CN104980421B - Batch request processing method and system - Google Patents
Batch request processing method and system Download PDFInfo
- Publication number
- CN104980421B CN104980421B CN201410545601.0A CN201410545601A CN104980421B CN 104980421 B CN104980421 B CN 104980421B CN 201410545601 A CN201410545601 A CN 201410545601A CN 104980421 B CN104980421 B CN 104980421B
- Authority
- CN
- China
- Prior art keywords
- request
- transfer protocol
- hypertext transfer
- statistical model
- statistical
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The embodiment of the invention discloses a batch request processing method, which comprises the following steps: obtaining a first hypertext transfer protocol request; selecting one statistical model from a plurality of preset and stored statistical models according to the first hypertext transfer protocol request and the host configuration information; the host configuration information comprises statistical model information corresponding to each hypertext transfer protocol request; counting the data to be counted through the selected statistical model, and identifying whether the current request behavior is a machine batch request behavior; and when the request behaviors of the machines in batches are identified, intercepting the current request behaviors. The invention also discloses a batch request processing system, which can greatly avoid the operation of increasing human-computer interaction in the service processing flow in the prior art, thereby improving the user operation experience and the efficiency of service processing, and solving the technical problem of low identification accuracy when processing various different services in the prior art.
Description
Technical Field
The invention relates to the field of computer internet, in particular to a batch request processing method and a batch request processing system.
Background
Currently, many websites and applications are vulnerable to cheating operations of users or attacks of malware robots, for example, batch requests of the malware robots include batch registration of account accounts for payment, posting, and batch login after account stealing to check whether the accounts are valuable or not, and the like, which easily causes server resources to be consumed and cannot provide normal services to the outside.
To prevent users from cheating or using software attacks, many websites and applications use a fully Automated Public ring Test to talk computers and Humans to verify whether the logged-in user at the other end is a human, such as letting the user enter a verification code, entering a dynamic password token, etc. However, the current recognition mode often needs to add human-computer interaction operation in the service processing flow, which greatly reduces the user operation experience and the service processing efficiency; and many websites and applications are identified only by a scheme of one statistical model and a plurality of identification rules, and the identification accuracy is not high when a plurality of different services are processed.
Disclosure of Invention
The technical problem to be solved by the embodiments of the present invention is to provide a batch request processing method and a batch request processing system, which can avoid adding human-computer interaction operation in a service processing flow in the prior art, and solve the technical problem of low recognition accuracy when processing multiple different services.
In order to solve the above technical problem, a first aspect of an embodiment of the present invention discloses a batch request processing method, including:
obtaining a first hypertext transfer protocol request;
selecting one statistical model from a plurality of preset and stored statistical models according to the first hypertext transfer protocol request and the host configuration information; the host configuration information comprises statistical model information corresponding to each hypertext transfer protocol request;
counting the data to be counted through the selected statistical model, and identifying whether the current request behavior is a machine batch request behavior;
and when the request behaviors of the machines in batches are identified, intercepting the current request behaviors.
With reference to the first aspect, in a first possible implementation manner, before the selecting one statistical model from a plurality of preset statistical models according to the hypertext transfer protocol request and the host configuration information, the method further includes:
receiving and extracting the site data according to the second hypertext transfer protocol request;
according to the attack recognition mode of the station data offline analysis machine batch request behavior, generating a statistical model corresponding to the second hypertext transfer protocol request, and storing the statistical model in a database; the statistical model is used for counting data to be counted and identifying whether the request behavior is a machine batch request behavior.
With reference to the first possible implementation manner of the first aspect, in a second possible implementation manner, the selecting, according to the first hypertext transfer protocol request and the host configuration information, one statistical model from a plurality of preset and stored statistical models includes:
selecting one analysis engine from a plurality of preset analysis engines according to the first hypertext transfer protocol request and the host configuration information; wherein the analysis engines correspond to the statistical models one to one;
the step of counting the data to be counted through the selected statistical model and identifying whether the current request behavior is a machine batch request behavior comprises the following steps:
and the selected analysis engine counts the data to be counted through the corresponding statistical model and identifies whether the current request behavior is a machine batch request behavior.
With reference to the second possible implementation manner of the first aspect, in a third possible implementation manner, the method further includes:
regularly comparing whether the statistical model stored in the database is consistent with the statistical model corresponding to the analysis engine;
and when the comparison result is negative, synchronously switching the statistical model corresponding to the analysis engine into the statistical model stored in the database.
