CN104580228A - System and method for generating blacklist for access requests from network - Google Patents
System and method for generating blacklist for access requests from network Download PDFInfo
- Publication number
- CN104580228A CN104580228A CN201510021643.9A CN201510021643A CN104580228A CN 104580228 A CN104580228 A CN 104580228A CN 201510021643 A CN201510021643 A CN 201510021643A CN 104580228 A CN104580228 A CN 104580228A
- Authority
- CN
- China
- Prior art keywords
- statistics
- blacklist
- request
- access request
- load equalizer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
Abstract
Provided are a system and method for generating a blacklist for access requests from a network. The system comprises a receiving part, a generating part and a monitoring part, wherein the receiving part is used for requesting statistical results from a collector at preset request time intervals and receiving the statistical results from the collector, the statistical results provide the number of UDP messages which are accumulated in a preset statistical duration and contain predefined statistical data item combinations, and each UDP message is generated by analyzing the corresponding access request; the generating part is used for generating the blacklist of the access requests according to the received statistical results and predefined rules; the monitoring part is used for loading the blacklist to a load balancer in an asynchronous mode.
Description
Technical field
The present invention relates to the system and method that a kind of access request to carrying out automatic network produces blacklist, the access request made it possible to carrying out automatic network limits.
Background technology
Traditional load balancer (Load Balancer), as adopted the configuration of HaProxy under linux, explain for reading cookies or URL comprised in each HTTP request of automatic network, and based on these information rewriting headers, HTTP request is mail to back-end server group, make each server in back-end server group to reach the poised state of flow, resource occupation.But traditional load balancer can not carry out filtration inspection to the flow of network automatically, can not carry out current limliting to attack traffic or abandon.
In the prior art, there will be a known and realize attacking for ICMP/TCP/UDP stream carrying out protecting by detecting TCP grouping based on flow cleaning technology, to realize by retransmitting TCP/UDP grouping.This known arrangement is only effective to the grouping of TCP/UDP layer, and it attacks helpless for preventing the HTTP of OSI (OSI) the 7th layer of application layer that need decipher stream.
A kind of idea is added up, according to unit interval visit capacity as QPS carrys out limiting access request according to access URL.Statistics for a large-scale website access URL consumes a lot of internal memory usually.In general, for any one combination of data item IP address, user ID (USERID), URL(uniform resource locator) (URL) etc., need to record each timestamp of accessing (timestamp) be associated with this combination.
In the prior art, when needs calculate QPS, each time point is filtered or sequence, not only time-consuming but also consume internal memory.
Summary of the invention
The object of this invention is to provide the system and method that a kind of access request to carrying out automatic network produces blacklist, the access request made it possible to carrying out automatic network limits.
According to an aspect of the present invention, a kind of access request to carrying out automatic network is provided to produce the system of blacklist, comprise: receiving unit, described receiving unit presses predetermined request time interval to collector request statistics, and the statistics received from described collector, wherein said statistics gives the UDP message amount including the combination of predefine statistics item accumulative in predetermined statistics duration, and each UDP message produces according to the corresponding access request of parsing; Generating portion, described generating portion is according to the blacklist of received statistics and predefine generate rule access request; Monitor part, this monitoring part is loaded on load equalizer described blacklist in an asynchronous manner.
According to a further aspect in the invention, a kind of access request to carrying out automatic network is provided to produce the method for blacklist, comprise: by predetermined request time interval to collector request statistics, and the statistics received from described collector, wherein said statistics gives the UDP message amount including the combination of predefine statistics item accumulative in predetermined statistics duration, and each UDP message produces according to the corresponding access request of parsing; According to the blacklist of received statistics and predefine generate rule access request; In an asynchronous manner described blacklist is loaded on load equalizer.
According to the present invention, wherein in an asynchronous manner described blacklist is loaded on load equalizer and comprises: the request of monitoring load equalizer, when load equalizer initiates request, obtain blacklist, and blacklist is sent to described load equalizer.
According to the present invention, wherein said collector comprises the gathering machine that multiple stage is run independently of one another, and each gathering machine carries out described statistics respectively.Method of the present invention also comprises assembles machine from described multiple stage and receives statistics respectively, and produces according to the described statistics received respectively the statistics gathered.And described blacklist according to described in the statistics that gathers and described predefine generate rule.
