CN104219219A - Method, server and system for handling data - Google Patents
Method, server and system for handling data Download PDFInfo
- Publication number
- CN104219219A CN104219219A CN201310282382.7A CN201310282382A CN104219219A CN 104219219 A CN104219219 A CN 104219219A CN 201310282382 A CN201310282382 A CN 201310282382A CN 104219219 A CN104219219 A CN 104219219A
- Authority
- CN
- China
- Prior art keywords
- network address
- interception
- user side
- asked
- condition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a method for handling data. The method includes counting interception quantities of web addresses requested by user sides; determining certain web addresses among the intercepted web addresses when the interception quantities meet preset exception conditions; triggering stopping of interception on the web addresses which meet interception stopping conditions. The certain web addresses meet the interception stopping conditions. An embodiment of the invention further provides a corresponding server and a corresponding system. According to the technical scheme, the method, the server and the system have the advantages that exception can be timely and efficiently processed by the aid of the method, the server and the system, the exception handling efficiency can be improved, and accordingly the service quality of the server can be improved.
Description
Technical field
The present invention relates to Internet technical field, be specifically related to a kind of method of data processing, server and system.
Background technology
The fast development of Internet technology brings increasing facility to people's life.People can be shared easily by the Internet and download all kinds of data, obtain all kinds of important information, on-line payment bill etc.Meanwhile, the security situation of the Internet also allows of no optimist, and all kinds of trojan horse normal file that disguises oneself as is propagated wantonly, and fishing website imitates normal website and steals user account number password.
Cloud server of the prior art can be tackled malice network address, and when user side accesses certain malice network address, cloud server can push interception page prompts user.But cloud server also there will be the situation of wrong report sometimes, normal network address is considered as malice network address and tackles, bring puzzlement to user.So cloud server is in operation process, lower rate of false alarm should be ensured.
When extensive wrong report occurs, should Timeliness coverage and process, drop to minimum by reporting the negative effect brought by mistake.
To in the research and practice process of prior art, the present inventor finds, prior art adopts the method for manual analysis usually for wrong report, website complaint such as by collecting user is fed back or is randomly drawed and is blocked website inspection, because the level professional technology of operation personnel limits, can not ensure the timely and effective exception finding service, cause abnormal treatment effeciency low, the service quality of server is low.
Summary of the invention
The embodiment of the present invention provides a kind of method of data processing, can timely and effective process abnormal, improve the efficiency of abnormality processing, thus improve the service quality of server.The embodiment of the present invention additionally provides corresponding server and system.
First aspect present invention provides a kind of method of data processing, comprising:
The interception quantity of statistics to the network address that user side is asked;
When described interception quantity meets default exceptional condition, determine in the network address be blocked, to meet the network address stopping interception condition;
Trigger and stop the described interception meeting the network address stopping interception condition.
In conjunction with first aspect, in the implementation that the first is possible, describedly determine to meet in the network address be blocked the network address stopping interception condition, comprising:
Determine that in the network address be blocked, abnormal quantity is more than the network address of the first preset threshold value;
Corresponding, described triggering stops, to the described interception meeting the network address stopping interception condition, comprising:
Trigger and stop the interception of described abnormal quantity more than the network address of the first preset threshold value.
In conjunction with first aspect, in the implementation that the second is possible, describedly determine to meet in the network address be blocked the network address stopping interception condition, comprising:
Be blocked described in determining in network address and belong to same global unique identification symbol, and the quantity of the network address of described same global unique identification symbol correspondence is more than the second preset threshold value network address;
Corresponding, described triggering stops, to the described interception meeting the network address stopping interception condition, comprising:
Trigger the interception stopped network address corresponding to described same global unique identification symbol.
In conjunction with first aspect, in the implementation that the third is possible, describedly determine to meet in the network address be blocked the network address stopping interception condition, comprising:
Be blocked in network address the interconnection agreement IP belonged between consolidated network described in determining, and the quantity of network address corresponding to described same IP is more than the 3rd preset threshold value network address;
Corresponding, described triggering stops, to the described interception meeting the network address stopping interception condition, comprising:
Trigger the interception stopped network address corresponding to described same IP.
In conjunction with first aspect, first aspect the first to any one in the third possible implementation, in the 4th kind of possible implementation, described statistics, to the interception quantity of the network address that user side is asked, comprising:
Analyze the response message returning to described user side, in described response message, carry the interception indication information of server to the network address that described user side is asked;
According to described interception indication information, add up the interception quantity to the network address that user side is asked.
In conjunction with first aspect, first aspect the first to any one in the third possible implementation, in the 5th kind of possible implementation, described stopping to described meet the step of the interception of the network address stopping interception condition after, also comprise:
Continue the interception quantity to the network address that described user side is asked in statistics preset time.