With reference to the first aspect, or the first possible implementation manner of the first aspect, or the second possible implementation manner of the first aspect, or the third possible implementation manner of the first aspect, in a fourth possible implementation manner, after the intercepting processing is performed on the current request behavior, the method further includes:
recording the interception processing, analyzing the interception processing and generating an interception processing report;
and receiving a report viewing instruction, and displaying the interception processing report.
A second aspect of the embodiments of the present invention discloses a batch request processing system, including:
a request acquisition module for acquiring a first hypertext transfer protocol request;
the model selection module is used for selecting one statistical model from a plurality of preset and stored statistical models according to the first hypertext transfer protocol request and the host configuration information; the host configuration information comprises statistical model information corresponding to each hypertext transfer protocol request;
the statistical identification module is used for counting the data to be counted through the statistical model selected by the model selection module and identifying whether the current request behavior is a machine batch request behavior;
and the interception processing module is used for intercepting the current request behavior when the statistical identification module identifies the batch request behavior of the machines.
With reference to the second aspect, in a first possible implementation manner, the system further includes:
the offline analysis module is used for receiving and extracting the site data according to a second hypertext transfer protocol request before the model selection module selects one statistical model from a plurality of preset statistical models according to the hypertext transfer protocol request and the host configuration information; according to the attack recognition mode of the station data offline analysis machine batch request behavior, generating a statistical model corresponding to the second hypertext transfer protocol request, and storing the statistical model in a database; the statistical model is used for counting data to be counted and identifying whether the request behavior is a machine batch request behavior.
With reference to the first possible implementation manner of the first aspect, in a second possible implementation manner, the statistical identification module includes a plurality of analysis engines, and the analysis engines are in one-to-one correspondence with the statistical model;
the model selection module is specifically used for selecting one analysis engine from a plurality of analysis engines in the statistical identification module according to the first hypertext transfer protocol request and the host configuration information;
the statistical identification module is specifically configured to perform statistics on data to be counted by using the analysis engine selected by the model selection module, and identify whether the current request behavior is a machine batch request behavior.
With reference to the second possible implementation manner of the first aspect, in a third possible implementation manner, the system further includes:
the timing comparison module is used for comparing whether the statistical model stored in the database is consistent with the statistical model corresponding to the analysis engine or not at regular time;
and the synchronous switching module is used for synchronously switching the statistical model corresponding to the analysis engine to the statistical model stored in the database when the comparison result of the timing comparison module is negative.
With reference to the second aspect, or the first possible implementation manner of the second aspect, or the second possible implementation manner of the second aspect, or the third possible implementation manner of the second aspect, in a fourth possible implementation manner, the system further includes:
the recording module is used for recording the interception processing after the interception processing module carries out the interception processing on the current request behavior;
the report generation module is used for analyzing the interception processing to generate an interception processing report;
and the report display module is used for receiving the report viewing instruction and displaying the interception processing report.
A third aspect of the embodiments of the present invention discloses a computer storage medium, where the computer storage medium stores a program, and the program, when executed, includes all the steps of the data processing method in the first aspect of the embodiments of the present invention, or the first possible implementation manner of the first aspect, or the second possible implementation manner of the first aspect, or the third possible implementation manner of the first aspect, or the fourth possible implementation manner of the first aspect.
By implementing the embodiment of the invention, one statistical model is selected from a plurality of preset and stored statistical models according to the first hypertext transfer protocol request and the host configuration information, then the statistical data to be counted is counted through the selected statistical model, and whether the current request behavior is the machine batch request behavior is identified, so that the operation of increasing human-computer interaction in the service processing flow in the prior art can be greatly avoided, the user operation experience and the service processing efficiency are improved, and the technical problem of low identification accuracy when a plurality of different services are processed in the prior art is solved; by extracting the site data and analyzing the attack identification mode of the machine batch request behavior in an off-line manner and synchronously switching the statistical model at regular time, the identification accuracy rate when various different services are processed is further improved, and the website or application is prevented from being requested by the software robot in batches.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic view of an application scenario of a batch request processing method according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a batch request processing method according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a batch request processing method according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a batch request processing system provided by the present invention;
FIG. 5 is a block diagram illustrating an alternative embodiment of a batch request processing system according to the present invention;
FIG. 6 is a block diagram illustrating an alternative embodiment of a batch request processing system according to the present invention;
FIG. 7 is a block diagram illustrating an alternative embodiment of a batch request processing system according to the present invention;