According to method of the present invention, also comprise, utilize the configuration file of unit interval request amount threshold values and the process action be provided with for each predetermined object domain name, the unit interval visit capacity of the access request of corresponding described predefine statistics item combination is calculated according to described statistics, when this visit capacity has exceeded unit interval visit capacity threshold values corresponding to its object domain name, then set up corresponding blacklist record, this record comprises the object domain name of this access request, user name and client ip and process action accordingly, and the blacklist record produced is added into described blacklist, thus produce current blacklist.
According to the present invention, wherein said unit interval request amount is query rate QPS value per second.
Accompanying drawing explanation
Describe embodiments of the invention in detail below with reference to the accompanying drawings, wherein:
Fig. 1 is the structure chart according to the system for limiting the access request carrying out automatic network of the present invention;
Fig. 2 is the composition frame chart example that the access request to carrying out automatic network according to the present invention produces the exemplary summary device of the system of blacklist.
Embodiment
The invention provides and utilize statistical information to produce blacklist, thus to the system and method that the access request carrying out automatic network limits.
An access request, as the HTTP request from internet, comprises following data item: the object domain name (host) that this calling party will be accessed; The generic resource indications (uri) of user's request; User name (uid); Client ip address (cip) etc.
According to the present invention, provide a kind of system limited the access request carrying out automatic network, this system comprises load equalizer, collector and summary device.
Described load equalizer receives the access request from described network, received each access request is resolved to a UDP message, and UDP message is sent to collector.
Described collector is added up the UDP message received according to the combination of predefine statistics item and predefine statistics duration, and sends statistics according to the request of summary device to it.Described statistics gives the UDP message amount including the combination of described predefine statistics item accumulative in current predefine statistics duration.
Described summary device according to predetermined request time interval to described collector request statistics, receive the statistics from described collector, according to the blacklist of received statistics and predefine generate rule access request, and the request according to described load equalizer sends to described load equalizer blacklist, wherein said blacklist defines the process action to corresponding access request.
Described load equalizer determines the process action to received each access request according to current blacklist.
The system for limiting the access request carrying out automatic network according to the embodiment of the present invention is described in detail below in conjunction with specific embodiment.But should be appreciated that, specific embodiment is only for understanding spirit of the present invention and specific implementation, but the present invention is not limited to specific embodiment.
Fig. 1 illustrates that this system 100 comprises 3 modules according to the present invention for carrying out limiting the system 100 of embodiment to the access request carrying out automatic network:
Load equalizer 101,
Collector 102, and
Summary device 103.
Load equalizer 101 receives the access request of automatic network, as the HTTP request from internet, and the access request of reception is resolved to UDP message, then by UDP message transmission to collector.
UDP message can reduce the overhead of load equalizer greatly because of advantages such as its resource consumption are little, processing speed is fast.Udp protocol does not belong to connecting-type agreement, so can there is certain message dropping phenomenon.But be thisly lost within Controllable Error scope, can ignore the strong property impact of system.
Collector can comprise multiple stage and assemble machine.Multiple stage is assembled machine level and is independently expanded, and namely every platform assembles machine is independently dispose and run, and they do not affect each other and rely on.If collector disposal ability can not be satisfied the demand, can machine be increased, then dispose new gathering machine.The needs of big traffic flow can be met so preferably.
Load equalizer 101 is each UDP message transmission to selected gathering machine.Each gathering machine carries out described statistics respectively.
According to one embodiment of present invention, load equalizer 101 is used the mode of poll one by one to assemble machine to multiple stage and is sent out UDP message.Such as, first UDP bag is issued First and is assembled machine, and second gathering machine issued by second UDP bag, successively the UDP bag generated is issued each gathering machine in order.After sent UDP bag to last gathering machine, more again assemble machine transmission to First.
Every platform assembles machine according to predefine statistical rules or condition, as predefined statistics item combination, predefined statistics time interval etc., carries out statistical analysis to the UDP message received.
Gathering machine receives UDP message and resolves UDP message.The information of the HTTP access request of user is contained: the object domain name (host) of user's access, the generic resource indications (uri), user name (uid), client ip address (cip) etc. of user's request in UDP message.
Then, assemble the access request quantity of eedle to same object domain name (identical host), same source (identical uid, identical cip) and take statistics, and then the access request amount in this source can be calculated.