In conjunction with first aspect the 5th kind of possible implementation, in the 6th kind of possible implementation, described method also comprises:
When in described preset time described default exceptional condition is not met to the interception quantity of the network address that described user side is asked time, trigger the network address meeting described in interception and stop interception condition.
In conjunction with first aspect the 5th kind of possible implementation, in the 7th kind of possible implementation, described method also comprises:
When in described preset time described default exceptional condition is met to the interception quantity of the network address that described user side is asked time, trigger start network address monitoring pattern for subsequent use the network address that described user side is asked is monitored.
Second aspect present invention provides a kind of server, comprising:
Statistic unit, for adding up the interception quantity to the network address that user side is asked;
Determining unit, for when the interception quantity of described statistic unit statistics meets default exceptional condition, determines to meet the network address stopping interception condition in the network address be blocked;
Trigger element, for triggering the interception meeting the network address stopping interception condition stopping determining described determining unit.
In conjunction with second aspect, in the implementation that the first is possible,
Described determining unit, for determining that in the network address that is blocked, abnormal quantity is more than the network address of the first preset threshold value;
Described trigger element, for triggering the interception more than the network address of the first preset threshold value of the abnormal quantity that stops determining described determining unit.
In conjunction with second aspect, in the implementation that the second is possible,
Described determining unit, belongs to same global unique identification symbol for being blocked in network address described in determining, and the quantity of network address corresponding to described same global unique identification symbol is more than the second preset threshold value network address;
Described trigger element, for triggering the interception of the network address stopped the same global unique identification symbol correspondence that described determining unit is determined.
In conjunction with second aspect, in the implementation that the third is possible,
Described determining unit, is blocked in network address the interconnection agreement IP belonged between consolidated network described in determining, and the quantity of network address corresponding to described same IP is more than the 3rd preset threshold value network address;
Described trigger element, for triggering the interception of network address corresponding to the same IP that stops determining described determining unit.
In conjunction with second aspect, second aspect the first to any one in the third possible implementation, in the 4th kind of possible implementation,
Described statistic unit, for analyzing the response message returning to described user side, carries the interception indication information of server to the network address that described user side is asked in described response message; According to described interception indication information, add up the interception quantity to the network address that user side is asked.
In conjunction with second aspect, second aspect the first to any one in the third possible implementation, in the 5th kind of possible implementation,
Described statistic unit, also for the interception quantity to the network address that described user side is asked in lasting statistics preset time.
In conjunction with second aspect the 5th kind of possible implementation, in the 6th kind of possible implementation,
Described trigger element, also for when described statistic unit statistics in described preset time described default exceptional condition is not met to the interception quantity of the network address that described user side is asked time, meet the network address stopping interception condition described in interception.
In conjunction with second aspect the 5th kind of possible implementation, in the 7th kind of possible implementation,
Described trigger element, also for when described statistic unit statistics in described preset time described default exceptional condition is met to the interception quantity of the network address that described user side is asked time, trigger and start network address monitoring pattern for subsequent use the network address that described user side is asked is monitored.
Third aspect present invention provides a kind of data handling system, comprising: server and at least one user side,
Described server is the server described in technique scheme.
The embodiment of the present invention adopts the interception quantity of statistics to the network address that user side is asked; When described interception quantity meets default exceptional condition, determine in the network address be blocked, to meet the network address stopping interception condition; Trigger and stop the described interception meeting the network address stopping interception condition.With need in prior art manual analysis abnormal compared with, the method for the data processing that the embodiment of the present invention provides, can when occurring abnormal, and timely and effective process is abnormal, improves the efficiency of abnormality processing, thus improves the service quality of server.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme in the embodiment of the present invention, below the accompanying drawing used required in describing embodiment is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those skilled in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is an embodiment schematic diagram of the method for data processing in the embodiment of the present invention;
Fig. 2 is an embodiment schematic diagram of server in the embodiment of the present invention;
Fig. 3 is another embodiment schematic diagram of server in the embodiment of the present invention;
Fig. 4 is another embodiment schematic diagram of server in the embodiment of the present invention;
Fig. 5 is another embodiment schematic diagram of server in the embodiment of the present invention;
Fig. 6 is an embodiment schematic diagram of data handling system in the embodiment of the present invention.
Embodiment
The embodiment of the present invention provides a kind of method of data processing, can timely and effective process abnormal, improve the efficiency of abnormality processing, thus improve the service quality of server.The embodiment of the present invention additionally provides corresponding server and system.Below be described in detail respectively.
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those skilled in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
Consult Fig. 1, an embodiment of the method for the data processing that the embodiment of the present invention provides comprises:
101, the interception quantity to the network address that user side is asked is added up.
User side is after server request network address, server can analyze the type of the network address that user side is asked, the type of network address comprises: the unknown, safety, extension horse, fishing or pornographic etc., when network address type for hang horse, fishing or pornographic time, server will tackle this network address.
