CN107465647A - A kind of compensation deals method and apparatus after stolen chain - Google Patents
A kind of compensation deals method and apparatus after stolen chain Download PDFInfo
- Publication number
- CN107465647A CN107465647A CN201610391086.4A CN201610391086A CN107465647A CN 107465647 A CN107465647 A CN 107465647A CN 201610391086 A CN201610391086 A CN 201610391086A CN 107465647 A CN107465647 A CN 107465647A
- Authority
- CN
- China
- Prior art keywords
- terminal
- string
- belongs
- test
- behavior
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
Abstract
The invention discloses the compensation deals method and apparatus after a kind of stolen chain.This method includes the broadcasting string that record receives;Judge to play whether string belongs to abnormal data;If playing string belongs to abnormal data, judge that request plays the terminal gone here and there and whether belongs to whether the behavior of particular terminal and terminal before request plays string belongs to normal behaviour;And if terminal is not belonging to particular terminal and behavior of the terminal before request plays string is not belonging to normal behaviour, and terminal is defined as to steal chain terminal, carries out door chain processing.By means of the invention it is possible to realize the compensation deals after stolen chain, avoid occurring robber's chain again so that steal chain behavior and be controlled.
Description
Technical field
The present invention relates to stream media technology field, specifically, the compensation deals method and apparatus after more particularly to a kind of stolen chain.
Background technology
Continuous image and acoustic information are typically put into media server by media provider when providing the terminal with media after overcompression is handled, and compressed package is transmitted from media server to user terminal.
In this course, if media provider is directly embedded into resource address the website of oneself, then stealing chain person can make media provider economic loss occur successfully to realize robber's chain of video flowing.
In order to solve this problem, the solution of many door chains is proposed in the prior art.Including referer tracking source, to playing string using AES etc., but the former can realize robber's chain by way of blade-rotating face, once the latter's encryption rule is cracked, also robber's chain can be realized, therefore, prior art still can not prevent to steal chain problem completely, and there is an urgent need to a kind of compensation deals method after stolen chain.
For above-mentioned technical problem present in prior art, effective solution is not yet proposed at present.
The content of the invention
It is a primary object of the present invention to provide the compensation deals method and apparatus after a kind of stolen chain, to carry out filtration treatment to illegal request, avoid occurring stealing chain behavior again, solves the problems, such as robber's chain from another angle.
On the one hand, there is provided a kind of compensation deals method after stolen chain, this method include:Record the broadcasting string received;Judge to play whether string belongs to abnormal data;If playing string belongs to abnormal data, judge that request plays the terminal gone here and there and whether belongs to whether the behavior of particular terminal and terminal before request plays string belongs to normal behaviour;And if terminal is not belonging to particular terminal and behavior of the terminal before request plays string is not belonging to normal behaviour, and terminal is defined as to steal chain terminal, carries out door chain processing.
Further, judge to play that the step of whether string belongs to abnormal data is specially:Judge to play whether string is repeatedly asked, wherein, repeatedly asked if playing string, play string and belong to abnormal data;Or whether the parameter for judging to play in string meets default parameter setting rule, wherein, if the parameter played in string is unsatisfactory for default parameter setting rule, plays string and belong to abnormal data.
Further, whether the parameter for judging to play in string meets that default parameter setting rule includes:Whether the digit for judging to play the parameter in string meets default parameter bit requirements;Whether the order for judging to play the parameter in string meets default sequence requirement;Judge whether the value for playing the parameter in string meets the area requirement of default value;And/or the call parameter for judging to play in string whether there is.
Further, particular terminal includes test terminal, judges that the step of whether terminal belongs to test terminal is specially:String will be played to be matched with the test string in test set of strings, wherein, if playing string and any test String matching in test set of strings, terminal belongs to test terminal;Or matched the attribute data of terminal with the terminal attribute data in test terminal record, wherein, if the attribute data of terminal matches with any terminal attribute data in test terminal record, terminal belongs to test terminal.
Further, if playing string belongs to abnormal data, before judging whether terminal belongs to particular terminal, this method also includes:Confirm that the manufacturer of terminal whether there is;Only in the presence of the manufacturer of terminal, execution judges the step of whether terminal belongs to particular terminal;When the manufacturer of terminal is not present, directly terminal is defined as to steal chain terminal, carries out door chain processing.