If the time period limited, as nearest 60 seconds or nearest 5 minutes, investigate above-mentioned statistics access request amount, so can draw this unit interval request amount of originating, as obtained QPS value by access request amount divided by the duration of this time period.QPS refers to query rate per second, is to the specific querying server criterion that handled flow is how many at the appointed time, and on the internet, the performance as the machine of domain name system server is weighed through conventional query rate per second.
Then, gathering machine sends statistics according to the request of summary device 103 to it.
At regular intervals, such as, every 10 seconds, to collector request once " statistics ", this request such as sends request with HTTP form to summary device 103.
After each gathering machine of collector receives the request from summary device 103, then current statistics is configured to response message, such as the response message of HTTP form, and the response message comprising current statistic result is issued summary device 103.
Summary device 103 receives the response message from each gathering machine, according to the statistics that specific classification process comprises from the message that all gathering machines receive, produces the statistic analysis result gathered, and according to predefine generate rule blacklist.
According to one embodiment of present invention, a blacklist record in blacklist comprises 4 parameters:
Object domain name (host),
Source user name (uid),
Source client ip (cip), and
Process action (action).
The implication of this record can be regarded as, for the request sending to this object domain name (host), if user name and client ip are equal to value (source user name, source client ip) corresponding in this record, then take corresponding process action.Process action case is tackled this request in this way or is redirected or time delay.When object domain name, user name, the client ip address of the object domain name of an access request, user name, client ip address and a blacklist record, then this access request is claimed to mate blacklist.
Unit interval request amount threshold values for specific purposes domain name and process action are set in the configuration file of summary device 103.
Summary device 103 judges according to the tabulate statistics result having certain statistics item and combine this access request, when unit interval visit capacity (QPS) value of this access request has exceeded unit interval visit capacity threshold values corresponding to its object domain name, then produce corresponding blacklist record, this record comprises object domain name, user name and the client ip of this request and processes action accordingly.The blacklist record produced is added into blacklist, thus produces current blacklist.
In addition, in summary device 103, a white list is also safeguarded.White list can have the same structure of blacklist, but white list realizes a kind of priority treatment strategy, and to the access request of coupling white list, process action is let pass without exception, namely this access request is mail to its object back-end server (host).
Summary device 103 by blacklist and predefined white list Asynchronous loading to load equalizer 101.According to one embodiment of present invention, the monitoring part of summary device 103 is used for providing blacklist list to load equalizer 101.When 101 initiate request, monitoring part obtains blacklist, and blacklist is sent to load equalizer 101 together with white list.
Load equalizer 101 is the actual executors of " process action " in blacklist.
Certainly, above-mentioned white list does not necessarily maintain in summary device 103, such as, can maintain in load equalizer 101.
If an access request coupling white list, the treatment principle due to load equalizer 101 is that white list is preferential, no matter therefore whether this access request mates blacklist, load equalizer 101 be let pass to the process action of this query execution.If access request does not mate white list and mate blacklist, then load equalizer 101 takes respective handling action according to the regulation of blacklist.If namely access request is not mated white list and do not mated blacklist yet, then can let pass to this access request.
According to the present invention, the blacklist that load equalizer 101 sends according to summary device 103 and white list, do following process to the access request carrying out automatic network:
When this access request coupling white list or when not mating blacklist, then this access request is let pass, and construct corresponding UDP message and issue collector, because only having this clearance flow to be only the flow being really dealt into respective rear ends server, collector will continue " statistics " that calculate this access request;
When this access request is not mated white list and mated blacklist, the process action that this access request specifies according to respective record in blacklist is operated.
The denial of service (DOS) that system and method for the present invention is suitable for solving network is attacked and distributed Denial of Service attack.Technology of the present invention is particularly suitable for the strick precaution of attacking for HTTP stream.By to the analysis of customer flow and statistics, find the attack traffic that meets pattern matching and in addition current limliting or abandon, reach the effect of protection its rear end.
The process that gathering machine performs statistics is described below in detail.
For each HTTP request carrying out automatic network, it can only be resolved to a UDP message by load equalizer 101 and transfer on a certain machine on the gathering machine cluster of collector 102.Each gathering machine according to predefined statistical condition, as according to the particular combination of the data item in UDP message such as user name userid, IP address ip and generic resource indications uri and the statistical time range of specifying, the statistics of the request number of times that conducts interviews.