When to specific unified locating resource symbol (Uniform Resource Locator, URL) malice large-scale popularization, or during certain user side of assault, the quantity of the network address be blocked can be caused suddenly to rise.URL is also web page address, is called for short network address.
102, when described interception quantity meets default exceptional condition, determine in the network address be blocked, to meet the network address stopping interception condition.
When there being a large amount of network address to be blocked, illustrate in network have exception, default exceptional condition can be: the quantity of the network address be blocked exceedes default threshold value, or interception quantity per minute compares the threshold value that one minute increment exceedes threshold value.
The network address be normally blocked may be had in the network address be blocked, also the network address of original safety may be had, be blocked by mistake, if promote due to malice or attacked the network address causing original safety, be taken as unsafe network address to tackle by mistake, the frequency of occurrences of this network address will be very high, can for being blocked the network address that in network address, quantity is the highest so meet the network address stopping interception condition, or rank is in the network address of top.
103, stopping is triggered to the described interception meeting the network address stopping interception condition.
When determining that the network address of some safety is due to after network reason tackled by mistake, can trigger and stop the described interception meeting the network address stopping interception condition, like this, the network address of request would not be caused all to can not get the puzzlement responded to user.
The embodiment of the present invention adopts the interception quantity of statistics to the network address that user side is asked; When described interception quantity meets default exceptional condition, determine in the network address be blocked, to meet the network address stopping interception condition; Trigger and stop the described interception meeting the network address stopping interception condition.With need in prior art manual analysis abnormal compared with, the method for the data processing that the embodiment of the present invention provides, can when occurring abnormal, and timely and effective process is abnormal, improves the efficiency of abnormality processing, thus improves the service quality of server.
Alternatively, on the basis of embodiment corresponding to above-mentioned Fig. 1, in another embodiment of the method for the data processing that the embodiment of the present invention provides, describedly determine in the network address be blocked, to meet the network address stopping interception condition, can comprise:
Determine that in the network address be blocked, abnormal quantity is more than the network address of the first preset threshold value;
Corresponding, described triggering stops, to the described interception meeting the network address stopping interception condition, can comprising:
Trigger and stop the interception of described abnormal quantity more than the network address of the first preset threshold value.
In the embodiment of the present invention, the abnormal quantity of statistics be commonly referred to as per minute in quantity, the network address stopping of abnormal quantity more than the first preset threshold value, more than the first preset threshold value, just can be tackled by the abnormal quantity in per minute.First preset threshold value can be 50 or 100, does not limit concrete quantity.
Alternatively, on the basis of embodiment corresponding to above-mentioned Fig. 1, in another embodiment of the method for the data processing that the embodiment of the present invention provides, describedly determine in the network address be blocked, to meet the network address stopping interception condition, can comprise:
Be blocked described in determining in network address and belong to same global unique identification symbol, and the quantity of the network address of described same global unique identification symbol correspondence is more than the second preset threshold value network address;
Corresponding, described triggering stops, to the described interception meeting the network address stopping interception condition, can comprising:
Trigger the interception stopped network address corresponding to described same global unique identification symbol.
In the embodiment of the present invention, global unique identification symbol (Globally Unique Identifier, GUID) is for identifying and the installation of counting user end and service condition.When user side and server carry out network service, the GUID of self incidentally can be gone up.When hacker deliberately attacks certain GUID, the user side of this GUID network address of asking possibly serviced device is tackled in a large number, like this, determining that the quantity of the network address that same GUID is corresponding is more than the second preset threshold value network address, just can trigger the interception stopped network address corresponding to described same global unique identification symbol.Second preset threshold value is a numerical value, does not limit the occurrence of this numerical value.
Alternatively, on the basis of embodiment corresponding to above-mentioned Fig. 1, in another embodiment of the method for the data processing that the embodiment of the present invention provides, describedly determine in the network address be blocked, to meet the network address stopping interception condition, can comprise:
Be blocked in network address the interconnection agreement IP belonged between consolidated network described in determining, and the quantity of network address corresponding to described same IP is more than the 3rd preset threshold value network address;
Corresponding, described triggering stops, to the described interception meeting the network address stopping interception condition, can comprising:
Trigger the interception stopped network address corresponding to described same IP.
In the embodiment of the present invention, hacker deliberately may attack interconnection agreement (the Internet Protocol between certain network, IP), like this, the quantity of the network address that this IP is corresponding will rise at short notice, when more than the 3rd preset threshold value, just can trigger the interception stopped network address corresponding to described same IP.3rd preset threshold value is a numerical value, does not limit the occurrence of this numerical value.
Alternatively, on the basis of embodiment corresponding to above-mentioned Fig. 1 and embodiment corresponding to Fig. 1, in another embodiment of the method for the data processing that the embodiment of the present invention provides, described statistics, to the interception quantity of the network address that user side is asked, can comprise:
Analyze the response message returning to described user side, in described response message, carry the interception indication information of server to the network address that described user side is asked;
According to described interception indication information, add up the interception quantity to the network address that user side is asked.