FIG. 8 is a block diagram illustrating an embodiment of a batch request processing system according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Each embodiment of the invention can be implemented based on the application scenario shown in fig. 1, a user can log in a service platform of a server side to perform service operation, the server side performs service processing on an operation instruction of a received user, the server side acquires and analyzes a Hypertext transfer protocol (HTTP) request of the user, selects a statistical model, and performs interception processing if the current request behavior is identified as a machine batch request behavior;
the following describes a specific implementation of the batch request processing method according to the embodiment of fig. 2 to 3 in detail:
as shown in fig. 2, a flowchart of a batch request processing method provided by an embodiment of the present invention is a technical solution for describing a batch request processing method from a server, and includes:
step S200: obtaining a first hypertext transfer protocol request;
specifically, the first hypertext transfer protocol HTTP request may be an HTTP request initiated by a currently logged-in user, and when the currently logged-in user performs a service operation on a service platform provided by a server, the server may obtain the first hypertext transfer protocol request;
step S202: selecting one statistical model from a plurality of preset and stored statistical models according to the first hypertext transfer protocol request and the host configuration information; the host configuration information comprises statistical model information corresponding to each hypertext transfer protocol request;
specifically, a server generates and stores a plurality of statistical models in advance, and each statistical model can be used for correspondingly identifying whether one type of request behaviors are machine batch request behaviors or not; the server is also preset with HOST configuration information, which may include statistical model information corresponding to each hypertext transfer protocol request, where the corresponding statistical model information may be a statistical model corresponding to a preset service type (i.e., equivalent to an analysis engine), or may be a statistical model corresponding to a service type determined through experience; that is, the statistical models respectively correspond to different service types to correspondingly identify whether the request behavior is a machine batch request behavior; then the server end can acquire the service type corresponding to the current request behavior according to the first hypertext transfer protocol request, and then can acquire the statistical model corresponding to the service type through the HOST configuration information, thereby completing the selection of one statistical model from a plurality of preset and stored statistical models;
step S204: counting the data to be counted through the selected statistical model, and identifying whether the current request behavior is a machine batch request behavior;
specifically, after the server selects the statistical model, the server can import the data to be counted, and perform statistical analysis according to the statistical model, so as to identify whether the current request behavior is a machine batch request behavior;
step S206: and when the request behaviors of the machines in batches are identified, intercepting the current request behaviors.
Specifically, when the server side identifies that the current request behavior is a machine batch request behavior, a corresponding strategy can be adopted to intercept the current request according to the configuration information corresponding to the HOST; it can be understood that when the server side identifies that the current request behavior is not the machine batch request behavior, the interception processing is not executed.
Further, in step S202 of this embodiment of the present invention, before selecting one statistical model from a plurality of preset statistical models according to the hypertext transfer protocol request and the host configuration information, the method may further include:
receiving and extracting the site data according to the second hypertext transfer protocol request; according to the attack recognition mode of the station data offline analysis machine batch request behavior, generating a statistical model corresponding to the second hypertext transfer protocol request, and storing the statistical model in a database; the statistical model is used for counting data to be counted and identifying whether the request behavior is a machine batch request behavior.
Specifically, the second HTTP request is specifically an HTTP request before the first HTTP request in the embodiment of the present invention; before the current request behavior, when a user logs in a service platform to perform service operation, the server side can receive and extract site data according to the second HTTP request, perform offline analysis according to the site data, analyze an attack identification mode of the machine batch request behavior of the service type corresponding to the second HTTP request, finally generate a statistical model corresponding to the second HTTP request, and store the statistical model into a database, wherein the database can be a relational database MYSQL; that is, the server may generate a plurality of different statistical models in advance for a plurality of different service types, so that the statistical models may be customized for different service requirements. Then, step S102 may select one statistical model from a plurality of predetermined statistical models according to the http request and the host configuration information.
Still further, in the embodiment of the present invention, the step S202, according to the first hypertext transfer protocol request and the host configuration information, selecting one statistical model from a plurality of statistical models that are preset and stored may specifically include: selecting one analysis engine from a plurality of preset analysis engines according to the first hypertext transfer protocol request and the host configuration information; wherein the analysis engines are in one-to-one correspondence with the statistical models.
Step S204, counting the data to be counted by the selected statistical model, and identifying whether the current request behavior is a machine batch request behavior may specifically include: and the selected analysis engine counts the data to be counted through the corresponding statistical model and identifies whether the current request behavior is the machine batch request behavior.
Specifically, the server side can generate a plurality of different analysis engines for different service types, and the analysis engines are essentially in one-to-one correspondence with the statistical models; that is, the statistical data may be counted by the analysis engine, and whether the current request behavior is a machine batch request behavior is identified.