Further, judge that the step of whether behavior of the terminal before request plays string belongs to normal behaviour includes:Chronologically record behavior step of the terminal before request plays string;By the behavior step of record compared with the behavior step in behavior record, wherein, if the behavior step and the behavior step in behavior record of record are consistent successively, behavior of the terminal before request plays string belongs to normal behaviour.
Further, by terminal be defined as steal chain terminal, carry out door chain processing the step of be specially:Terminal is added to blacklist.
On the other hand, there is provided the compensation deals device after a kind of stolen chain, the device include:Logging modle, for recording the broadcasting string received;First judge module, for judging to play whether string belongs to abnormal data;Second judge module, for when broadcasting string belongs to abnormal data, judging that request plays whether the terminal gone here and there belongs to particular terminal;3rd judge module, for when broadcasting string belongs to abnormal data, judging whether behavior of the terminal before request plays string belongs to normal behaviour;And processing module, for being not belonging to particular terminal in terminal, and terminal is defined as stealing chain terminal, carries out door chain processing by terminal when the behavior that request is played before going here and there is not belonging to normal behaviour.
Further, the first judge module specifically performs following steps:Judge to play whether string is repeatedly asked, wherein, repeatedly asked if playing string, play string and belong to abnormal data;Or whether the parameter for judging to play in string meets default parameter setting rule, wherein, if the parameter played in string is unsatisfactory for default parameter setting rule, plays string and belong to abnormal data.
Further, particular terminal includes test terminal, and the second judge module specifically performs following steps:String will be played to be matched with the test string in test set of strings, wherein, if playing string and any test String matching in test set of strings, terminal belongs to test terminal;Or matched the attribute data of terminal with the terminal attribute data in test terminal record, wherein, if the attribute data of terminal matches with any terminal attribute data in test terminal record, terminal belongs to test terminal.
Pass through the present invention, it is proposed that a kind of compensation deals method after stolen chain, comprise the following steps:The broadcasting string received every time to media server records, whether the broadcasting string for judging to record belongs to abnormal data, if belong to abnormal data, determine whether that request plays whether the terminal gone here and there belongs to test terminal, whether behavior of the terminal before request plays string belongs to normal behaviour, if terminal is not belonging to test terminal and behavior of the terminal before request plays string is not belonging to normal behaviour, terminal can be determined to steal chain terminal, so as to carry out door chain processing, realize the compensation deals after stolen chain, avoid occurring robber's chain again, it is controlled so that stealing chain behavior.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention, and it can be practiced according to the content of specification, and in order to which above and other objects of the present invention, feature and advantage can be become apparent, below especially exemplified by the embodiment of the present invention.
Brief description of the drawings
By reading the detailed description of hereafter preferred embodiment, it is various other the advantages of and benefit will be clear understanding for those of ordinary skill in the art.Accompanying drawing is only used for showing the purpose of preferred embodiment, and is not considered as limitation of the present invention.And in whole accompanying drawing, identical part is denoted by the same reference numerals.In the accompanying drawings:
Fig. 1 is the flow chart of the compensation deals method after stolen chain according to a first embodiment of the present invention;
Fig. 2 is the schematic flow sheet of the compensation deals method after stolen chain according to a second embodiment of the present invention;
Fig. 3 is the schematic flow sheet of the compensation deals method after stolen chain according to a third embodiment of the present invention;
Fig. 4 is the block diagram of the compensation deals device after stolen chain according to a fourth embodiment of the present invention.
Embodiment
The present invention will be further described with reference to the accompanying drawings and detailed description.It is pointed out that in the case where not conflicting, the feature in embodiment and embodiment in the application can be mutually combined.
Embodiment one
The embodiment of the present invention one describes a kind of compensation deals method after stolen chain, specifically, describe a kind of after stealing chain and occurring, identify and steal chain terminal, the process of door chain processing is carried out, specifically, as shown in Figure 1, compensation deals method after the stolen chain of the embodiment comprises the following steps S102 to step S110, and each step describes in detail as follows successively.
Step S102:Record the broadcasting string received.
After media server receives broadcasting string request, the broadcasting string received to media server records, or, record has the broadcasting string received every time in the daily record of media server, and the daily record of query media servers can obtain broadcasting string.
Step S104:Judge to play whether string belongs to abnormal data, if playing string belongs to abnormal data, perform step S106, if playing string belongs to normal data, terminate.