To the UDP message received, gathering machine from this UDP message Extracting Information item as userid, ip, uri etc., using the given combination of these items of information (multiple combination can be there is) as statistics item, carry out (as being divided into short time period and long-time section) statistics of request number of times according to the timing statistics section duration of setting.
Conventional statistics item comprises following three kinds:
userid+ip+uri;
userid+uri;
ip+uri。
After having added up, assemble machine and generate statistics, such as, with the web page form of JSONS data format.When receiving the request of summary device 103, statistics is sent to summary device 103.
The detailed process of a gathering machine calculated flow rate statistics is as follows:
After startup statistic processes, when receiving first upd message of given statistics item, initialization is carried out to relevant variable, to the current time of this " first upd message " be received as effectively starting to calculate the moment, access times are set to 1, time started is set to this current time, and the duration is set to 0:
total_count=1;
start_time=time(NULL);
last_length=0;
In follow-up statistical computation, last_length be from calculate the duration of moment start_time to the duration of current time current_time.
For the message of this statistics item of receipt of subsequent, according to the relation of the time of reception of this message and the timing statistics section of setting, the calculating of access times is divided into three kinds of situations:
(1) when 330 receiving between when dropping in first timing statistics section, access times increase 1 on former basis, duration is that current time (supposes that the timing statistics section duration set is set to 60 seconds with the difference of effectively starting the clock, so just there are 60 timing statistics sections in one hour, are somebody's turn to do the time that " first timing statistics section " can be considered to some 60 seconds).
(2) when 330 receiving between drop on described first timing statistics section after between isometric second timing statistics section time, effectively start the clock by record again.To the last point of time as new timing statistics section be accepted, the corresponding starting point moment is designated as and effectively starts the clock.Access times are now the access times in new timing statistics section, computational methods are first calculate the QPS in former timing statistics section, QPS is multiplied by the time of new timing statistics section Central Plains timing statistics section part, then increases 1, the duration is timing statistics section duration.
(3) when 330 receiving between drop on second timing statistics section after time, current time of reception will be decided to be effectively starts the clock, and access times are re-set as 1, and the duration is 0, is equal to initialization, recalculates flow.
Be 60 seconds to set timing statistics section, respective algorithms false code is as follows:
diff=current_time-start_time;
If (diff<60*X) # when 330 receiving between when dropping in first timing statistics section
total_count++;last_length=diff;
Else if (diff>2*60*X) # when 330 receiving between drop on second timing statistics section after
total_count=1;
start_time=current_time;
last_length=0;
Else{# when 330 receiving between drop within second timing statistics section
start_time=current_time-60*x;
total_count=total_count–total_count/60/X*(diff-60*X)+1;
last_length=60*X;
}
About the setting of timing statistics, short time period statistics and long-time section two kinds can be set to.Short time period statistics is attacked soon for taking precautions against dos, and namely a large amount of in short time connection request impacts server, and all available resources are all consumed totally, and final computer cannot the request of reprocessing validated user.And long-time section statistics is attacked slowly for taking precautions against dos.
According to the present invention, providing a kind of access request to carrying out automatic network to produce the system of blacklist, comprising:
Receiving unit, described receiving unit presses predetermined request time interval to collector request statistics, and the statistics received from described collector, wherein said statistics gives the UDP message amount including the combination of predefine statistics item accumulative in predetermined statistics duration, and each UDP message produces according to the corresponding access request of parsing;
Generating portion, described generating portion is according to the blacklist of received statistics and predefine generate rule access request;
Monitor part, this monitoring part is loaded on load equalizer described blacklist in an asynchronous manner.
The tabulate statistics process of summary device 103 and the generation of blacklist is described in detail below in conjunction with specific embodiment.But should be appreciated that, specific embodiment is only for understanding spirit of the present invention and specific implementation, but the present invention is not limited to specific embodiment.
Summary device 103 reads the request number of times statistics of all gathering machines according to specific classification, tabulate statistics result, according to predefine strategy generating blacklist list, and blacklist Asynchronous loading to load equalizer 101.
The formation of summary device 103 and specific works principle are as shown in Figure 2.
Summary device 103 comprises receiving unit 1031, generating portion 1032, monitors part 1033, configuration file 1036 and database 1037.
Receiving unit 1031 is for receiving statistics from collector 102, generating portion 1032 carries out gathering and producing blacklist according to the statistics received, monitor part 1033 and send blacklist according to the request of load equalizer 101 to it, be provided with the unit interval request amount threshold values for each predetermined object domain name and process action in configuration file 1036, database 1037 stores the data that generating portion 1032 produces.
According to embodiments of the invention, receiving unit 1031 can be every platform gathering machine and creates a receiving thread, and receiving thread at regular intervals (as a minute) assembles from every platform the statistics that machine Web page exports the number of request read for the combination of different pieces of information item.Statistics is such as the data of JSONSG form.
The generating portion 1032 of summary device 103 gathers the data pin of assembling machine reception from multiple stage to predetermined data statistics item.
Different statistics item combinations such as can comprise the following combination of these three data item of userid, ip, uri: userid+ip+uri, ip+uri, userid+uri.
This can be stored in corresponding hashmap respectively to the number of request of these different pieces of information items combination.Hashmap is the realization of the Map interface based on Hash table, for functions such as storing, search in computer programming.
When the number of request combined for certain statistics item exceedes predefined blacklist threshold values in configuration file, as 0.5QPS (query rate per second), userid or ip is just added in blacklist list, thus produces current blacklist.
According to an embodiment, the warehouse-in thread in generating portion 1032 by the combined data in hashmap stored in database 1037.
According to embodiments of the invention, in order to not lock to the hashmap shared between warehouse-in thread and receiving thread, use two hashmap.
In addition, the monitor terminal 200 of system directly can obtain the data of database 1037, not by summary device 103.
The monitoring part 1033 of summary device 103 provides blacklist list for giving load equalizer 101.When load equalizer 101 initiates request, monitor part 1033 and obtain blacklist, and blacklist is sent to load equalizer 101 together with white list.
According to one embodiment of present invention, the pattern that summary device 103 can adopt principal and subordinate's two-server to work together, one is that master server is as normal Work machine, one is as data backup machine from server, after master server breaks down, the all working of master server can be taken over from server, thus the high reliability of the system of guarantee.
Although describe the present invention with specific embodiment by reference to the accompanying drawings.But the embodiment in drawing and description is only example of the present invention, instead of for limiting the present invention.Scope of the present invention is limited by claims.
Claims (10)
1. the access request carrying out automatic network is produced to a system for blacklist, comprising:
Receiving unit, described receiving unit presses predetermined request time interval to collector request statistics, and the statistics received from described collector, wherein said statistics gives the UDP message amount including the combination of predefine statistics item accumulative in predetermined statistics duration, and each UDP message produces according to the corresponding access request of parsing;
Generating portion, described generating portion is according to the blacklist of received statistics and predefine generate rule access request;
Monitor part, this monitoring part is loaded on load equalizer described blacklist in an asynchronous manner.
2. system according to claim 1, wherein said monitoring part monitors the request of load equalizer, and when load equalizer initiates request, this monitoring part obtains blacklist, and blacklist is sent to described load equalizer.
3. system according to claim 1, wherein
Described collector comprises the gathering machine that multiple stage is run independently of one another, and each gathering machine carries out described statistics respectively,
Described receiving unit comprises recipient corresponding with each gathering machine respectively, receives statistics respectively for assembling machine from described multiple stage,
Described generating portion produces according to the described statistics received respectively the statistics gathered, and
Described blacklist according to described in the statistics that gathers and described predefine generate rule.
4. system according to claim 1, also comprises configuration file, is wherein provided with the unit interval request amount threshold values for each predetermined object domain name and process action,
Described generating portion calculates the unit interval visit capacity of the access request of corresponding described predefine statistics item combination according to described statistics, when this visit capacity has exceeded unit interval visit capacity threshold values corresponding to its object domain name, then set up corresponding blacklist record, this record comprises object domain name, user name and the client ip of this access request and processes action accordingly, and the blacklist record produced is added into described blacklist, thus produces current blacklist.
5. system according to claim 4, wherein said unit interval request amount is query rate QPS value per second.