It should be noted that, the server side in the embodiment of the present invention may include a plurality of MsCaptcha servers (abbreviated as MC servers), including but not limited to an MC data receiving server, an MC data analysis server, an MC alarm server, a world wide WEB front end server, and the like, and the following description is made with reference to a schematic diagram of a batch request processing method provided in the embodiment of the present invention shown in fig. 3:
the server may transmit the first HTTP request to an MC data receiving server through an MC interception service system (the MC interception service system may be a program generated in advance for intercepting in batch request processing), and after receiving the first HTTP request, the MC data receiving server transmits the first HTTP request to an MC data analysis server.
After receiving the first HTTP request, the MC data analysis server selects a statistical model from a plurality of preset and stored statistical models according to the first HTTP request and HOST configuration information, imports data to be statistically analyzed after the statistical model is selected, and accordingly identifies whether the current request behavior is a machine batch request behavior or not; when the MC data analysis server identifies that the current request behavior is a machine batch request behavior, the result can be fed back to the MC alarm server, and after the MC alarm server receives the result information, the MC alarm server can adopt a corresponding strategy to intercept the current request according to the configuration information corresponding to the HOST, for example, alarm is carried out, and the current user is listed in a blacklist so as to finish the interception of the current request.
Further, the batch request processing method according to the embodiment of the present invention may further include: regularly comparing whether the statistical model stored in the database is consistent with the statistical model corresponding to the analysis engine; and when the comparison result is negative, synchronously switching the statistical model corresponding to the analysis engine into the statistical model stored in the database.
Specifically, when a user logs in a service platform to perform a service operation, a server side may receive and extract site data according to the current HTTP request, and may perform offline analysis according to the site data, specifically, an attack identification mode of a machine batch request behavior of a service type corresponding to the HTTP request may be analyzed by the offline analysis platform in fig. 3, and finally, a statistical model corresponding to the HTTP request is generated; that is, the server may continuously generate the statistical model according to the operation data of the user logging in the service platform, and often generate a new statistical model, so that the server may periodically compare whether the statistical model stored in the database is consistent with the statistical model corresponding to the analysis engine, and when the comparison is inconsistent, synchronously switch (equivalent to dynamically switch) the statistical model corresponding to the analysis engine to the statistical model stored in the database.
Still further, the batch request processing method according to the embodiment of the present invention may further include: when the server side recognizes that the request behaviors are machine batch request behaviors, recording the interception processing after intercepting the current request behaviors, analyzing the interception processing and generating an interception processing report; and receiving a report viewing instruction, and displaying the interception processing report.
Specifically, as shown in fig. 3, the server may record the interception processing through the WEB front-end server, and analyze the interception processing, for example, analyze information such as a trend of the batch request of the machine, and generate an interception processing report; the user can input a report checking instruction, check the interception processing report displayed by the WEB front-end server and see the interception effect.
The following illustrates an embodiment of a batch request processing method according to an embodiment of the present invention:
some Common Gateway Interfaces (CGIs) of a certain website are often maliciously pulled by batch requests sent by some clientIp, so that the server side may extract operation data of the website, analyze an attack recognition mode of a machine batch request behavior of the service type in an offline manner, and finally generate a statistical model corresponding to the HTTP request, for example, the statistical model is as follows: the method comprises two statistical analysis stages, wherein in the 1 st stage, the CGI times of accessing the site by the clientIp in the first time period (such as within 1 minute) are counted, if the counted times reach a first preset threshold, the 2 nd stage is entered, whether the number of the CGI reaches the first preset threshold in the second time period (such as within 5 minutes) reaches a second preset threshold is counted, and if the number of the CGI reaches the first preset threshold in the second time period reaches the second preset threshold, the current request behavior can be identified to be a machine batch request behavior;
after the statistical model is generated at the server side, the HTTP request initiated by the user side at the next time can be obtained, whether the statistical model is selected for the HTTP request or not is analyzed, when the statistical model is analyzed to be needed for rapidly identifying the batch request of the clientIp to the CGI, the statistical model is selected, the incoming operation data is analyzed, whether the current request is the batch request of the clientIp to the CGI is identified through the two statistical analysis stages, and if the current request is the machine batch request behavior is identified, and the interception processing is carried out.