In this step, examination judgement is carried out to the broadcasting string recorded, show whether it belongs to the conclusion of abnormal data.During judgement, one of following two modes can be used to be judged:
Mode one:Judge to play whether string is repeatedly asked, wherein, repeatedly asked if playing string, play string and belong to abnormal data.
For example, the broadcasting string recorded by step S102 is followed successively by following broadcasting strings 1, plays string 2 and plays string 3:
Play string 1:http://127.0.0.1:5658/dga:0,dgb:110,dgc:;admt:5,lg:14453359345189b1:pln:3799:pln:4321:mid:9939109,6738a6e9b494843d43bdbf40b3ab27f7:0:16:1137,9b61999bfdb599958f4ab379a17e5081:0:30:782&dh=cdn.xxx.com&di=3580&dj=3528&dk=cdnbk.voole.com&dl=5555&dm=6666&dn=1&do=1&dp=100983&dq=8adfads_ADSF&dr=1&ds=11&dt=971&du=111&dv=1&dw=222&dx=1&dy=2111
Play string 2:http://127.0.0.1:5658/dga:0,dgb:110,dgc:;admt:5,lg:14453359345189b1:pln:3799:pln:4321:mid:9939109,6738a6e9b494843d43bdbf40b3ab27f7:0:16:1137,9b61999bfdb599958f4ab379a17e5081:0:30:782&dh=cdn.xxx.com&di=3580&dj=3528&dk=cdnbk.voole.com&dl=5555&dm=6666&dn=1&do=1&dp=100983&dq=8adfads_ADSF&dr=1&ds=11&dt=971&du=111&dv=1&dw=222&dx=1&dy=2111
Play string 3:http://127.0.0.1:5658/dga:0,dgb:110,dgc:;admt:5,lg:14453359345189b1:pln:3799:pln:4321:mid:9939109,6738a6e9b494843d43bdbf40b3ab27f7:0:16:1137,9b61999bfdb599958f4ab379a17e5081:0:30:782&dh=cdn.xxx.com&di=3580&dj=3528&dk=cdnbk.voole.com&dl=5555&dm=6666&dn=1&do=1&dp=100983&dq=8adfads_ADSF&dr=1&ds=11&dt=971&du=111&dv=1&dw=222&dx=1&dy=2111
String 1,2,3 will be played to be compared it can be found that each character is identical, thus can determine that the broadcasting string be it is requested three times, belong to abnormal data.
The investigation of abnormal data is carried out using this kind of mode, can quickly investigate out the situation for being played using identical and going here and there and being attacked into pirate chain.
Mode two:Whether the parameter for judging to play in string meets default parameter setting rule, wherein, if the parameter played in string is unsatisfactory for default parameter setting rule, plays string and belong to abnormal data.
Wherein, when whether the parameter for judging to play in going here and there meets default parameter setting rule, whether the digit that can determine whether to play the parameter in string meets default parameter bit requirements;Whether the order for judging to play the parameter in string meets default sequence requirement;Judge whether the value for playing the parameter in string meets the area requirement of default value;And/or the call parameter for judging to play in string whether there is.
Such as, the parameter played in string includes parameter oemid, the parameter is the parameter that one be sequentially generated according to the manufacturer of terminal, processor chips and operating system etc. is used to express terminal type, according to parameter setting rule, the parameter is more than 2 digits and less than the numeral of 7 digits, if the oemid parameters in the broadcasting string of record are not the numerals in this section, it can determine that the parameter in the broadcasting string is unsatisfactory for default parameter setting rule, belong to abnormal data.
And for example, the parameter played in string includes parameter uid, the parameter is terminal after certificate server succeeds in registration, the user identity generated by certificate server proves, according to parameter setting rule, the parameter is the numeral of 9 digits, if the uid parameters in the broadcasting string of record are not the numerals in this section, it then can determine that the parameter in the broadcasting string is unsatisfactory for default parameter setting rule, belong to abnormal data.
The investigation of abnormal data is carried out using this kind of mode, situation about being gone here and there by the broadcasting of data falsification into pirate chain can be investigated out.
Step S106:Judge that request plays whether the terminal gone here and there belongs to particular terminal, if terminal belongs to particular terminal, terminates, if terminal is not belonging to particular terminal, perform step S108.
Signified particular terminal refers to both to be not belonging to steal chain terminal in the application, and some terminals of general user's terminal are different from terminal behavior, for example, test terminal, custom terminal in order to meet certain application scenarios etc..
