CN102291253A - Early warning method and early warning device for message security in network communication - Google Patents
Early warning method and early warning device for message security in network communication Download PDFInfo
- Publication number
- CN102291253A CN102291253A CN2011101864106A CN201110186410A CN102291253A CN 102291253 A CN102291253 A CN 102291253A CN 2011101864106 A CN2011101864106 A CN 2011101864106A CN 201110186410 A CN201110186410 A CN 201110186410A CN 102291253 A CN102291253 A CN 102291253A
- Authority
- CN
- China
- Prior art keywords
- message
- preset value
- sends
- user
- type
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Telephonic Communication Services (AREA)
Abstract
The invention provides an early warning method and an early warning device for message security in network communication. The method comprises the following steps: the idle thread of a server is triggered according to triggering strategies, and according to security strategies, the idle thread judges whether all the messages sent by users who carry out the network communication in the server are in a secure state; and when the messages sent by the users are in a dangerous state, the idle thread starts early warning measures.
Description
Technical field
The invention belongs to network communication field, relate in particular to the method for early warning and the device of message safety in a kind of network service.
Background technology
Along with development of internet technology, information security is more and more paid attention in the network service.At present, in the communication service process, trigger main thread usually and go to verify whether current communication service is in a safe condition.Yet, when communication service is busy, triggers main thread and go to verify whether current communication service is in a safe condition, can greatly reduce the efficient of communication service.
In addition, verify that at present the security strategy of communication service is comparatively single, the early warning strategy is comparatively single, can't in time notify the related personnel to handle.
Summary of the invention
The invention provides message safety in a kind of network service method for early warning and the device to address the above problem.
The invention provides the method for early warning of message safety in a kind of network service, may further comprise the steps.Trigger the idle thread of server according to trigger policy.Idle thread judges according to security strategy whether all messages sent by users of carrying out network service in the server are in a safe condition.When messages sent by users was in the hole, idle thread started the early warning measure.
The present invention also provides the prior-warning device of message safety in a kind of network service, comprises trigger module, authentication module and early warning module.Trigger module is used for triggering according to trigger policy the idle thread of server.Authentication module connects trigger module, is used for judging according to security strategy whether all messages sent by users that server carries out network service are in a safe condition.Early warning module connectivity verification module is used for when messages sent by users is in the hole, starts the early warning measure.
Compared to prior art, method for early warning and device according to message safety in the network service provided by the invention, whether trigger all messages sent by users of carrying out network service in the idle thread authentication server is in a safe condition, avoid using in the prior art communication service main thread to go to verify whether messages sent by users is in a safe condition, thereby improved communication efficiency.In addition, when idle process judges that according to security strategy messages sent by users is in the hole, start the early warning measure, to improve the early warning effect.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, and illustrative examples of the present invention and explanation thereof are used to explain the present invention, do not constitute improper qualification of the present invention.In the accompanying drawings:
Figure 1 shows that the flow chart of the method for early warning of message safety in the network service that preferred embodiment according to the present invention provides;
Figure 2 shows that the schematic diagram of the prior-warning device of message safety in the network service that preferred embodiment according to the present invention provides.
Embodiment
Hereinafter will describe the present invention with reference to the accompanying drawings and in conjunction with the embodiments in detail.Need to prove that under the situation of not conflicting, embodiment and the feature among the embodiment among the application can make up mutually.
Figure 1 shows that the flow chart of the method for early warning of message safety in the network service that preferred embodiment according to the present invention provides.As shown in Figure 1, the method for early warning of message safety comprises step 101~103 in the network service that provides of preferred embodiment of the present invention.
In step 101, trigger the idle thread of server according to trigger policy.Wherein, trigger policy is: regularly trigger idle thread; The real-time message number and the CPU usage that receive of check server, the message number that receives in server during greater than dangerous values, trigger idle thread greater than preset value or CPU usage; When idle thread in regularly trigger first constantly and second be in idle condition between constantly, and the message number that server receives is less than or equal to preset value, and CPU usage triggers idle thread when being less than or equal to dangerous values.In this, according to trigger policy regularly or trigger idle thread in real time and carry out message safety and detect, improved the promptness of early warning.
Particularly, create timer, regularly trigger idle thread, for example can be set to idle thread of triggering in per 5 minutes and carry out the detection of message safety.Yet the present invention is not limited thereto.In practical application, timing can be set as required.
In addition, server can be created the message sink formation, and the message that receives is placed in the message sink formation, simultaneously, and message number and the CPU usage of checking server to receive in real time.For example, judge that at first whether the message number of server reception is greater than preset value.If greater than preset value, then trigger idle thread, if less than preset value, can continue to judge whether greater than dangerous values (for example: 90%) CPU usage.If CPU usage greater than dangerous values, then triggers idle thread.
In addition, if idle thread in regularly trigger first constantly (for example: 12::00) with second moment (for example: be in idle condition 12:10) (promptly, after idle thread was triggered in first moment, idle thread is not reaching second detection of constantly promptly finishing message safety), and the message number of checking server to receive in real time is less than or equal to preset value, and when CPU usage is less than or equal to dangerous values, trigger idle thread.In this, the idle thread of triggering can be carried out the detection of message safety.Yet the present invention is not limited thereto.In other embodiment, the idle thread of triggering also can be carried out other operation.
In step 102, idle thread judges according to security strategy whether all messages sent by users of carrying out network service in the server are in a safe condition.
Wherein, in a preferred embodiment, when user's type comprises three types, security strategy is: when the number of the message that sends in the first kind Subscriber Unit time during greater than first preset value, first kind messages sent by users is in the hole, when the number of the message that sends in the first kind Subscriber Unit time was less than or equal to first preset value, first kind messages sent by users was in a safe condition; The number of the message that sends in the unit interval when second type of user is during greater than second preset value, the message that second type of user sends is in the hole, when the number of the message that sends in the unit interval when second type of user was less than or equal to second preset value, the message that second type of user sends was in a safe condition; The number of the message that sends in the unit interval when the 3rd type of user is during greater than the 3rd preset value, the message that the 3rd type of user sends is in the hole, when the number of the message that sends in the unit interval when the 3rd type of user was less than or equal to the 3rd preset value, the message that the 3rd type of user sends was in a safe condition.Wherein, first preset value is greater than second preset value, and second preset value is greater than the 3rd preset value.In addition, message comprises that user's log messages, user publish message and service logic request message (for example, register requirement, query requests etc.).Yet the present invention is not limited thereto.
For example, user's the first kind is VIP user, and second type is common registered user, and the 3rd type is visitor's (being non-registered users).Unit interval for example can be 1 second.Message number is for example published the sum of message number and service logic request message number for user's log messages number, user.At this moment, security strategy is: when the number of the message that sends in the VIP Subscriber Unit time (1 second) during greater than first preset value (for example: 15), the VIP messages sent by users is in the hole, when the number of the message that sends in the VIP Subscriber Unit time was less than or equal to first preset value, the VIP messages sent by users was in a safe condition; The number of the message that sends in the unit interval as common registered user is during greater than second preset value (for example: 10), the message that common registered user sends is in the hole, when the number of the message that sends in the unit interval as common registered user was less than or equal to second preset value, the message that common registered user sends was in a safe condition; The number of the message that sends in the unit interval as the visitor is during greater than the 3rd preset value (for example: 5), the message that the visitor sends is in the hole, when the number of the message that sends in the unit interval as the visitor was less than or equal to the 3rd preset value, the message that the visitor sends was in a safe condition.So, different safe condition criterions is set, thereby improves registered user's experience sense at dissimilar users, and the illegal operation of effective monitoring non-registered users.
In addition, in another preferred embodiment, when user's type comprises three types, security strategy is: when the number of the first kind message that sends in the first kind Subscriber Unit time during greater than preset value A, the first kind message that first kind user sends is in the hole, when the number of the first kind message that sends in the first kind Subscriber Unit time was less than or equal to preset value A, the first kind message that first kind user sends was in a safe condition; The number of the first kind message that sends in the unit interval when second type of user is during greater than preset value B, the first kind message that second type of user sends is in the hole, when the number of the first kind message that sends in the unit interval when second type of user was less than or equal to preset value B, the first kind message that second type of user sends was in a safe condition; The number of the first kind message that sends in the unit interval when the 3rd type of user is during greater than preset value C, the first kind message that the 3rd type of user sends is in the hole, when the number of the first kind message that sends in the unit interval when the 3rd type of user was less than or equal to preset value C, the first kind message that the 3rd type of user sends was in a safe condition.Wherein, preset value A is greater than preset value B, and preset value B is greater than preset value C.In addition, first kind message is that user's log messages, user publish message or service logic request message (for example, register requirement, query requests etc.).Yet the present invention is not limited thereto.
For example, user's the first kind is VIP user, and second type is common registered user, and the 3rd type is visitor's (being non-registered users).Unit interval for example can be 1 second.The number that the number of first kind message is for example published message for the number of user's log messages, user or the number of service logic request message.At this moment, security strategy is: when the number of the first kind message that sends in the VIP Subscriber Unit time (1 second) during greater than preset value A (for example: 10), the first kind message that VIP user sends is in the hole, when the number of the first kind message that sends in the VIP Subscriber Unit time was less than or equal to preset value A, the VIP messages sent by users was in a safe condition; The number of the first kind message that sends in the unit interval as common registered user is during greater than preset value B (for example: 7), the message that common registered user sends is in the hole, when the number of the first kind message that sends in the unit interval as common registered user was less than or equal to preset value B, the message that common registered user sends was in a safe condition; The number of the first kind message that sends in the unit interval as the visitor is during greater than preset value C (for example: 3), the message that the visitor sends is in the hole, when the number of the first kind message that sends in the unit interval as the visitor was less than or equal to preset value C, the message that the visitor sends was in a safe condition.By above-mentioned security strategy, can detect the user and frequently land unusually or publish, do not land situations such as just sending the service logic request as yet.So, different safe condition criterions is set, can determines to influence the type of message of fail safe, also improved registered user's experience sense at dissimilar users and dissimilar message, and the illegal operation of effective monitoring non-registered users.
In step 103, when messages sent by users was in the hole, idle thread started the early warning measure.Wherein, the early warning measure for example comprises that sound alarm, server of server sends short message and send mail to the keeper to keeper, server.So, the keeper can determine that user's type is to take appropriate measures according to warning information.For example, if the user is VIP user or common registered user, then Frozen Account if the user is the visitor, is then deleted account.So, can in time notify the keeper to carry out relevant treatment by multiple early warning mode, thereby guarantee Network Communicate Security.
Figure 2 shows that the schematic diagram of the prior-warning device of message safety in the network service that preferred embodiment according to the present invention provides.As shown in Figure 2, the prior-warning device of message safety comprises trigger module 201, authentication module 202 and early warning module 203 in the network service that provides of preferred embodiment of the present invention.Wherein, trigger module 201 is used for triggering according to trigger policy the idle thread of server.Authentication module 202 connects trigger modules 201, is used for judging according to security strategy whether all messages sent by users that server carries out network service are in a safe condition.Early warning module 203 connectivity verification modules 202 are used for when messages sent by users is in the hole, start the early warning measure.
Wherein, trigger module 201 comprises real-time trigger module and timing trigger module.Regularly trigger module connects real-time trigger module.Regularly trigger module regularly triggers idle process.In real time trigger module is checked message number and the CPU usage that server receives in real time, and the message number that receives in server during greater than dangerous values, triggers idle process greater than preset value or CPU usage.When idle thread in regularly trigger first constantly and second be in idle condition between constantly, and the message number that server receives is less than or equal to preset value, and CPU usage is when being less than or equal to dangerous values, trigger module triggers idle thread in real time.
In addition, described about security strategy with above-mentioned method for early warning, so repeat no more in this.
In sum, the method for early warning of message safety and device in the network service that preferred embodiment provides according to the present invention, whether trigger all messages sent by users of carrying out network service in the idle thread authentication server is in a safe condition, avoid using in the prior art communication service main thread to go to verify whether messages sent by users is in a safe condition, thereby improved communication efficiency.In addition, when idle process judges that according to security strategy messages sent by users is in the hole, start the early warning measure, to improve the early warning effect.In addition, trigger idle thread in real time or regularly according to trigger policy and carry out the message safety detection, improved the promptness of early warning.Simultaneously, at dissimilar users different safe condition criterions is set, thereby has improved registered user's experience sense, and the illegal operation of effective monitoring non-registered users.
The above is the preferred embodiments of the present invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. the method for early warning of message safety in the network service is characterized in that, may further comprise the steps:
Trigger the idle thread of server according to trigger policy;
Described idle thread judges according to security strategy whether all messages sent by users of carrying out network service in the described server are in a safe condition;
When described messages sent by users was in the hole, described idle thread started the early warning measure.
2. the method for early warning of message safety is characterized in that in the network service according to claim 1, and described trigger policy is: regularly trigger described idle thread; The real-time message number and the CPU usage that receive of the described server of check, the message number that receives in described server during greater than dangerous values, trigger described idle thread greater than preset value or described CPU usage; When described idle thread is in idle condition in first moment and second of regularly triggering constantly, and the message number that described server receives is less than or equal to preset value, and when described CPU usage is less than or equal to described dangerous values, trigger described idle thread.
3. the method for early warning of message safety is characterized in that in the network service according to claim 1, and when described user's type comprised three types, described security strategy was:
When the number of the message that sends in the first kind Subscriber Unit time during greater than first preset value, described first kind messages sent by users is in the hole, when the number of the message that sends in the described first kind Subscriber Unit time was less than or equal to described first preset value, described first kind messages sent by users was in a safe condition;
The number of the message that sends in the unit interval when second type of user is during greater than second preset value, the message that described second type of user sends is in the hole, when the number of the message that sends in the unit interval when described second type of user was less than or equal to described second preset value, the message that described second type of user sends was in a safe condition;
The number of the message that sends in the unit interval when the 3rd type of user is during greater than the 3rd preset value, the message that described the 3rd type of user sends is in the hole, when the number of the message that sends in the unit interval when described the 3rd type of user is less than or equal to described the 3rd preset value, the message that described the 3rd type of user sends is in a safe condition
Wherein, described first preset value is greater than described second preset value, and described second preset value is greater than described the 3rd preset value.
4. the method for early warning of message safety is characterized in that in the network service according to claim 3, and described message comprises that user's log messages, user publish message and service logic request message.
5. the method for early warning of message safety is characterized in that in the network service according to claim 1, and when described user's type comprised three types, described security strategy was:
When the number of the first kind message that sends in the first kind Subscriber Unit time during greater than preset value A, the first kind message that described first kind user sends is in the hole, when the number of the first kind message that sends in the described first kind Subscriber Unit time was less than or equal to described preset value A, the first kind message that described first kind user sends was in a safe condition;
The number of the first kind message that sends in the unit interval when second type of user is during greater than preset value B, the first kind message that described second type of user sends is in the hole, when the number of the first kind message that sends in the unit interval when described second type of user was less than or equal to described preset value B, the first kind message that described second type of user sends was in a safe condition;
The number of the first kind message that sends in the unit interval when the 3rd type of user is during greater than preset value C, the first kind message that described the 3rd type of user sends is in the hole, when the number of the first kind message that sends in the unit interval when described the 3rd type of user is less than or equal to described preset value C, the first kind message that described the 3rd type of user sends is in a safe condition
Wherein, described preset value A is greater than described preset value B, and described preset value B is greater than described preset value C.
6. the method for early warning of message safety is characterized in that in the network service according to claim 5, and described first kind message is that user's log messages, user publish message or service logic request message.
7. the prior-warning device of message safety in the network service is characterized in that, comprising:
Trigger module is used for the idle thread according to trigger policy triggering server;
Authentication module connects described trigger module, is used for judging according to security strategy whether all messages sent by users that described server carries out network service are in a safe condition; And
The early warning module connects described authentication module, is used for when described messages sent by users is in the hole, starts the early warning measure.
8. the prior-warning device of message safety in the network service according to claim 7, it is characterized in that, described trigger module comprises real-time trigger module and timing trigger module, described timing trigger module connects described real-time trigger module, described timing trigger module regularly triggers described idle process, the message number and the CPU usage of the described server reception of described real-time trigger module check in real time, and the message number that receives in described server is greater than preset value or described CPU usage during greater than dangerous values, trigger described idle process, when described idle thread is in idle condition in first moment and second of regularly triggering constantly, and the message number that described server receives is less than or equal to preset value, and when described CPU usage was less than or equal to described dangerous values, described real-time trigger module triggered described idle thread.
9. the prior-warning device of message safety is characterized in that in the network service according to claim 7, and when described user's type comprised three types, described security strategy was:
When the number of the message that sends in the first kind Subscriber Unit time during greater than first preset value, described first kind messages sent by users is in the hole, when the number of the message that sends in the described first kind Subscriber Unit time was less than or equal to described first preset value, described first kind messages sent by users was in a safe condition;
The number of the message that sends in the unit interval when second type of user is during greater than second preset value, the message that described second type of user sends is in the hole, when the number of the message that sends in the unit interval when described second type of user was less than or equal to described second preset value, the message that described second type of user sends was in a safe condition;
The number of the message that sends in the unit interval when the 3rd type of user is during greater than the 3rd preset value, the message that described the 3rd type of user sends is in the hole, when the number of the message that sends in the unit interval when described the 3rd type of user is less than or equal to described the 3rd preset value, the message that described the 3rd type of user sends is in a safe condition
Wherein, described first preset value is greater than described second preset value, and described second preset value is greater than described the 3rd preset value.
10. the prior-warning device of message safety is characterized in that in the network service according to claim 7, and when described user's type comprised three types, described security strategy was:
When the number of the first kind message that sends in the first kind Subscriber Unit time during greater than preset value A, the first kind message that described first kind user sends is in the hole, when the number of the first kind message that sends in the described first kind Subscriber Unit time was less than or equal to described preset value A, the first kind message that described first kind user sends was in a safe condition;
The number of the first kind message that sends in the unit interval when second type of user is during greater than preset value B, the first kind message that described second type of user sends is in the hole, when the number of the first kind message that sends in the unit interval when described second type of user was less than or equal to described preset value B, the first kind message that described second type of user sends was in a safe condition;
The number of the first kind message that sends in the unit interval when the 3rd type of user is during greater than preset value C, the first kind message that described the 3rd type of user sends is in the hole, when the number of the first kind message that sends in the unit interval when described the 3rd type of user is less than or equal to described preset value C, the first kind message that described the 3rd type of user sends is in a safe condition
Wherein, described preset value A is greater than described preset value B, and described preset value B is greater than described preset value C.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011101864106A CN102291253A (en) | 2011-07-05 | 2011-07-05 | Early warning method and early warning device for message security in network communication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011101864106A CN102291253A (en) | 2011-07-05 | 2011-07-05 | Early warning method and early warning device for message security in network communication |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102291253A true CN102291253A (en) | 2011-12-21 |
Family
ID=45337376
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011101864106A Pending CN102291253A (en) | 2011-07-05 | 2011-07-05 | Early warning method and early warning device for message security in network communication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102291253A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105357170A (en) * | 2014-08-21 | 2016-02-24 | 中兴通讯股份有限公司 | Security service audit processing method and device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1756257A (en) * | 2004-09-30 | 2006-04-05 | 北京航空航天大学 | Host performance collection proxy in large-scale network |
| CN101193002A (en) * | 2006-11-20 | 2008-06-04 | 中兴通讯股份有限公司 | A fault diagnosis and alarming method for broadband access service |
-
2011
- 2011-07-05 CN CN2011101864106A patent/CN102291253A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1756257A (en) * | 2004-09-30 | 2006-04-05 | 北京航空航天大学 | Host performance collection proxy in large-scale network |
| CN101193002A (en) * | 2006-11-20 | 2008-06-04 | 中兴通讯股份有限公司 | A fault diagnosis and alarming method for broadband access service |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105357170A (en) * | 2014-08-21 | 2016-02-24 | 中兴通讯股份有限公司 | Security service audit processing method and device |
| WO2016026303A1 (en) * | 2014-08-21 | 2016-02-25 | 中兴通讯股份有限公司 | Auditing processing method and apparatus for security service |
| WO2016026403A1 (en) * | 2014-08-21 | 2016-02-25 | 中兴通讯股份有限公司 | Security service auditing method and apparatus |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103442353B (en) | A kind of safely controllable internet of things data transmission method | |
| CN106780901A (en) | A kind of intelligent door lock system and its application based on mobile phone MAC Address | |
| CN104753936A (en) | Opc security gateway system | |
| CN101150586A (en) | CC attack prevention method and device | |
| CN104980449B (en) | The safety certifying method and system of network request | |
| RU2012104527A (en) | METHODS AND DEVICES FOR INITIATING SUBSCRIBER DATA SUPPLY IN HSS NETWORK OF MULTIMEDIA IP PROTOCOL SUBSYSTEM | |
| US20140026226A1 (en) | Device, method and program for preventing information leakage | |
| CN106331190A (en) | IP address withdrawing method and device, and dynamic host configuration protocol server | |
| CN107835193A (en) | A kind of safety communication system and method based on signature mechanism | |
| CN103188254A (en) | Network security protection method capable of giving consideration to both smoothness and safety of internal and external network information | |
| CN107483459A (en) | The interface protection method of anti-replay-attack | |
| CN103812958B (en) | Processing method, NAT device and the BNG equipment of NAT technology | |
| CN107547566A (en) | A kind of method and device of processing business message | |
| CN103686651A (en) | Emergency call based authentication method, device and system | |
| CN106209851A (en) | A kind of safety protection system and method for Computer information network | |
| CN110049028A (en) | Monitor method, apparatus, computer equipment and the storage medium of domain control administrator | |
| CN107770113A (en) | A kind of accurate flood attack detection method for determining attack signature | |
| CN105577706B (en) | A kind of network security protection system and method | |
| CN107342789A (en) | A kind of group-net communication method of cable anti-theft monitoring system | |
| CN101854357B (en) | Method and system for monitoring network authentication | |
| CN102291253A (en) | Early warning method and early warning device for message security in network communication | |
| CN106790134A (en) | The access control method and Security Policy Server of a kind of video monitoring system | |
| CN106302539A (en) | A kind of embedded type WEB safety certifying method | |
| CN1231847C (en) | Identity authentication device and method for network equipment | |
| CN113660216A (en) | Password attack detection method, device, electronic device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20111221 |