By implementing the embodiment of the invention, one statistical model is selected from a plurality of preset and stored statistical models according to the first hypertext transfer protocol request and the host configuration information, then the statistical data to be counted is counted through the selected statistical model, and whether the current request behavior is the machine batch request behavior is identified, so that the operation of increasing human-computer interaction in the service processing flow in the prior art can be greatly avoided, the user operation experience and the service processing efficiency are improved, and the technical problem of low identification accuracy when a plurality of different services are processed in the prior art is solved; by extracting the site data and analyzing the attack identification mode of the machine batch request behavior in an off-line manner and synchronously switching the statistical model at regular time, the identification accuracy rate when various different services are processed is further improved, and the website or application is prevented from being requested by the software robot in batches.
In order to better implement the above solution of the embodiment of the present invention, the present invention further provides a batch request processing system, as shown in fig. 4, which is a schematic structural diagram of the batch request processing system provided in the present invention, the batch request processing system 40 may include: a request acquisition module 400, a model selection module 402, a statistical identification module 404, and an interception processing module 406, wherein
the model selection module 402 is configured to select one statistical model from a plurality of preset and stored statistical models according to the first hypertext transfer protocol request and the host configuration information; the host configuration information comprises statistical model information corresponding to each hypertext transfer protocol request;
the statistical identification module 404 is configured to perform statistics on data to be counted through the statistical model selected by the model selection module 402, and identify whether the current request behavior is a machine batch request behavior;
the interception processing module 406 is configured to perform interception processing on the current request behavior when the statistics identifying module 404 identifies the request behavior as a machine batch request behavior.
It should be noted that the batch request processing system 40 in fig. 4 may be an MC data analysis server in the foregoing embodiment, the request obtaining module 400 may specifically be a network framework module in the MC data analysis server, the model selecting module 402 may specifically be an engine management module in the MC data analysis server, the statistical identifying module 404 may specifically be an analysis engine in the MC data analysis server, and the interception processing module 406 may specifically be a triggering module in the MC data analysis server for triggering an external MC alarm server to perform interception processing; it is understood that the batch request processing system 40 of FIG. 4 may have a plurality of statistical identification modules 404 for selection by the model selection module 402; that is, when the batch request processing system 40 is an MC data analysis server, the MC data analysis server may include a plurality of analysis engines for selection by the engine management module.
Specifically, as shown in fig. 5, which is a schematic structural diagram of another embodiment of the batch request processing system provided by the present invention, the batch request processing system 40 includes, in addition to the request obtaining module 400, the model selecting module 402, the statistical identification module 404 and the interception processing module 406, an offline analysis module 408, configured to receive and extract site data according to a second hypertext transfer protocol request before the model selecting module 402 selects one statistical model from a plurality of preset statistical models according to the hypertext transfer protocol request and the host configuration information; according to the attack recognition mode of the station data offline analysis machine batch request behavior, generating a statistical model corresponding to the second hypertext transfer protocol request, and storing the statistical model in a database; the statistical model is used for counting data to be counted and identifying whether the request behavior is a machine batch request behavior. The offline analysis module 408 may be an offline computing platform for computing MC models to analyze attack recognition patterns of machine batch request behaviors and generate corresponding statistical models.
It should be noted that the batch request processing system 40 in the embodiment of the present invention may further include a database 4010 for storing a statistical model, which may be a relational database MYSQL.
Further, the statistical identification module 404 in the batch request processing system 40 may include a plurality of analysis engines, one-to-one corresponding to the statistical model;
the model selecting module 402 is specifically configured to select one analysis engine from a plurality of analysis engines in the statistical identification module 404 according to the first hypertext transfer protocol request and the host configuration information;
the statistical identification module 404 is specifically configured to perform statistics on data to be counted by using the analysis engine selected by the model selection module 402, and identify whether the current request behavior is a machine batch request behavior.
Still further, as shown in fig. 6, which is a schematic structural diagram of another embodiment of the batch request processing system provided by the present invention, the batch request processing system 40 includes, in addition to the request obtaining module 400, the model selecting module 402, the statistical identification module 404, the interception processing module 406, the offline analyzing module 408 and the database 4010, a timing comparison module 4012 and a synchronous switching module 4014, wherein,
the timing comparison module 4012 is configured to compare whether the statistical model stored in the database is consistent with the statistical model corresponding to the analysis engine at regular time;
the synchronous switching module 4014 is configured to, if the comparison result of the timing comparison module 4012 is negative, synchronously switch the statistical model corresponding to the analysis engine to the statistical model stored in the database.
Specifically, the timing comparison module 4012 and the synchronous switching module 4014 may be management modules in the batch request processing system 40, and are used to dynamically upgrade the statistical model.
