module is carried out and whether is received its later service request the user, according to system load state and class of subscriber, service request is dispatched and is controlled.
Method of the present invention as shown in Figure 2.Step 10 is initial actuatings.Step 11 start-up system monitoring function is safeguarded system mode.The system monitoring method will be specifically introduced in the part of back in conjunction with Fig. 3.Step 12 receives service request from network.Step 13 pair requested feature is gathered, record.Step 14 judges whether system is in normal condition, if execution in step 15 then; Otherwise execution in step 16.Step 16 is carried out the class of subscriber analysis.The inventive method recording user is categorized as normal users, suspicious user and malicious user in the service history of server and with the user.Usually the user is a normal users.New user when system is in abnormal condition and request speed are higher to be suspicious user as the user greater than 50 times/second.Suspicious user still keeps the high-speed requests state through intervening indicative service, then is malicious user; Otherwise be normal users.Step 17 is carried out classified service according to system mode and class of subscriber.Normal users is carried out service processing; Suspicious user is intervened indicative service, and it changes the warning of request rate promptly to send indication.Do not provide service to malicious user, and malicious user is charged to the blacklist set that control is accepted in request.
Fig. 3 describes Fig. 2 step 11 in detail, and its effect is the load condition of monitoring and maintenance system.The step 110 of Fig. 3 is an initial state.Step 111 acquisition system service scenario, the Adjustment System state.4 kinds of states such as the inventive method definition is normal, unusual, danger and overload: be generally normal condition; When system load surpasses prescribed limit, as greater than 80% o'clock of maximum service ability, system is an overload condition; When new user advances the speed above prescribed limit, as greater than 30/second the time, system is a precarious position; When request is advanced the speed above prescribed limit, as greater than 3000/second the time, system is an abnormality.Step 112 is carried out service dispatch control according to system mode.When system is in overload condition, accept the highest hypervelocity user's of control module inhibition request speed request visit by request.Malicious user in the blacklist set is accepted control module by request forbid its request visit.Step 113 is adjusted access control according to strategy.To the visit of malicious user permanent ban, unless the special user is forbidden by the manual process releasing.To common hypervelocity user, forbidding a period of time, after 10 minutes, remove its request and forbid.Step 114 judges whether system monitoring finishes, if execution in step 115 then; Otherwise forwarding step 111 to continues to carry out.Step 115 is the done state of Fig. 3.
Claims (5)
1. the Web server service dispatch and the load control method of an anti-Denial of Service attack is characterized in that may further comprise the steps: (1) starts monitoring function and begins system status monitoring; (2) accept network service request; (3) service request is carried out collection apparatus, request collection apparatus module real time monitoring record service request is given abnormal user identification module and system state monitoring module with analysis result; The system state monitoring module judges according to service request whether system is in a safe condition, and notify abnormal user identification module and load dispatch control module with precarious position, the abnormal user identification module detects dystropic user according to the analysis result of request collection apparatus module, and the notification payload dispatching control module; What kind of service processing the decision of load dispatch module is carried out and whether is received its later service request the user, according to system load state and class of subscriber, service request is dispatched and is controlled; When (4) being in normal condition as if system, the Request System service processing; If system is in abnormal condition, then forwards step 7 to and carry out the class of subscriber analysis; (5) carry out the proper network service processing; (6) if system continues operation, then forward step 2 to, otherwise forward step 9 to; (7) carry out the user type analysis according to system mode and user's service request feature; Carry out classified service according to system mode and class of subscriber, recording user is categorized as normal users, suspicious user and malicious user in the service history of server and with the user; Usually the user is a normal users; New user when system is in abnormal condition and request speed are suspicious user greater than 50 times/second user, and suspicious user still keeps the high-speed requests state through intervening indicative service, then is malicious user; Otherwise be normal users; Normal users is carried out service processing; Suspicious user is intervened indicative service, and it changes the warning of request rate promptly to send indication; Do not provide service to malicious user, and malicious user is charged to the blacklist set that control is accepted in request; (8) carry out dispatch service according to user type; Judge whether system service finishes, if execution in step 9 then, otherwise forward step 6 to; (9) halt system condition monitoring function; (10) finish.
2. by the Web server service dispatch and the load control method of the described anti-Denial of Service attack of claim 1, it is characterized in that described Web server load control is by asking to accept control, asking to accept, ask collection apparatus, system state monitoring, abnormal user identification, load dispatch control and service processing module to realize.
3. by the Web server service dispatch and the load control method of the described anti-Denial of Service attack of claim 2, it is characterized in that system monitoring state step acquisition system service scenario, normal, unusual, the dangerous and 4 kinds of states that overload of definition: be generally normal condition; When system load surpasses prescribed limit, system is an overload condition; When new user advances the speed above prescribed limit, system is a precarious position; When request is advanced the speed above prescribed limit, system is an abnormality; According to system mode, carry out service dispatch control, when system is in overload condition, accept the highest hypervelocity user's of control module inhibition request speed request visit by request.
4. by the Web server service dispatch and the load control method of the described anti-Denial of Service attack of claim 2, it is characterized in that malicious user in the blacklist set is accepted control module by request forbids its request visit.
5. by the Web server service dispatch and the load control method of the described anti-Denial of Service attack of claim 2, it is characterized in that adjusting access control according to strategy; To the visit of malicious user permanent ban, unless the special user is forbidden by the manual process releasing; To common hypervelocity user, forbidding a period of time, remove its request and forbid.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100139612A CN100411344C (en) | 2004-01-19 | 2004-01-19 | Web server load control method for resisting rejection service attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100139612A CN100411344C (en) | 2004-01-19 | 2004-01-19 | Web server load control method for resisting rejection service attack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1558601A CN1558601A (en) | 2004-12-29 |
| CN100411344C true CN100411344C (en) | 2008-08-13 |
Family
ID=34351213
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100139612A Expired - Fee Related CN100411344C (en) | 2004-01-19 | 2004-01-19 | Web server load control method for resisting rejection service attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100411344C (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7721091B2 (en) * | 2006-05-12 | 2010-05-18 | International Business Machines Corporation | Method for protecting against denial of service attacks using trust, quality of service, personalization, and hide port messages |
| CN101340327B (en) | 2008-08-21 | 2011-11-30 | 腾讯科技(深圳)有限公司 | Method and system for implementing load balance of network server |
| CN107026851A (en) * | 2017-03-22 | 2017-08-08 | 西安电子科技大学 | A kind of real-time system guard method based on stream data processing |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1350231A (en) * | 2001-12-04 | 2002-05-22 | 上海复旦光华信息科技股份有限公司 | By-pass investigation and remisson method for rejecting service attack |
| EP1226689A2 (en) * | 2000-06-26 | 2002-07-31 | Sun Microsystems, Inc. | Method and apparatus for preventing a denial of service (dos) attack by selectively throttling tcp/ip requests |
| WO2003005666A2 (en) * | 2001-07-03 | 2003-01-16 | Intel Corporation | An apparatus and method for secure, automated response to distributed denial of service attacks |
-
2004
- 2004-01-19 CN CNB2004100139612A patent/CN100411344C/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1226689A2 (en) * | 2000-06-26 | 2002-07-31 | Sun Microsystems, Inc. | Method and apparatus for preventing a denial of service (dos) attack by selectively throttling tcp/ip requests |
| WO2003005666A2 (en) * | 2001-07-03 | 2003-01-16 | Intel Corporation | An apparatus and method for secure, automated response to distributed denial of service attacks |
| CN1350231A (en) * | 2001-12-04 | 2002-05-22 | 上海复旦光华信息科技股份有限公司 | By-pass investigation and remisson method for rejecting service attack |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1558601A (en) | 2004-12-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR100609170B1 (en) | system of network security and working method thereof | |
| CN101147143B (en) | Methods and apparatus providing security to computer systems and networks | |
| US9130983B2 (en) | Apparatus and method for detecting abnormality sign in control system | |
| CN101136922B (en) | Service stream recognizing method, device and distributed refusal service attack defending method, system | |
| Chen et al. | A model-based approach to self-protection in computing system | |
| CN101022343B (en) | Network invading detecting/resisting system and method | |
| CN101505302A (en) | Dynamic regulating method and system for security policy | |
| CN101150586A (en) | CC attack prevention method and device | |
| CN107508831B (en) | Bus-based intrusion detection method | |
| CN101902348A (en) | Network security system and system load automatic adjusting method thereof | |
| Singh et al. | Security evaluation of two intrusion detection systems in smart grid SCADA environment | |
| CN100557545C (en) | A kind of method of distinguishing the harmful program behavior | |
| US20030084344A1 (en) | Method and computer readable medium for suppressing execution of signature file directives during a network exploit | |
| CN104219211B (en) | The detection method and device of network security in a kind of system for cloud computing | |
| EP3536004B1 (en) | Distributed firewall system | |
| CN100411344C (en) | Web server load control method for resisting rejection service attack | |
| US10171492B2 (en) | Denial-of-service (DoS) mitigation based on health of protected network device | |
| CN113467311B (en) | Electric power Internet of things safety protection device and method based on software definition | |
| CN109150890A (en) | The means of defence and relevant device of newly-built connection attack | |
| KR20120000942A (en) | Bot-infected host detection apparatus and method based on blacklist access statistics | |
| CN101795277A (en) | Flow detection method and equipment in unidirectional flow detection mode | |
| CN114285633B (en) | Computer network security monitoring method and system | |
| CN111835719A (en) | Computer network firewall system based on multi-terminal inspection and working method thereof | |
| CN101415000A (en) | Method for preventing Dos aggression of business support system | |
| CN100484043C (en) | Detecting method for preventing SYN flooding attack of network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20080813 Termination date: 20120119 |