In the embodiment of the present invention, when user side sends website address request to server, can carry GUID and URL two parameters, server returns in the response message of user side and usually can carry GUID, URL, the type of network address, parameter such as interception indication information, IP etc.Wherein, the type of network address comprises: the unknown, safety, extension horse, fishing or pornographic etc.Whether interception indication information is used to indicate will tackle the network address of carrying in this response message, and interception can represent with 0, does not tackle and can represent with 1.Like this, server can be blocked the quantity of network address according to this interception indication information statistics.
Alternatively, on the basis of embodiment corresponding to above-mentioned Fig. 1 and embodiment corresponding to Fig. 1, in another embodiment of the method for the data processing that the embodiment of the present invention provides, described stopping to described meet the step of the interception of the network address stopping interception condition after, can also comprise:
Continue the interception quantity to the network address that described user side is asked in statistics preset time.
In the embodiment of the present invention, after the situation that the method process interception amount according to above-described embodiment rises suddenly, can continue to add up the interception quantity to the network address that described user side is asked in preset time.Preset time can be 3 minutes, 5 minutes or other times, does not limit concrete numerical value.
Alternatively, on the basis of a upper embodiment, in another embodiment of the method for the data processing that the embodiment of the present invention provides, described method can also comprise:
When in described preset time described default exceptional condition is not met to the interception quantity of the network address that described user side is asked time, trigger the network address meeting described in interception and stop interception condition.
In the embodiment of the present invention, when tackling quantity and not meeting described default exceptional condition, illustrate that unexpected abnormality disappears, server returns to normal level, for the network address stopping before tackling, can trigger and normally tackle.
Alternatively, on the basis of upper two embodiments, in another embodiment of the method for the data processing that the embodiment of the present invention provides, described method can also comprise:
When in described preset time described default exceptional condition is met to the interception quantity of the network address that described user side is asked time, trigger start network address monitoring pattern for subsequent use the network address that described user side is asked is monitored.
In the embodiment of the present invention, when tackling quantity and also meet described default exceptional condition always, specification exception does not disappear, there is larger problem in current network address monitoring pattern, need to start network address monitoring pattern for subsequent use to monitor the network address that described user side is asked, to provide safe network address to user.
For the ease of understanding, below for an application scenarios, the process of data processing in the embodiment of the present invention is described:
Server real time record and statistics return to the response message of user side, are blocked the interception quantity of network address according to the interception indication information statistics in this response message.When the interception amount to network address per minute meets preset exceptional condition, comparative analysis current abnormal time this minute in response sets { GUID, URL, type, action, IP} and previously normal time (such as, before 20 minutes) response sets { GUID, URL of a certain minute, type, action, IP}, generates the URL table of similar example below, GUID table and IP table from big to small according to interception amount ascending amount:
Table 1:URL table
Visible, URL_1 interception amount per minute when certain abnormal generation rises suddenly 180 times.
Table 2:GUID table
Visible, certain client GUID_1 interception amount per minute when certain abnormal generation rises suddenly 495 times.
Table 3:IP table
Visible, the interception amount per minute when certain abnormal generation of the client under certain specific IP rises suddenly 1000 times.
From table 1, table 2 and table 3, determine that the response action of front Top3 is without exception for allowing accessed web page, namely for specific URL, GUID and IP client are no longer tackled respectively above.
Continue to monitor the curve condition of a period of time below, such as, for the data after 3 minutes, have two kinds may:
A). return to previous normal level.This illustrates the overall also no exceptions of server, curve fluctuation is only because specific URL is promoted (by immediate communication tool, note, spam etc.) by a large amount of malice, or hacker sends a large amount of inquiry request to malicious websites by the client of forging specific GUID at particular ip address.In this case can recover the URL to Top 3, the default user end response action of the IP of GUID and Top 3 of Top 3, and continue the interception quantity of the network address that counting user end is asked.
B). still meet exceptional condition.This illustrates that extensive wrong report may appear in server itself.Need to stop the use to current network address monitoring pattern, the safe network address monitoring pattern starting preparation is monitored network address.
Consult Fig. 2, an embodiment of the server 20 that the embodiment of the present invention provides comprises:
Statistic unit 201, for adding up the interception quantity to the network address that user side is asked;
Determining unit 202, for when the interception quantity that described statistic unit 201 is added up meets default exceptional condition, determines to meet the network address stopping interception condition in the network address be blocked;
Trigger element 203, for triggering the interception meeting the network address stopping interception condition stopping determining described determining unit 202.
In the embodiment of the present invention, statistic unit 201 adds up the interception quantity to the network address that user side is asked; Determining unit 202, when the interception quantity that described statistic unit 201 is added up meets default exceptional condition, is determined to meet the network address stopping interception condition in the network address be blocked; Trigger element 203 triggers the interception meeting the network address stopping interception condition stopping determining described determining unit 202.With need in prior art manual analysis abnormal compared with, the server that the embodiment of the present invention provides, can when occurring abnormal, and timely and effective process is abnormal, improves the efficiency of abnormality processing, thus improves the service quality of server.
Alternatively, on the basis of embodiment corresponding to above-mentioned Fig. 2, in another embodiment of the server that the embodiment of the present invention provides,
Described determining unit 202, for determining that in the network address that is blocked, abnormal quantity is more than the network address of the first preset threshold value;
Described trigger element 203, for triggering the interception more than the network address of the first preset threshold value of the abnormal quantity that stops determining described determining unit 202.
Alternatively, on the basis of embodiment corresponding to above-mentioned Fig. 2, in another embodiment of the server that the embodiment of the present invention provides,
Described determining unit 202, belongs to same global unique identification symbol for being blocked in network address described in determining, and the quantity of network address corresponding to described same global unique identification symbol is more than the second preset threshold value network address;
Described trigger element 203, for triggering the interception of the network address stopped the same global unique identification symbol correspondence that described determining unit 202 is determined.
Alternatively, on the basis of embodiment corresponding to above-mentioned Fig. 2, in another embodiment of the server that the embodiment of the present invention provides,
Described determining unit 202, is blocked in network address the interconnection agreement IP belonged between consolidated network described in determining, and the quantity of network address corresponding to described same IP is more than the 3rd preset threshold value network address;
Described trigger element 203, for triggering the interception of network address corresponding to the same IP that stops determining described determining unit 202.
Alternatively, in embodiment corresponding to above-mentioned Fig. 2 and embodiment any embodiment basis on, in another embodiment of the server that the embodiment of the present invention provides,
Described statistic unit 201, for analyzing the response message returning to described user side, carries the interception indication information of server to the network address that described user side is asked in described response message; According to described interception indication information, add up the interception quantity to the network address that user side is asked.
Alternatively, in embodiment corresponding to above-mentioned Fig. 2 and embodiment any embodiment basis on, in another embodiment of the server that the embodiment of the present invention provides,
Described statistic unit 201, also for the interception quantity to the network address that described user side is asked in lasting statistics preset time.
Alternatively, on the basis of last embodiment, consult Fig. 3, in another embodiment of the server that the embodiment of the present invention provides,
Described trigger element 203, also for add up when described statistic unit 201 in described preset time described default exceptional condition is not met to the interception quantity of the network address that described user side is asked time, meet the network address stopping interception condition described in interception.
Alternatively, on the basis of upper two embodiments, consult Fig. 4, in another embodiment of the server that the embodiment of the present invention provides,
Described trigger element 203, also for add up when described statistic unit 201 in described preset time described default exceptional condition is met to the interception quantity of the network address that described user side is asked time, trigger and start network address monitoring pattern for subsequent use the network address that described user side is asked is monitored.
The embodiment of the present invention additionally provides a kind of computer-readable recording medium, has program stored therein in this medium, comprises the some or all of step in the method for above-mentioned data processing when this program performs.
Fig. 5 is the structural representation of embodiment of the present invention server 20.Server 20 can comprise input equipment 210, output equipment 220, processor 230 and memory 240.
Memory 240 can comprise read-only memory and random access memory, and provides instruction and data to processor 230.A part for memory 240 can also comprise nonvolatile RAM (NVRAM).
Memory 240 stores following element, executable module or data structure, or their subset, or their superset:
Operational order: comprise various operational order, for realizing various operation.
Operating system: comprise various system program, for realizing various basic business and processing hardware based task.
In embodiments of the present invention, the operational order (this operational order can store in an operating system) that processor 230 stores by calling memory 240, performs and operates as follows:
The interception quantity of statistics to the network address that user side is asked; When described interception quantity meets default exceptional condition, determine in the network address be blocked, to meet the network address stopping interception condition; Trigger and stop meeting in the interception embodiment of the present invention of the network address stopping interception condition described, server can make user side download in advance or update software, thus improves the efficiency of software upgrading.
The operation of processor 230 Control Server 20, processor 230 can also be called CPU(Central Processing Unit, CPU).Memory 240 can comprise read-only memory and random access memory, and provides instruction and data to processor 230.A part for memory 240 can also comprise nonvolatile RAM (NVRAM).In concrete application, each assembly of server 20 is coupled by bus system 250, and wherein bus system 250 is except comprising data/address bus, can also comprise power bus, control bus and status signal bus in addition etc.But for the purpose of clearly demonstrating, in the drawings various bus is all designated as bus system 250.
The method that the invention described above embodiment discloses can be applied in processor 230, or is realized by processor 230.Processor 230 may be a kind of integrated circuit (IC) chip, has the disposal ability of signal.In implementation procedure, each step of said method can be completed by the instruction of the integrated logic circuit of the hardware in processor 230 or software form.Above-mentioned processor 230 can be general processor, digital signal processor (DSP), application-specific integrated circuit (ASIC) (ASIC), ready-made programmable gate array (FPGA) or other programmable logic devices, discrete gate or transistor logic, discrete hardware components.Can realize or perform disclosed each method, step and the logic diagram in the embodiment of the present invention.The processor etc. of general processor can be microprocessor or this processor also can be any routine.Step in conjunction with the method disclosed in the embodiment of the present invention directly can be presented as that hardware decoding processor is complete, or combines complete by the hardware in decoding processor and software module.Software module can be positioned at random asccess memory, flash memory, read-only memory, in the storage medium of this area maturations such as programmable read only memory or electrically erasable programmable memory, register.This storage medium is positioned at memory 240, and processor 230 reads the information in memory 240, completes the step of said method in conjunction with its hardware.
Alternatively, processor 230 specifically can determine that in the network address be blocked, abnormal quantity is more than the network address of the first preset threshold value; Trigger and stop the interception of described abnormal quantity more than the network address of the first preset threshold value.
Alternatively, processor 230 specifically can determine described in be blocked in network address and belong to same global unique identification symbol, and the quantity of network address corresponding to described same global unique identification symbol is more than the second preset threshold value network address; Trigger the interception stopped network address corresponding to described same global unique identification symbol.
Alternatively, processor 230 specifically can determine described in be blocked in network address the interconnection agreement IP belonged between consolidated network, and the quantity of network address corresponding to described same IP is more than the 3rd preset threshold value network address; Trigger the interception stopped network address corresponding to described same IP.
Alternatively, processor 230 specifically can analyze the response message returning to described user side, carries the interception indication information of server to the network address that described user side is asked in described response message; According to described interception indication information, add up the interception quantity to the network address that user side is asked.
Alternatively, the interception quantity to the network address that described user side is asked in the concrete sustainable statistics preset time of processor 230.
Alternatively, processor 230 specifically can work as in described preset time described default exceptional condition is not met to the interception quantity of the network address that described user side is asked time, trigger the network address meeting described in interception and stop interception condition.
Alternatively, processor 230 specifically can work as in described preset time described default exceptional condition is met to the interception quantity of the network address that described user side is asked time, trigger start network address monitoring pattern for subsequent use the network address that described user side is asked is monitored.
Consult Fig. 6, an embodiment of the data handling system that the embodiment of the present invention provides comprises: server 20 and at least one user side 30,
Server 20, for adding up the interception quantity to the network address that user side is asked; When described interception quantity meets default exceptional condition, determine in the network address be blocked, to meet the network address stopping interception condition; Trigger and stop the described interception meeting the network address stopping interception condition.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is that the hardware that can carry out instruction relevant by program has come, this program can be stored in a computer-readable recording medium, and storage medium can comprise: ROM, RAM, disk or CD etc.
Above the method for the data processing that the embodiment of the present invention provides, server and system are described in detail, apply specific case herein to set forth principle of the present invention and execution mode, the explanation of above embodiment just understands method of the present invention and core concept thereof for helping; Meanwhile, for one of ordinary skill in the art, according to thought of the present invention, all will change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.
Claims (17)
1. a method for data processing, is characterized in that, comprising:
The interception quantity of statistics to the network address that user side is asked;
When described interception quantity meets default exceptional condition, determine in the network address be blocked, to meet the network address stopping interception condition;
Trigger and stop the described interception meeting the network address stopping interception condition.
2. method according to claim 1, is characterized in that, describedly determines to meet in the network address be blocked the network address stopping interception condition, comprising:
Determine that in the network address be blocked, abnormal quantity is more than the network address of the first preset threshold value;
Corresponding, described triggering stops, to the described interception meeting the network address stopping interception condition, comprising:
Trigger and stop the interception of described abnormal quantity more than the network address of the first preset threshold value.
3. method according to claim 1, is characterized in that, describedly determines to meet in the network address be blocked the network address stopping interception condition, comprising:
Be blocked described in determining in network address and belong to same global unique identification symbol, and the quantity of the network address of described same global unique identification symbol correspondence is more than the second preset threshold value network address;
Corresponding, described triggering stops, to the described interception meeting the network address stopping interception condition, comprising:
Trigger the interception stopped network address corresponding to described same global unique identification symbol.
4. method according to claim 1, is characterized in that, describedly determines to meet in the network address be blocked the network address stopping interception condition, comprising:
Be blocked in network address the interconnection agreement IP belonged between consolidated network described in determining, and the quantity of network address corresponding to described same IP is more than the 3rd preset threshold value network address;
Corresponding, described triggering stops, to the described interception meeting the network address stopping interception condition, comprising:
Trigger the interception stopped network address corresponding to described same IP.
5., according to the arbitrary described method of claim 1-4, it is characterized in that, described statistics, to the interception quantity of the network address that user side is asked, comprising:
Analyze the response message returning to described user side, in described response message, carry the interception indication information of server to the network address that described user side is asked;
According to described interception indication information, add up the interception quantity to the network address that user side is asked.
6., according to the arbitrary described method of claim 1-4, it is characterized in that, described stopping to described meet the step of the interception of the network address stopping interception condition after, also comprise:
Continue the interception quantity to the network address that described user side is asked in statistics preset time.
7. method according to claim 6, is characterized in that, described method also comprises:
When in described preset time described default exceptional condition is not met to the interception quantity of the network address that described user side is asked time, trigger the network address meeting described in interception and stop interception condition.
8. method according to claim 6, is characterized in that, described method also comprises:
When in described preset time described default exceptional condition is met to the interception quantity of the network address that described user side is asked time, trigger start network address monitoring pattern for subsequent use the network address that described user side is asked is monitored.
9. a server, is characterized in that, comprising:
Statistic unit, for adding up the interception quantity to the network address that user side is asked;
Determining unit, for when the interception quantity of described statistic unit statistics meets default exceptional condition, determines to meet the network address stopping interception condition in the network address be blocked;
Trigger element, for triggering the interception meeting the network address stopping interception condition stopping determining described determining unit.
10. server according to claim 9, is characterized in that,
Described determining unit, for determining that in the network address that is blocked, abnormal quantity is more than the network address of the first preset threshold value;
Described trigger element, for triggering the interception more than the network address of the first preset threshold value of the abnormal quantity that stops determining described determining unit.
11. servers according to claim 9, is characterized in that,
Described determining unit, belongs to same global unique identification symbol for being blocked in network address described in determining, and the quantity of network address corresponding to described same global unique identification symbol is more than the second preset threshold value network address;
Described trigger element, for triggering the interception of the network address stopped the same global unique identification symbol correspondence that described determining unit is determined.
12. servers according to claim 9, is characterized in that,
Described determining unit, is blocked in network address the interconnection agreement IP belonged between consolidated network described in determining, and the quantity of network address corresponding to described same IP is more than the 3rd preset threshold value network address;
Described trigger element, for triggering the interception of network address corresponding to the same IP that stops determining described determining unit.
13., according to the arbitrary described server of claim 9-12, is characterized in that,
Described statistic unit, for analyzing the response message returning to described user side, carries the interception indication information of server to the network address that described user side is asked in described response message; According to described interception indication information, add up the interception quantity to the network address that user side is asked.
14., according to the arbitrary described server of claim 9-12, is characterized in that,
Described statistic unit, also for the interception quantity to the network address that described user side is asked in lasting statistics preset time.
15. servers according to claim 14, is characterized in that,
Described trigger element, also for when described statistic unit statistics in described preset time described default exceptional condition is not met to the interception quantity of the network address that described user side is asked time, meet the network address stopping interception condition described in interception.
16. servers according to claim 14, is characterized in that,
Described trigger element, also for when described statistic unit statistics in described preset time described default exceptional condition is met to the interception quantity of the network address that described user side is asked time, trigger and start network address monitoring pattern for subsequent use the network address that described user side is asked is monitored.
17. 1 kinds of data handling systems, is characterized in that, comprising: server and at least one user side,
Described server is the arbitrary described server of the claims 9-16.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310282382.7A CN104219219B (en) | 2013-07-05 | 2013-07-05 | A kind of method of data processing, server and system |
| PCT/CN2014/081623 WO2015000428A1 (en) | 2013-07-05 | 2014-07-04 | Data processing method, server and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310282382.7A CN104219219B (en) | 2013-07-05 | 2013-07-05 | A kind of method of data processing, server and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104219219A true CN104219219A (en) | 2014-12-17 |
| CN104219219B CN104219219B (en) | 2018-02-27 |
Family
ID=52100355
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310282382.7A Active CN104219219B (en) | 2013-07-05 | 2013-07-05 | A kind of method of data processing, server and system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN104219219B (en) |
| WO (1) | WO2015000428A1 (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107623700A (en) * | 2017-10-25 | 2018-01-23 | 成都视达科信息技术有限公司 | A kind of method and system of fire wall |
| CN109600751A (en) * | 2018-11-19 | 2019-04-09 | 华中科技大学 | A kind of pseudo-base station detection method based on network side user data |
| CN110197374A (en) * | 2018-06-15 | 2019-09-03 | 腾讯科技(深圳)有限公司 | Transaction intercepts control method and device |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3332947A1 (en) | 2016-12-12 | 2018-06-13 | LUXeXcel Holding B.V. | Identification system for optical components |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102137059A (en) * | 2010-01-21 | 2011-07-27 | 阿里巴巴集团控股有限公司 | Method and system for blocking malicious accesses |
| CN102957699A (en) * | 2012-10-26 | 2013-03-06 | 北京奇虎科技有限公司 | Access control method and system for enterprise Intranet |
| CN103116723A (en) * | 2013-02-06 | 2013-05-22 | 北京奇虎科技有限公司 | Method, device and system of web site interception process |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011018316A1 (en) * | 2009-08-12 | 2011-02-17 | F-Secure Corporation | Web browser security |
| CN102325061B (en) * | 2011-09-16 | 2014-07-02 | 北京星网锐捷网络技术有限公司 | Network monitoring method, equipment and system |
| CN102724190B (en) * | 2012-06-11 | 2016-01-06 | 腾讯科技(深圳)有限公司 | Malice URL tackles reminding method and device |
| CN102930211B (en) * | 2012-11-07 | 2016-06-22 | 北京奇虎科技有限公司 | A kind of multi-core browser intercepts method and the multi-core browser of malice network address |
-
2013
- 2013-07-05 CN CN201310282382.7A patent/CN104219219B/en active Active
-
2014
- 2014-07-04 WO PCT/CN2014/081623 patent/WO2015000428A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102137059A (en) * | 2010-01-21 | 2011-07-27 | 阿里巴巴集团控股有限公司 | Method and system for blocking malicious accesses |
| CN102957699A (en) * | 2012-10-26 | 2013-03-06 | 北京奇虎科技有限公司 | Access control method and system for enterprise Intranet |
| CN103116723A (en) * | 2013-02-06 | 2013-05-22 | 北京奇虎科技有限公司 | Method, device and system of web site interception process |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107623700A (en) * | 2017-10-25 | 2018-01-23 | 成都视达科信息技术有限公司 | A kind of method and system of fire wall |
| CN110197374A (en) * | 2018-06-15 | 2019-09-03 | 腾讯科技(深圳)有限公司 | Transaction intercepts control method and device |
| CN110197374B (en) * | 2018-06-15 | 2024-02-20 | 腾讯科技(深圳)有限公司 | Transaction interception control method and device |
| CN109600751A (en) * | 2018-11-19 | 2019-04-09 | 华中科技大学 | A kind of pseudo-base station detection method based on network side user data |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2015000428A1 (en) | 2015-01-08 |
| CN104219219B (en) | 2018-02-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11323471B2 (en) | Advanced cybersecurity threat mitigation using cyberphysical graphs with state changes | |
| US11750659B2 (en) | Cybersecurity profiling and rating using active and passive external reconnaissance | |
| US11818169B2 (en) | Detecting and mitigating attacks using forged authentication objects within a domain | |
| US11601475B2 (en) | Rating organization cybersecurity using active and passive external reconnaissance | |
| US20220014560A1 (en) | Correlating network event anomalies using active and passive external reconnaissance to identify attack information | |
| US11968227B2 (en) | Detecting KERBEROS ticket attacks within a domain | |
| US11005824B2 (en) | Detecting and mitigating forged authentication object attacks using an advanced cyber decision platform | |
| US12041091B2 (en) | System and methods for automated internet- scale web application vulnerability scanning and enhanced security profiling | |
| US20210360032A1 (en) | Cybersecurity risk analysis and anomaly detection using active and passive external reconnaissance | |
| CN108664793B (en) | Method and device for detecting vulnerability | |
| US20210281609A1 (en) | Rating organization cybersecurity using probe-based network reconnaissance techniques | |
| CN113301012B (en) | Network threat detection method and device, electronic equipment and storage medium | |
| US20230283641A1 (en) | Dynamic cybersecurity scoring using traffic fingerprinting and risk score improvement | |
| CN111079138A (en) | Abnormal access detection method and device, electronic equipment and readable storage medium | |
| EP3655878A1 (en) | Advanced cybersecurity threat mitigation using behavioral and deep analytics | |
| CN104219219A (en) | Method, server and system for handling data | |
| CN115225531B (en) | Database firewall testing method and device, electronic equipment and medium | |
| CN109889619B (en) | Abnormal domain name monitoring method and device based on block chain | |
| CN113127855A (en) | Safety protection system and method | |
| CN111125489B (en) | Data grabbing method, device, equipment and storage medium | |
| CN118175060A (en) | Method, apparatus, device and computer readable medium for monitoring business index | |
| CN113922991A (en) | Resource monitoring method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20190801 Address after: Shenzhen Futian District City, Guangdong province 518044 Zhenxing Road, SEG Science Park 2 East Room 403 Co-patentee after: Tencent cloud computing (Beijing) limited liability company Patentee after: Tencent Technology (Shenzhen) Co., Ltd. Address before: Shenzhen Futian District City, Guangdong province 518031 Zhenxing Road, SEG Science Park 2 East Room 403 Patentee before: Tencent Technology (Shenzhen) Co., Ltd. |