Still further, as shown in fig. 7, which is a schematic structural diagram of another embodiment of the batch request processing system provided by the present invention, the batch request processing system 40 includes a request obtaining module 400, a model selecting module 402, a statistical identification module 404, an interception processing module 406, an offline analyzing module 408, a database 4010, a timing comparison module 4012, and a synchronous switching module 4014, and may further include a recording module 4016, a report generating module 4018, and a report displaying module 4020, where the report generating module 4018 and the report displaying module 4020 are further included in the system, and the system includes a module for obtaining a request, a
The recording module 4016 is configured to record the interception processing after the interception processing module 406 performs interception processing on the current request behavior;
the report generation module 4018 is configured to analyze the interception processing to generate an interception processing report;
the report display module 4020 is configured to receive a report viewing instruction and display the intercepted report.
Specifically, the recording module 4016, the report generating module 4018, and the report displaying module 4020 may specifically be a WEB front-end server in the batch request processing system 40, and are used to dynamically upgrade the statistical model. The batch request processing system 40 may record the interception processing through the WEB front-end server, and analyze the interception processing, for example, analyze information such as a trend of the machine batch request, and generate an interception processing report; the user can input a report checking instruction, check the interception processing report displayed by the WEB front-end server and see the interception effect.
It should be noted that, as shown in fig. 3, the batch request processing system 40 in the embodiment of the present invention may include a plurality of MsCaptcha servers (abbreviated as MC servers), such as an MC data receiving server, an MC data analyzing server, an MC alarm server, an offline computing platform, a world wide WEB front-end server, and the like.
Referring to fig. 8, fig. 8 is a schematic structural diagram of a batch request processing system according to another embodiment of the present invention. As shown in fig. 8, the batch request processing system 80 may include: at least one processor 801, e.g., a CPU, at least one network interface 804, a user interface 803, a memory 805, at least one communication bus 802, and a display 806. Wherein a communication bus 802 is used to enable connective communication between these components. The user interface 803 may include, among other things, a display screen, a keyboard or a mouse. The network interface 804 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 805 may be a high-speed RAM memory or a non-volatile memory (non-volatile memory), such as at least one disk memory, and the memory 805 includes a flash in the embodiment of the present invention. The memory 805 may optionally be at least one memory system located remotely from the processor 801 as previously described. As shown in fig. 8, the memory 805, which is a kind of computer storage medium, may include therein an operating system, a network communication module, a user interface module, and a batch request handler.
In the batch request processing system 80 shown in FIG. 8, the network interface 804 may be used to connect clients (i.e., client) for data communication with the clients; and the processor 801 may be configured to invoke the batch request handler stored in the memory 805 and perform the following operations:
obtaining a first hypertext transfer protocol request;
selecting one statistical model from a plurality of preset and stored statistical models according to the first hypertext transfer protocol request and the host configuration information; the host configuration information comprises statistical model information corresponding to each hypertext transfer protocol request;
counting the data to be counted through the selected statistical model, and identifying whether the current request behavior is a machine batch request behavior;
and when the request behaviors of the machines in batches are identified, intercepting the current request behaviors.
Specifically, before the processor 801 selects one statistical model from a plurality of preset statistical models according to the hypertext transfer protocol request and the host configuration information, the following steps may be further performed:
receiving and extracting the site data according to the second hypertext transfer protocol request;
according to the attack recognition mode of the station data offline analysis machine batch request behavior, generating a statistical model corresponding to the second hypertext transfer protocol request, and storing the statistical model in a database; the statistical model is used for counting data to be counted and identifying whether the request behavior is a machine batch request behavior.
Specifically, the selecting, by the processor 801, one statistical model from a plurality of statistical models stored in advance according to the first hypertext transfer protocol request and the host configuration information includes:
selecting one analysis engine from a plurality of preset analysis engines according to the first hypertext transfer protocol request and the host configuration information; wherein the analysis engines correspond to the statistical models one to one;
the processor 801 counts the data to be counted through the selected statistical model, and identifying whether the current request behavior is a machine batch request behavior includes:
and the selected analysis engine counts the data to be counted through the corresponding statistical model and identifies whether the current request behavior is a machine batch request behavior.
Specifically, the processor 801 may further perform:
regularly comparing whether the statistical model stored in the database is consistent with the statistical model corresponding to the analysis engine;
and when the comparison result is negative, synchronously switching the statistical model corresponding to the analysis engine into the statistical model stored in the database.
Specifically, after intercepting the current request behavior, the processor 801 may further perform:
recording the interception processing, analyzing the interception processing and generating an interception processing report;
and receiving a report viewing instruction, and displaying the interception processing report.