In this step, it is mistaken for stealing chain in order to avoid above-mentioned particular terminal to be accessed to the situation of server, examination judgement is further carried out to the broadcasting string of exception, whether the terminal for judging to ask the exception to play string belongs to particular terminal, only when terminal is not particular terminal, just further enter the detection process of pirate chain.
Wherein, when judging whether terminal belongs to test terminal, one of following two modes can be used to be judged:
Mode one:String will be played to be matched with the test string in test set of strings, wherein, if playing string and any test String matching in test set of strings, terminal belongs to test terminal.
Test set of strings is formed by least one broadcasting string, each broadcasting string tested in set of strings is the broadcasting string for test, such as, in R&D process or during system upgrade, the broadcasting of test is gone here and there to form a set, when being tested, test string is obtained from the set.In which, the broadcasting string as abnormal data is matched with the broadcasting string in test set of strings.
Using this kind of mode test the investigation of terminal, can avoid being mistaken for some normal particular cases to steal chain, and can fast and accurately position robber's chain, to be taken precautions against after stealing chain and occurring.
Mode two:The attribute data of terminal is matched with the terminal attribute data in test terminal record, wherein, if the attribute data of terminal matches with any terminal attribute data in test terminal record, terminal belongs to test terminal.
Test terminal record is formed by least one set of terminal attribute data, the every group of terminal attribute data tested in terminal record represent one or a class testing terminal, equally, such as, in R&D process or during system upgrade, some or certain Terminal Type is tested, the attribute data of these terminals is formed into a record, the terminal indicated in the record is tested.In which, by playing the attribute data of the gain of parameter terminal in going here and there, for example, the parameter played in string is directly attribute data, after obtaining attribute data in being gone here and there from broadcasting, matched with every group of terminal attribute data in test terminal record;And for example, the parameter played in string is the data associated with attribute data, and the attribute data of terminal can be obtained by the data associated with attribute data, then will obtain attribute data and matched with testing every group of terminal attribute data in terminal record.Wherein, terminal attribute data can be that OS Type, manufacturer, the terminal seat of terminal manage region, terminal place user's group etc..
Using this kind of mode test the investigation of terminal, the situation for entering pirate chain by distorting terminal can be investigated out, can be taken precautions against directly against the terminal.
Step S108:Judge whether behavior of the terminal before request plays string belongs to normal behaviour, if behavior of the terminal before request plays string belongs to normal behaviour, terminate, if behavior of the terminal before request plays string is not belonging to normal behaviour, perform step S110.
Wherein, in this step, if behavior of the terminal before request plays string belongs to normal behaviour, represent that the interactive program between terminal and media server mistake occurs, it is necessary to according to contents such as daily records, the interactive program is checked.
It should be noted that in this embodiment, what is provided is preferred step execution sequence, that is, only just performing step S108 when the terminal that request plays string is not belonging to particular terminal.Also different step execution sequences can be selected according to being actually needed, for example, step S106 performs with step S108 simultaneously;Or step S108 is first carried out, then step S106 is performed, within the protection domain of the application.
In this step, in order to avoid the situation of normal hardware and software failure is mistaken for steal chain, examination judgement is further carried out to the broadcasting string of exception, judge whether behavior of the terminal before request plays string belongs to normal behaviour, only when terminal behavior is not belonging to normal behaviour, just further enter the detection process of pirate chain.Specifically, behavior step of the normal terminal before request plays string is chronologically formed into a behavior record, when judging whether terminal behavior belongs to normal behaviour, behavior step of the terminal before request plays string is chronologically recorded, again by the behavior step of record compared with the behavior step in behavior record, it is whether identical including comparison step, whether sequence of steps is identical, if the behavior step and the behavior step in behavior record of record are consistent successively, behavior of the terminal before request plays string belongs to normal behaviour.
Step S110:Terminal is defined as to steal chain terminal, carries out door chain processing.
Specifically, it can will steal chain terminal to add to blacklist, certificate server, media server is refused any request of robber's chain terminal, realize and filtration treatment is carried out to illegal request, avoid occurring stealing chain behavior again.
Embodiment two
The angle that the embodiment of the present invention two is implemented from practice states the application, as shown in Fig. 2 in the embodiment, the judgement for playing string record and abnormal data is realized in statistical system, specifically, the daily record of query media servers, obtained in daily record after playing string, judge to play whether string is repeatedly asked, whether the parameter for judging to play in string meets parameter setting rule, is repeatedly asked if playing string, and/or, play the parameter in string and be unsatisfactory for parameter setting rule, then confirm that it is abnormal data to play string.
After the data that note abnormalities, authentication and accounting System is transferred to further to investigate data.Whether the operating procedure for the terminal that authentication and accounting System analysis request first plays string meets normal logic.Under normal circumstances, terminal before being played, asks authentication service every time, and authentication service has log recording that can be related, records step:
The step of program request:Registration->Certification->Product price->Broadcasting inquiry->Play authentication;
Live step:Registration->Certification->Play authentication.
Wherein, registration refers to terminal in certificate server register account number;Certification refers to that terminal completes certification in certificate server;Product price refers to price of the user by terminal inquiry product;Which kind of user terminal selecting before inquiry refers to play is played to play out in a manner of product;Play authentication and refer to that user terminal carries out authentication step, it is determined whether have permission broadcasting.
If the actual operating procedure of the terminal of request broadcasting string is different from above-mentioned steps or sequentially different, it is believed that terminal behavior is abnormal, further judges whether the terminal is test terminal by product systems, that is, whether terminal situation is normal.
In product systems, according to the terminal models and/or hardware number of terminal, judge whether the terminal has personnel's test, if tested without personnel, then it represents that terminal is abnormal, to steal chain terminal, authentication and accounting System is fed back, adds blacklist, refusal steals chain from the step of terminal is applied for the registration of to certificate server, terminal is visited again, avoid robber chain person from persistently stealing chain.
Embodiment three
The embodiment of the present invention three is the preferred embodiment on the basis of above-described embodiment two, as shown in Figure 3, in the embodiment, arrange statistical system on a media server or on other servers, the broadcasting string received every time by statistical system record media server, and determining whether abnormal data, specific judgment mode such as embodiment one, here is omitted.When note abnormalities data when, abnormal data is sent to internal information system by statistical system.
Internal information system is used to store the specific string corresponding with particular terminal, such as the test string corresponding with test terminal, is also stored with normal terminal request and plays the information such as the normal behaviour record of string, tester can test from the internal information system application and go here and there.Internal information system is after abnormal data is received, string will be asked namely play to go here and there to be matched with the specific string stored, judge whether request string is specific string, if request string has specific string the inside, then illustrate that this request string is specific string, without carrying out following step.If not specific string, the user behaviors log that internal information system obtains the terminal to authentication and accounting System records.
Terminal, each time to the request of service end, log recording is had in authentication and accounting System when asking multimedia resource, and the record is exactly the behavior record of terminal, and repeatedly record can form the user behaviors log record of a terminal.
After internal information system request authentication and accounting System obtains the user behaviors log record of the terminal, user behaviors log record is matched with the normal behaviour record stored, when the user behaviors log record of the terminal is consistent with normal behaviour record, meet regular behavior record, mail investigation bug is then sent, otherwise regards as stealing chain terminal by the terminal, is sent to authentication and accounting System, terminal is added to blacklist by authentication and accounting System, the terminal is not allowed any access.
Preferably, internal information system stores and renewal has the manufacturer's information of the current all terminals record corresponding with the attribute data of terminal, after internal information system receives abnormal data, attribute data of the inquiry with the presence or absence of terminal corresponding to the abnormal data first in the record, to confirm that the manufacturer of terminal whether there is, if the attribute data of the terminal is not present in record, illustrate that the manufacturer of terminal is not present, the terminal can be directly defined as stealing chain terminal, carry out door chain processing.In the presence of the manufacturer of the terminal, then perform and the step of whether request string is test string judged, namely judge whether the terminal belongs to test terminal.
Example IV
The embodiment of the present invention four is the device embodiment corresponding with embodiment of the method one, as shown in figure 4, the compensation deals device after the stolen chain that the invention provides includes logging modle 10, the first judge module 20, the second judge module 30, the 3rd judge module 40 and processing module 50.
Wherein, logging modle 10 is used to record the broadcasting string received.First judge module 20 is used to judge to play whether string belongs to abnormal data.Second judge module 30 is used to, when broadcasting string belongs to abnormal data, judge that request plays whether the terminal gone here and there belongs to particular terminal.3rd judge module 40 is used to, when broadcasting string belongs to abnormal data, judge whether behavior of the terminal before request plays string belongs to normal behaviour.Processing module 50 is used to be not belonging to particular terminal in terminal, and terminal is defined as stealing chain terminal, carries out door chain processing by terminal when the behavior that request is played before going here and there is not belonging to normal behaviour.
Using the embodiment, filtration treatment can be carried out to illegal request, be compensated after stealing chain and occurring, avoid occurring stealing chain behavior again.
Preferably, the first judge module 20 specifically performs following steps:Judge to play whether string is repeatedly asked, wherein, repeatedly asked if playing string, play string and belong to abnormal data;Or whether the parameter for judging to play in string meets default parameter setting rule, wherein, if the parameter played in string is unsatisfactory for default parameter setting rule, plays string and belong to abnormal data.Wherein, the first judge module includes the step of execution when whether the parameter in judging to play string meets default parameter setting rule:Whether the digit for judging to play the parameter in string meets default parameter bit requirements;Whether the order for judging to play the parameter in string meets default sequence requirement;Judge whether the value for playing the parameter in string meets the area requirement of default value;And/or the call parameter for judging to play in string whether there is.
Preferably, particular terminal is test terminal, and the second judge module 30 specifically performs following steps:String will be played to be matched with the test string in test set of strings, wherein, if playing string and any test String matching in test set of strings, terminal belongs to test terminal;Or matched the attribute data of terminal with the terminal attribute data in test terminal record, wherein, if the attribute data of terminal matches with any terminal attribute data in test terminal record, terminal belongs to test terminal.
Preferably, the device also includes validating that module, for belonging to abnormal data when broadcasting string, second judge module 30 confirms that the manufacturer of terminal whether there is before judging whether terminal belongs to particular terminal, and the second judge module 30 is only in the presence of the manufacturer of terminal, execution judges the step of whether terminal belongs to particular terminal, when the manufacturer of terminal is not present, terminal is directly defined as stealing chain terminal by processing module 50, carries out door chain processing.
Preferably, the 3rd judge module 40 specifically performs following steps:Chronologically record behavior step of the terminal before request plays string;By the behavior step of record compared with the behavior step in behavior record, wherein, if the behavior step and the behavior step in behavior record of record are consistent successively, behavior of the terminal before request plays string belongs to normal behaviour.
Preferably, the second judge module 30, which first carries out, judges the step of whether terminal belongs to particular terminal, and when terminal is not belonging to particular terminal, the 3rd judge module 40 performs again judges the step of whether behavior of the terminal before request plays string belongs to normal behaviour.
Preferably, processing module 50 by terminal be defined as steal chain terminal, carry out door chain processing the step of be specially:Terminal is added to blacklist.
It should be noted that said apparatus embodiment belongs to preferred embodiment, necessary to involved module not necessarily the application.
The application is described from different perspectives for each embodiment in this specification, between each embodiment identical similar part mutually referring to.For the device embodiment of the application, because it is substantially similar to embodiment of the method, so description is fairly simple, the part of related part and embodiment of the method can mutually refer to.
It is described above; preferable embodiment only of the invention, but protection scope of the present invention is not limited thereto, any people for being familiar with the technology disclosed herein technical scope in; the change or replacement that can be readily occurred in, it should all be included within the scope of the present invention.Therefore, protection scope of the present invention should be defined by scope of the claims.
Claims (10)
1. a kind of compensation deals method after stolen chain, it is characterised in that
Record the broadcasting string received;
Judge described play goes here and there whether belong to abnormal data;
If the broadcasting string belongs to abnormal data, judge whether the request terminal for playing string belongs to particular terminal and the terminal and asking whether the behavior played before going here and there belongs to normal behaviour;And
If the terminal is not belonging to particular terminal and the terminal is asking the behavior played before going here and there to be not belonging to normal behaviour, the terminal is defined as to steal chain terminal, carries out door chain processing.
2. the compensation deals method after stolen chain according to claim 1, it is characterised in that judge that the step of whether the broadcasting string belongs to abnormal data is specially:
Judge whether the broadcasting string is repeatedly asked, wherein, if the string that plays repeatedly is asked, the broadcasting string belongs to abnormal data;Or
Judge whether the parameter played in string meets default parameter setting rule, wherein, if the parameter played in string is unsatisfactory for default parameter setting rule, the broadcasting string belongs to abnormal data.
3. the compensation deals method after stolen chain according to claim 2, it is characterised in that judge whether the parameter played in string meets that default parameter setting rule includes:
Judge whether the digit for playing the parameter in string meets default parameter bit requirements;
Judge whether the order for playing the parameter in string meets default sequence requirement;
Judge whether the value for playing the parameter in string meets the area requirement of default value;And/or
Judge that the call parameter played in string whether there is.
4. the compensation deals method after stolen chain according to claim 1, it is characterised in that the particular terminal includes test terminal, judges that the step of whether terminal belongs to test terminal is specially:
The string that plays is matched with the test string in test set of strings, wherein, if described play string and any test String matching in test set of strings, the terminal belongs to test terminal;Or
The attribute data of the terminal is matched with the terminal attribute data in test terminal record, wherein, if the attribute data of the terminal matches with any terminal attribute data in test terminal record, the terminal belongs to test terminal.
5. the compensation deals method after stolen chain according to claim 1, it is characterised in that if the broadcasting string belongs to abnormal data, before judging whether the terminal belongs to particular terminal, methods described also includes:
Confirm that the manufacturer of the terminal whether there is;
Only in the presence of the manufacturer of the terminal, execution judges the step of whether terminal belongs to particular terminal;When the manufacturer of the terminal is not present, directly the terminal is defined as to steal chain terminal, carries out door chain processing.
6. the compensation deals method after stolen chain according to claim 1, it is characterised in that judge that the step of whether behavior of the terminal before the broadcasting string is asked belongs to normal behaviour includes:
Chronologically record the terminal and ask the behavior step played before going here and there;
By the behavior step of record compared with the behavior step in behavior record, wherein, if the behavior step of the record and the behavior step in behavior record are consistent successively, behavior of the terminal before the broadcasting string is asked belongs to normal behaviour.
7. the compensation deals method after stolen chain according to claim 1, it is characterised in that by the terminal be defined as steal chain terminal, carry out door chain processing the step of be specially:
The terminal is added to blacklist.
A kind of 8. compensation deals device after stolen chain, it is characterised in that
Logging modle, for recording the broadcasting string received;
First judge module, for judging described play goes here and there whether belong to abnormal data;
Second judge module, for when the broadcasting string belongs to abnormal data, judging to ask whether the terminal for playing string belongs to particular terminal;
3rd judge module, for when the broadcasting string belongs to abnormal data, judging that the terminal is asking whether the behavior played before going here and there belongs to normal behaviour;And
Processing module, for being not belonging to particular terminal in the terminal, and the terminal is defined as stealing chain terminal, carries out door chain processing by the terminal when asking the behavior played before going here and there to be not belonging to normal behaviour.
9. the compensation deals device after stolen chain according to claim 8, it is characterised in that first judge module specifically performs following steps:
Judge whether the broadcasting string is repeatedly asked, wherein, if the string that plays repeatedly is asked, the broadcasting string belongs to abnormal data;Or
Judge whether the parameter played in string meets default parameter setting rule, wherein, if the parameter played in string is unsatisfactory for default parameter setting rule, the broadcasting string belongs to abnormal data.