6. the access request carrying out automatic network is produced to a method for blacklist, comprising:
By predetermined request time interval to collector request statistics, and the statistics received from described collector, wherein said statistics gives the UDP message amount including the combination of predefine statistics item accumulative in predetermined statistics duration, and each UDP message produces according to the corresponding access request of parsing;
According to the blacklist of received statistics and predefine generate rule access request;
In an asynchronous manner described blacklist is loaded on load equalizer.
7. method according to claim 6, is wherein loaded on load equalizer described blacklist in an asynchronous manner and comprises:
Monitor the request of load equalizer,
When load equalizer initiates request, obtain blacklist, and blacklist is sent to described load equalizer.
8. method according to claim 6, wherein said collector comprises the gathering machine that multiple stage is run independently of one another, and each gathering machine carries out described statistics respectively,
Described method also comprises assembles machine from described multiple stage and receives statistics respectively, and produces according to the described statistics received respectively the statistics gathered, and
Wherein, described blacklist according to described in the statistics that gathers and described predefine generate rule.
9. method according to claim 6, also comprise, utilize the configuration file of unit interval request amount threshold values and the process action be provided with for each predetermined object domain name, the unit interval visit capacity of the access request of corresponding described predefine statistics item combination is calculated according to described statistics, when this visit capacity has exceeded unit interval visit capacity threshold values corresponding to its object domain name, then set up corresponding blacklist record, this record comprises the object domain name of this access request, user name and client ip and process action accordingly, and the blacklist record produced is added into described blacklist, thus produce current blacklist.
10. system according to claim 9, wherein said unit interval request amount is query rate QPS value per second.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510021643.9A CN104580228A (en) | 2015-01-16 | 2015-01-16 | System and method for generating blacklist for access requests from network |
| HK15105141.0A HK1204728A1 (en) | 2015-01-16 | 2015-05-29 | System and method for generating blacklist of requests to access from network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510021643.9A CN104580228A (en) | 2015-01-16 | 2015-01-16 | System and method for generating blacklist for access requests from network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104580228A true CN104580228A (en) | 2015-04-29 |
Family
ID=53095408
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510021643.9A Pending CN104580228A (en) | 2015-01-16 | 2015-01-16 | System and method for generating blacklist for access requests from network |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN104580228A (en) |
| HK (1) | HK1204728A1 (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016110273A1 (en) * | 2015-01-09 | 2016-07-14 | 北京京东尚科信息技术有限公司 | System and method for limiting access request |
| CN106484864A (en) * | 2016-10-11 | 2017-03-08 | 合肥思盟信息科技有限公司 | A kind of enterprise information management platform based on wap technology |
| CN106776973A (en) * | 2016-12-05 | 2017-05-31 | 深圳前海微众银行股份有限公司 | Blacklist data generation method and device |
| CN107454120A (en) * | 2016-05-30 | 2017-12-08 | 北京京东尚科信息技术有限公司 | The method of network attack defending system and defending against network attacks |
| CN108259425A (en) * | 2016-12-28 | 2018-07-06 | 阿里巴巴集团控股有限公司 | The determining method, apparatus and server of query-attack |
| CN114928476A (en) * | 2022-04-27 | 2022-08-19 | 北京天融信网络安全技术有限公司 | Target file security detection method and detection device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101437030A (en) * | 2008-11-29 | 2009-05-20 | 成都市华为赛门铁克科技有限公司 | Method for preventing server from being attacked, detection device and monitoring device |
| CN102769549A (en) * | 2011-05-05 | 2012-11-07 | 腾讯科技(深圳)有限公司 | Network security monitoring method and device |
| CN103491053A (en) * | 2012-06-08 | 2014-01-01 | 北京百度网讯科技有限公司 | UDP load balancing method, UDP load balancing system and UDP load balancing device |
| CN104579841A (en) * | 2015-01-09 | 2015-04-29 | 北京京东尚科信息技术有限公司 | System for generating statistical result for specific statistic data items according to received UDP messages |
| CN104580216A (en) * | 2015-01-09 | 2015-04-29 | 北京京东尚科信息技术有限公司 | System and method for limiting access requests |
-
2015
- 2015-01-16 CN CN201510021643.9A patent/CN104580228A/en active Pending
- 2015-05-29 HK HK15105141.0A patent/HK1204728A1/en unknown
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101437030A (en) * | 2008-11-29 | 2009-05-20 | 成都市华为赛门铁克科技有限公司 | Method for preventing server from being attacked, detection device and monitoring device |
| CN102769549A (en) * | 2011-05-05 | 2012-11-07 | 腾讯科技(深圳)有限公司 | Network security monitoring method and device |
| CN103491053A (en) * | 2012-06-08 | 2014-01-01 | 北京百度网讯科技有限公司 | UDP load balancing method, UDP load balancing system and UDP load balancing device |
| CN104579841A (en) * | 2015-01-09 | 2015-04-29 | 北京京东尚科信息技术有限公司 | System for generating statistical result for specific statistic data items according to received UDP messages |
| CN104580216A (en) * | 2015-01-09 | 2015-04-29 | 北京京东尚科信息技术有限公司 | System and method for limiting access requests |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016110273A1 (en) * | 2015-01-09 | 2016-07-14 | 北京京东尚科信息技术有限公司 | System and method for limiting access request |
| US10735501B2 (en) | 2015-01-09 | 2020-08-04 | Beijing Jingdong Shangke Information Technology Co., Ltd. | System and method for limiting access request |
| CN107454120A (en) * | 2016-05-30 | 2017-12-08 | 北京京东尚科信息技术有限公司 | The method of network attack defending system and defending against network attacks |
| CN106484864A (en) * | 2016-10-11 | 2017-03-08 | 合肥思盟信息科技有限公司 | A kind of enterprise information management platform based on wap technology |
| CN106776973A (en) * | 2016-12-05 | 2017-05-31 | 深圳前海微众银行股份有限公司 | Blacklist data generation method and device |
| CN106776973B (en) * | 2016-12-05 | 2020-10-30 | 深圳前海微众银行股份有限公司 | Blacklist data generation method and apparatus |
| CN108259425A (en) * | 2016-12-28 | 2018-07-06 | 阿里巴巴集团控股有限公司 | The determining method, apparatus and server of query-attack |
| CN114928476A (en) * | 2022-04-27 | 2022-08-19 | 北京天融信网络安全技术有限公司 | Target file security detection method and detection device |
Also Published As
| Publication number | Publication date |
|---|---|
| HK1204728A1 (en) | 2015-11-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104580216A (en) | System and method for limiting access requests | |
| US10257224B2 (en) | Method and apparatus for providing forensic visibility into systems and networks | |
| CN104580228A (en) | System and method for generating blacklist for access requests from network | |
| US11122067B2 (en) | Methods for detecting and mitigating malicious network behavior and devices thereof | |
| CN108881448B (en) | API request processing method and device | |
| JP2018513592A (en) | Behavior analysis based DNS tunneling detection and classification framework for network security | |
| KR101312905B1 (en) | Network amplification attack mitigation | |
| TW201824047A (en) | Attack request determination method, apparatus and server | |
| EP3633948B1 (en) | Anti-attack method and device for server | |
| JP2008507010A (en) | Server state estimation in stateless communication protocol | |
| CN101460983A (en) | Malicious attack detection system and an associated method of use | |
| CN103916379B (en) | A kind of CC attack recognition method and system based on high frequency statistics | |
| CN112632129B (en) | Code stream data management method, device and storage medium | |
| CN102624750A (en) | Method and system for resisting domain name system (DNS) recursion attack | |
| CN112929376A (en) | Flow data processing method and device, computer equipment and storage medium | |
| CN114640504A (en) | CC attack protection method, device, equipment and storage medium | |
| CN104579841A (en) | System for generating statistical result for specific statistic data items according to received UDP messages | |
| CN108809678A (en) | A kind of method and server of information push | |
| RU2647616C1 (en) | Method of detecting brute force attack on web service | |
| Shomura et al. | Analyzing the number of varieties in frequently found flows | |
| CN113987478A (en) | Method and system for detecting and protecting CC attack based on nginx server | |
| CN109951426A (en) | Abnormal domain name determines method, abnormal flow processing method, apparatus and system | |
| CN108347447B (en) | P2P botnet detection method and system based on periodic communication behavior analysis | |
| CN112134947A (en) | Internet service business data platform | |
| Chouhan et al. | Hierarchical storage technique for maintaining hop-count to prevent ddos attack in cloud computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1204728 Country of ref document: HK |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150429 |
|
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: WD Ref document number: 1204728 Country of ref document: HK |