It is to be understood that, the functions of each module in the batch request processing system 40 or the batch request processing system 80 may refer to the specific implementation manner of any embodiment in fig. 1 to fig. 3 in the foregoing method embodiments, and are not described herein again.
In summary, with the embodiment of the present invention, according to the first hypertext transfer protocol request and the host configuration information, one statistical model is selected from a plurality of preset and stored statistical models, then statistics is performed on the data to be counted by the selected statistical model, and whether the current request behavior is a machine batch request behavior is identified, so that an operation of adding human-computer interaction in a service processing flow in the prior art can be greatly avoided, thereby improving user operation experience and service processing efficiency, and solving a technical problem in the prior art that identification accuracy is not high when processing a plurality of different services; by extracting the site data and analyzing the attack identification mode of the machine batch request behavior in an off-line manner and synchronously switching the statistical model at regular time, the identification accuracy rate when various different services are processed is further improved, and the website or application is prevented from being requested by the software robot in batches.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above disclosure is only for the purpose of illustrating the preferred embodiments of the present invention, and it is therefore to be understood that the invention is not limited by the scope of the appended claims.
Claims (9)
1. A batch request processing method, comprising:
when a user logs in a service platform to perform service operation, receiving and extracting site data according to a second hypertext transfer protocol request;
analyzing an attack identification mode of a machine batch request behavior according to the site data to generate a statistical model corresponding to the second hypertext transfer protocol request;
storing a plurality of statistical models of different service types in a database;
acquiring a first hypertext transfer protocol request belonging to the same user;
acquiring a service type corresponding to the first hypertext transfer protocol request according to the first hypertext transfer protocol request;
selecting a statistical model corresponding to the service type from a plurality of statistical models stored in a database according to the host configuration information; the host configuration information comprises statistical model information corresponding to each hypertext transfer protocol request;
importing data to be counted into the selected statistical model, counting the data to be counted through the selected statistical model, and identifying whether the first hypertext transfer protocol request is a machine batch request behavior;
and when the machine batch request behavior is identified, intercepting the first hypertext transfer protocol request.
2. The method of claim 1, wherein selecting one statistical model from a plurality of statistical models stored in advance according to the first hypertext transfer protocol request and the host configuration information comprises:
selecting one analysis engine from a plurality of preset analysis engines according to the first hypertext transfer protocol request and the host configuration information; wherein the analysis engines correspond to the statistical models one to one;
the step of counting the data to be counted through the selected statistical model and identifying whether the current request behavior is a machine batch request behavior comprises the following steps:
and the selected analysis engine counts the data to be counted through the corresponding statistical model and identifies whether the current request behavior is a machine batch request behavior.
3. The method of claim 2, further comprising:
regularly comparing whether the statistical model stored in the database is consistent with the statistical model corresponding to the analysis engine;
and when the comparison result is negative, synchronously switching the statistical model corresponding to the analysis engine into the statistical model stored in the database.
4. The method of any of claims 1-3, wherein after the intercepting the first hypertext transfer protocol request, the method further comprises:
recording the interception processing, analyzing the interception processing and generating an interception processing report;
and receiving a report viewing instruction, and displaying the interception processing report.
5. A batch request processing system, comprising:
an offline analysis module to:
when a user logs in a service platform to perform service operation, receiving and extracting site data according to a second hypertext transfer protocol request;
analyzing an attack identification mode of a machine batch request behavior according to the site data to generate a statistical model corresponding to the second hypertext transfer protocol request;
storing a plurality of statistical models of different service types in a database;
the request acquisition module is used for acquiring a first hypertext transfer protocol request belonging to the same user;
a model selection module to:
acquiring a service type corresponding to the first hypertext transfer protocol request according to the first hypertext transfer protocol request;
selecting a statistical model corresponding to the service type from a plurality of statistical models stored in a database according to the host configuration information; the host configuration information comprises statistical model information corresponding to each hypertext transfer protocol request;
the statistic identification module is used for importing the data to be counted into the selected statistic model, counting the data to be counted through the statistic model selected by the model selection module, and identifying whether the first hypertext transfer protocol request is a machine batch request behavior;
and the interception processing module is used for intercepting the first hypertext transfer protocol request when the statistic identification module identifies the machine batch request behavior.
6. The system of claim 5, wherein the statistical identification module comprises a plurality of analysis engines, the analysis engines in one-to-one correspondence with the statistical models;
the model selection module is specifically used for selecting one analysis engine from a plurality of analysis engines in the statistical identification module according to the first hypertext transfer protocol request and the host configuration information;
the statistical identification module is specifically configured to perform statistics on data to be counted by using the analysis engine selected by the model selection module, and identify whether the current request behavior is a machine batch request behavior.