10. the compensation deals device after stolen chain according to claim 8, it is characterised in that the particular terminal includes test terminal, and second judge module specifically performs following steps:
The string that plays is matched with the test string in test set of strings, wherein, if described play string and any test String matching in test set of strings, the terminal belongs to test terminal;Or
The attribute data of the terminal is matched with the terminal attribute data in test terminal record, wherein, if the attribute data of the terminal matches with any terminal attribute data in test terminal record, the terminal belongs to test terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610391086.4A CN107465647A (en) | 2016-06-06 | 2016-06-06 | A kind of compensation deals method and apparatus after stolen chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610391086.4A CN107465647A (en) | 2016-06-06 | 2016-06-06 | A kind of compensation deals method and apparatus after stolen chain |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107465647A true CN107465647A (en) | 2017-12-12 |
Family
ID=60544943
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610391086.4A Pending CN107465647A (en) | 2016-06-06 | 2016-06-06 | A kind of compensation deals method and apparatus after stolen chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107465647A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111147944A (en) * | 2019-12-26 | 2020-05-12 | 广州易方信息科技股份有限公司 | On-demand infringement risk discovery method based on big data log analysis |
| CN114286134A (en) * | 2021-12-23 | 2022-04-05 | 天翼视讯传媒有限公司 | Method and system for identifying play hotlinking behavior applied to interface request |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6856331B2 (en) * | 1999-11-12 | 2005-02-15 | International Business Machines Corporation | System and method of enriching non-linkable media representations in a network by enabling an overlying hotlink canvas |
| CN102025749A (en) * | 2011-01-18 | 2011-04-20 | 中国联合网络通信集团有限公司 | Anti-theft method of mobile streaming media service |
| CN104079531A (en) * | 2013-03-26 | 2014-10-01 | 中国移动通信集团公司 | Hotlinking detection method, system and device |
| CN104506889A (en) * | 2014-12-30 | 2015-04-08 | 青岛海信电器股份有限公司 | Method, terminal, servers and system for playing video |
-
2016
- 2016-06-06 CN CN201610391086.4A patent/CN107465647A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6856331B2 (en) * | 1999-11-12 | 2005-02-15 | International Business Machines Corporation | System and method of enriching non-linkable media representations in a network by enabling an overlying hotlink canvas |
| CN102025749A (en) * | 2011-01-18 | 2011-04-20 | 中国联合网络通信集团有限公司 | Anti-theft method of mobile streaming media service |
| CN104079531A (en) * | 2013-03-26 | 2014-10-01 | 中国移动通信集团公司 | Hotlinking detection method, system and device |
| CN104506889A (en) * | 2014-12-30 | 2015-04-08 | 青岛海信电器股份有限公司 | Method, terminal, servers and system for playing video |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111147944A (en) * | 2019-12-26 | 2020-05-12 | 广州易方信息科技股份有限公司 | On-demand infringement risk discovery method based on big data log analysis |
| CN111147944B (en) * | 2019-12-26 | 2021-11-09 | 广州易方信息科技股份有限公司 | On-demand infringement risk discovery method based on big data log analysis |
| CN114286134A (en) * | 2021-12-23 | 2022-04-05 | 天翼视讯传媒有限公司 | Method and system for identifying play hotlinking behavior applied to interface request |
| CN114286134B (en) * | 2021-12-23 | 2024-02-27 | 天翼视讯传媒有限公司 | Method and system for identifying and playing hotlinking behavior in interface request |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6680840B2 (en) | Automatic detection of fraudulent digital certificates | |
| CN113574838A (en) | System and method for filtering internet traffic through client fingerprints | |
| US8880435B1 (en) | Detection and tracking of unauthorized computer access attempts | |
| CN107135195B (en) | The detection method and device of abnormal user account | |
| CN108337239A (en) | The event of electronic equipment proves | |
| CN105357190A (en) | Method and system for performing authentication on access request | |
| CN104320375B (en) | A kind of method and apparatus for preventing from illegally registering | |
| CN105075176B (en) | Challenge-response method and associated client device | |
| CN104573493B (en) | A kind of method for protecting software and system | |
| DE602005022300D1 (en) | METHOD AND SYSTEM FOR ACCREDITATION FOR A CLIENT TO ENABLE ACCESS TO A VIRTUAL NETWORK FOR ACCESS TO SERVICES | |
| CN110602040A (en) | Virtual gateway access and authentication method for Internet of things | |
| CN107733853A (en) | Page access method, apparatus, computer and medium | |
| CN107465647A (en) | A kind of compensation deals method and apparatus after stolen chain | |
| CN113961940B (en) | Override detection method and device based on authority dynamic update mechanism | |
| CN108063748A (en) | A kind of user authen method, apparatus and system | |
| CN105141642B (en) | A kind of method and device preventing illegal user's behavior | |
| US7987513B2 (en) | Data-use restricting method and computer product | |
| CN105164969A (en) | Instant messaging client recognition method and recognition system | |
| CN110430213A (en) | Service request processing method, apparatus and system | |
| CN108347333A (en) | A kind of identity identifying method of terminal, device | |
| CN113821820B (en) | Method, device, medium and equipment for encrypting and decrypting resources in splitting mode | |
| CN114006735B (en) | Data protection method, device, computer equipment and storage medium | |
| CN111552985B (en) | Information verification method and device | |
| CN114428955A (en) | Method and system for judging abnormal risk based on operation information and electronic equipment | |
| CN109863494A (en) | Data protection system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| AD01 | Patent right deemed abandoned |
Effective date of abandoning: 20200922 |
|
| AD01 | Patent right deemed abandoned |