7. The system of claim 6, further comprising:
the timing comparison module is used for comparing whether the statistical model stored in the database is consistent with the statistical model corresponding to the analysis engine or not at regular time;
and the synchronous switching module is used for synchronously switching the statistical model corresponding to the analysis engine to the statistical model stored in the database when the comparison result of the timing comparison module is negative.
8. The system of any one of claims 5-7, further comprising:
the recording module is used for recording the interception processing after the interception processing module carries out the interception processing on the first hypertext transfer protocol request;
the report generation module is used for analyzing the interception processing to generate an interception processing report;
and the report display module is used for receiving the report viewing instruction and displaying the interception processing report.
9. A computer-readable storage medium having stored thereon executable instructions for implementing the batch request processing method of any one of claims 1 to 4 when executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410545601.0A CN104980421B (en) | 2014-10-15 | 2014-10-15 | Batch request processing method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410545601.0A CN104980421B (en) | 2014-10-15 | 2014-10-15 | Batch request processing method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104980421A CN104980421A (en) | 2015-10-14 |
| CN104980421B true CN104980421B (en) | 2020-06-16 |
Family
ID=54276529
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410545601.0A Active CN104980421B (en) | 2014-10-15 | 2014-10-15 | Batch request processing method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104980421B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106656920B (en) * | 2015-10-30 | 2019-09-06 | 北京国双科技有限公司 | Processing method, device, storage medium and the processor of HTTP service |
| CN106953832B (en) * | 2016-01-07 | 2020-04-07 | 福建天晴数码有限公司 | Method and system for processing online game suspicious account |
| CN107592300A (en) * | 2017-08-16 | 2018-01-16 | 中国银行股份有限公司 | A kind of method and system of anti-robot attack |
| CN109756528B (en) * | 2017-11-01 | 2022-03-11 | 广州腾讯科技有限公司 | Frequency control method and device, equipment, storage medium and server |
| CN110162939B (en) * | 2018-10-25 | 2023-05-02 | 腾讯科技(深圳)有限公司 | Man-machine identification method, equipment and medium |
| CN109474640B (en) * | 2018-12-29 | 2021-01-05 | 奇安信科技集团股份有限公司 | Malicious crawler detection method and device, electronic equipment and storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102137059B (en) * | 2010-01-21 | 2014-12-10 | 阿里巴巴集团控股有限公司 | Method and system for blocking malicious accesses |
| CN102521378A (en) * | 2011-12-20 | 2012-06-27 | 南京邮电大学 | Real-time intrusion detection method based on data mining |
-
2014
- 2014-10-15 CN CN201410545601.0A patent/CN104980421B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN104980421A (en) | 2015-10-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104980421B (en) | Batch request processing method and system | |
| EP3044987B1 (en) | Method and system for verifying an account operation | |
| US10795629B2 (en) | Text and custom format information processing method, client, server, and computer-readable storage medium | |
| CN108632213B (en) | Equipment information processing method and device | |
| US10740411B2 (en) | Determining repeat website users via browser uniqueness tracking | |
| US9306889B2 (en) | Method and device for processing messages | |
| US10673851B2 (en) | Method and device for verifying a trusted terminal | |
| CN110609937A (en) | Crawler identification method and device | |
| CN110830445B (en) | Method and device for identifying abnormal access object | |
| CN109547426B (en) | Service response method and server | |
| US9589122B2 (en) | Operation processing method and device | |
| CN109495467B (en) | Method and device for updating interception rule and computer readable storage medium | |
| WO2017053494A1 (en) | Method, apparatus and system for preventing cross-site request forgery | |
| CN110704816B (en) | Interface cracking recognition method, device, equipment and storage medium | |
| EP3468128B1 (en) | Method and device for preventing server from being attacked | |
| CN103024090A (en) | Method and system for identifying user terminal | |
| US20200004785A1 (en) | Automatic grouping based on user behavior | |
| CN113158169A (en) | Hadoop cluster-based verification method and device, storage medium and electronic equipment | |
| CN105955838A (en) | System halt reason check method and device | |
| CN103646081B (en) | Method and device for logging in web page | |
| CN109688099B (en) | Server-side database collision identification method, device, equipment and readable storage medium | |
| CN108650123B (en) | Fault information recording method, device, equipment and storage medium | |
| CN111400027A (en) | Distributed task processing method, device and system | |
| CN106326419B (en) | Network automata processing method and device | |
| CN112817816B (en) | Embedded point processing method and device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |