CN107508815A - Based on website traffic analysis and early warning method and device - Google Patents
Based on website traffic analysis and early warning method and device Download PDFInfo
- Publication number
- CN107508815A CN107508815A CN201710767142.4A CN201710767142A CN107508815A CN 107508815 A CN107508815 A CN 107508815A CN 201710767142 A CN201710767142 A CN 201710767142A CN 107508815 A CN107508815 A CN 107508815A
- Authority
- CN
- China
- Prior art keywords
- website traffic
- website
- time section
- target time
- curve
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
Abstract
The invention provides one kind to be based on website traffic analysis and early warning method and device, including:Obtain website traffic of the monitored website in target time section;Website traffic distribution corresponding to drawing the target time section according to the website traffic is carried out curve fitting, obtains actual distribution curve;Judge whether the curve deviation between reference profile corresponding to the actual distribution curve and the target time section meets preparatory condition, website traffic of the reference profile according to historical record corresponding to target time section determines;When the curve deviation between the actual distribution curve map and the reference profile figure meets preparatory condition, using predetermined encryption channel transmitted traffic abnormity early warning information, reach the technique effect for the accuracy for improving analysis and early warning.
Description
Technical field
The present invention relates to field of information security technology, and website traffic analysis and early warning method and dress are based on more particularly, to one kind
Put.
Background technology
As internet is popularized, network is inseparable with the life of people.However, internet is brought to people's life
While great convenience, some safety problems are also brought along, for example, large-scale network attack, promoter are uploaded by network
Some attack scripts, the large-scale distributed refusal service of the wide characteristic development of the fast scope of the speed that spreads through the internet
(Distributed Denial of Service, DDOS) is attacked, and causes to receive Website server of aggressive script etc.
Paralyse.Therefore it is very necessary analysis and early warning to be carried out to website traffic.
At present, existing website traffic analyzing and alarming system, it is the tendency for reflecting website traffic by traffic statistics, but
It is very big that to be due to website traffic by user influenceed fluctuation access time, and it is accurate directly to carry out analysis and early warning according to the tendency of website traffic
True rate is relatively low, such as:When user's central access, in fact it could happen that the situation of mistake early warning.
It is thus a kind of that model and specific manual analysis method are learnt by oneself based on website traffic normal distribution, making up to a certain degree
The former deficiency, improve forecasting accuracy, the APP application mode early warning that the system passes through single channel encryption, it is ensured that its safety
Property, and can rationally avoids the limitation in time and space.
The content of the invention
In view of this, it is an object of the invention to provide one kind to be based on website traffic analysis and early warning method and device, with slow
Solve the low technical problem of the existing website traffic analyzing and alarming system early warning degree of accuracy present in prior art.
In a first aspect, the embodiments of the invention provide one kind to be based on website traffic analysis and early warning method, including:
Obtain website traffic of the monitored website in target time section;
Website traffic distribution corresponding to drawing the target time section according to the website traffic is carried out curve fitting,
Obtain actual distribution curve;
Judge the curve deviation between reference profile corresponding to the actual distribution curve and the target time section
Whether preparatory condition, reference profile website traffic according to historical record target time section corresponding to are met
It is determined that;
When the curve deviation between the actual distribution curve map and the reference profile figure meets preparatory condition,
Utilize predetermined encryption channel transmitted traffic abnormity early warning information.
With reference in a first aspect, the embodiments of the invention provide the possible embodiment of the first of first aspect, wherein, institute
The functional relation f (x) for stating reference profile is:
Wherein, x be target time section hashed value, t be historical record in daily website traffic to peaking period,
H (x) is the weighting function of target time section, and g (x) is the website traffic of target time section in historical record.
With reference in a first aspect, the embodiments of the invention provide the possible embodiment of second of first aspect, wherein, institute
State and judge whether the curve deviation between reference profile corresponding to the actual distribution curve and the target time section is full
Sufficient preparatory condition, including:
For each moment in target time section, the website traffic and reference distribution song in actual distribution curve are calculated
Difference between the website traffic of line;
When at least one difference be present and be more than the first predetermined threshold value, the actual distribution curve and the mesh are determined
Curve deviation between reference profile corresponding to the mark period meets preparatory condition.
With reference in a first aspect, the embodiments of the invention provide the possible embodiment of the third of first aspect, wherein, institute
Stating method also includes:
When any difference be present and be more than the first predetermined threshold value, verify and be used to calculate institute in the actual distribution curve
State difference website traffic whether measuring error;
When the website traffic measuring error, delete and be used for the website for calculating the difference in the actual distribution curve
Flow;
When receiving the input operation of value of adjustment weighting function, the weighting function is adjusted according to the input operation
Value.
With reference in a first aspect, the embodiments of the invention provide the possible embodiment of the 4th of first aspect kind, wherein, institute
Stating method also includes:
When the curve deviation between the actual distribution curve and the reference profile meets preparatory condition, to institute
State the website traffic corresponding to target time section described in the website traffic and historical record corresponding to target time section
Carry out curve fitting, obtain new reference profile.
With reference in a first aspect, the embodiments of the invention provide the possible embodiment of the 5th of first aspect kind, wherein, institute
Stating method also includes:
When the curve deviation between the actual distribution curve and the reference profile meets preparatory condition, judge
With the presence or absence of the difference more than the second predetermined threshold value, second predetermined threshold value is more than first predetermined threshold value;
When the difference more than the second predetermined threshold value be present, the value of the weighting function is adjusted, so as to utilize the power
After the value of weight function corrects the website traffic for calculating the difference, the website traffic and the reference profile are same
Difference between the website traffic at moment is less than first predetermined threshold value.
With reference in a first aspect, the embodiments of the invention provide the possible embodiment of the 6th of first aspect kind, wherein, institute
Stating method also includes:
When the curve deviation between the actual distribution curve and the reference profile is unsatisfactory for preparatory condition, obtain
Take the website traffic of next target time section.
Second aspect, the embodiment of the present invention also provide one kind and are based on website traffic analysis and early warning device, including:
Acquisition module, for website target time section website traffic;
Fitting module, for being distributed to the website traffic according to corresponding to the website traffic drafting target time section
Carry out curve fitting, obtain actual distribution curve;
Judge module, for judge actual distribution curve reference profile corresponding with the target time section it
Between curve deviation whether meet preparatory condition, reference profile target time section institute according to historical record is right
The website traffic answered determines;
Sending module, for expiring when the curve deviation between the actual distribution curve map and the reference profile figure
During sufficient preparatory condition, predetermined encryption channel transmitted traffic abnormity early warning information is utilized.
The third aspect, the embodiment of the present invention also provide a kind of electronic equipment, including memory, processor, the memory
In be stored with the computer program that can be run on the processor, is realized described in the computing device during computer program
The step of method described in one side.
Fourth aspect, the embodiment of the present invention also provide a kind of meter for the non-volatile program code that can perform with processor
Calculation machine computer-readable recording medium, described program code make the method described in the computing device first aspect.
The embodiment of the present invention brings following beneficial effect:The embodiment of the present invention by obtaining monitored website in mesh first
Mark the website traffic of period;Then to the website traffic point according to corresponding to the website traffic drafting target time section
Cloth carries out curve fitting, and obtains actual distribution curve;Judge that the actual distribution curve is corresponding with the target time section again
Whether the curve deviation between reference profile meets preparatory condition, and the reference profile is according to historical record
Website traffic corresponding to target time section determines;When between the actual distribution curve map and the reference profile figure
When curve deviation meets preparatory condition, predetermined encryption channel transmitted traffic abnormity early warning information can be utilized.
This method provided in an embodiment of the present invention, can be by the website traffic and historical record of the target time section of monitoring
The reference profile contrast of target time section, and then Traffic Anomaly early warning is carried out according to obtained curve deviation, relative to existing
Have in technology, determined according to the uprushing of website traffic (uprush be probably the means such as marketing caused by website user increase on foot) etc.
Website receives the mode of attack, improves the accuracy of analysis and early warning.
Other features and advantages of the present invention will illustrate in the following description, also, partly become from specification
Obtain it is clear that or being understood by implementing the present invention.The purpose of the present invention and other advantages are in specification, claims
And specifically noted structure is realized and obtained in accompanying drawing.
To enable the above objects, features and advantages of the present invention to become apparent, preferred embodiment cited below particularly, and coordinate
Appended accompanying drawing, is described in detail below.
Brief description of the drawings
, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical scheme of the prior art
The required accompanying drawing used is briefly described in embodiment or description of the prior art, it should be apparent that, in describing below
Accompanying drawing is some embodiments of the present invention, for those of ordinary skill in the art, before creative work is not paid
Put, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of a kind of schematic flow sheet based on website traffic analysis and early warning method provided in an embodiment of the present invention;
Fig. 2 is a kind of another flow signal based on website traffic analysis and early warning method provided in an embodiment of the present invention
Figure;
Fig. 3 is a kind of another flow signal based on website traffic analysis and early warning method provided in an embodiment of the present invention
Figure;
Fig. 4 is a kind of structural representation based on website traffic analysis and early warning device provided in an embodiment of the present invention.
Icon:11- acquisition modules;12- fitting modules;13- judge modules;14- sending modules.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with accompanying drawing to the present invention
Technical scheme be clearly and completely described, it is clear that described embodiment is part of the embodiment of the present invention, rather than
Whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creative work premise
Lower obtained every other embodiment, belongs to the scope of protection of the invention.
Current existing website traffic analyzing and alarming system, is the tendency for reflecting website traffic by traffic statistics, but
It is very big that to be due to website traffic by user influenceed fluctuation access time, and it is accurate directly to carry out analysis and early warning according to the tendency of website traffic
True rate is relatively low, such as:When user's central access, in fact it could happen that the situation of mistake early warning.Based on this, the embodiment of the present invention provides
One kind be based on website traffic analysis and early warning method and device, the website traffic of the target time section of monitoring and history can be remembered
The reference profile contrast of target time section in record, and then Traffic Anomaly early warning is carried out according to obtained curve deviation, relatively
In in the prior art, being only according to the uprushing of website traffic (uprush be probably the means such as marketing caused by website user increase on foot) etc.
Determine that website receives the mode of attack, improve the accuracy of analysis and early warning.
For ease of understanding the present embodiment, first to one kind disclosed in the embodiment of the present invention based on website traffic point
Analysis method for early warning describes in detail, be can apply to based on website traffic analysis and early warning method in server, as shown in figure 1,
Methods described may comprise steps of.
Step S101, obtain website traffic of the monitored website in target time section.
In embodiments of the present invention, website can be parsed in target time section by the flow resolver being deployed in network
Website traffic, website traffic can refer in target time section access website all users produced during website is accessed
Raw data volume etc., target time section can refer to 30 seconds or 1 minute etc., and specific duration can be set according to being actually needed
Fixed, the present invention is not restricted.
Step S102, progress is distributed to the website traffic corresponding to drawing the target time section according to the website traffic
Curve matching, obtain actual distribution curve.
In this step, can be using each moment in target time section as x-axis, using website traffic as y-axis, when drawing target
Between website traffic distribution corresponding to section, and then the website traffic distribution corresponding to target time section is carried out curve fitting again,
Obtain actual distribution curve.
Step S103, judge between actual distribution curve reference profile corresponding with the target time section
Whether curve deviation meets preparatory condition.
In embodiments of the present invention, the reference profile is according to historical record corresponding to target time section
Website traffic determines, it is determined that during reference profile, can monitor and the statistical history period (such as one month, three months or
Person 1 year etc.) website traffic of each period in one day.
The functional relation f (x) of the reference profile is:
Wherein, x be target time section hashed value, t be historical record in daily website traffic to peaking period,
H (x) is the weighting function of target time section, and g (x) is the website traffic of target time section in historical record.
In this step, each moment can be directed in target time section, calculates the website traffic in actual distribution curve
Difference between the website traffic of the reference profile;It is more than the first predetermined threshold value when at least one difference be present
When, it is pre- to determine that the curve deviation between reference profile corresponding to the actual distribution curve and the target time section meets
If condition.
When the curve deviation between the actual distribution curve map and the reference profile figure meets preparatory condition,
Step S104, utilize predetermined encryption channel transmitted traffic abnormity early warning information.
In this step, predetermined encryption channel can be utilized to send exception to specified terminal, mailbox or mobile phone etc.
Warning information.
When the curve deviation between the actual distribution curve and the reference profile is unsatisfactory for preparatory condition, obtain
Take the website traffic of next target time section.
In all examples being illustrated and described herein, any occurrence should be construed as merely exemplary, without
It is that therefore, other examples of exemplary embodiment can have different values as limitation.
The embodiment of the present invention by obtaining website traffic of the monitored website in target time section first;Then to according to institute
State the website traffic distribution that website traffic is drawn corresponding to the target time section to carry out curve fitting, obtain actual distribution song
Line;Judge whether is curve deviation between reference profile corresponding to the actual distribution curve and the target time section again
Meet preparatory condition, website traffic of the reference profile according to historical record corresponding to target time section is true
It is fixed;, can be with when the curve deviation between the actual distribution curve map and the reference profile figure meets preparatory condition
Utilize predetermined encryption channel transmitted traffic abnormity early warning information.
This method provided in an embodiment of the present invention, can be by the website traffic and historical record of the target time section of monitoring
The reference profile contrast of target time section, and then Traffic Anomaly early warning is carried out according to obtained curve deviation, relative to existing
Have in technology, determined according to the uprushing of website traffic (uprush be probably the means such as marketing caused by website user increase on foot) etc.
Website receives the mode of attack, improves the accuracy of analysis and early warning.
Due to during monitoring site flow, it is possible that the feelings that the value of some website traffics does not conform to the actual conditions
Condition, on the basis of previous embodiment, in another embodiment of the present invention, as shown in Fig. 2 methods described also includes following step
Suddenly.
Step S201, when any difference be present and be more than the first predetermined threshold value, verify in the actual distribution curve
For calculate the difference website traffic whether measuring error.
Can be by disposing multiple flow resolvers, mode that the website traffic of multiple flow resolvers parsing is contrasted etc.
Verify website traffic whether measuring error etc..
Step S202, when the website traffic measuring error, delete described for calculating in the actual distribution curve
The website traffic of difference.
Step S203, when receiving the input operation of value of adjustment weighting function, institute is adjusted according to the input operation
State the value of weighting function.
When user is used for adjustment power by modes such as wired data transfers or wireless data transmission to what server was sent
During the value of weight function, the value of the weighting function can be adjusted to the value of weighting function received.
The embodiment of the present invention can weed out the website traffic not being inconsistent with actual website flow, and can be according to user's
The value of input adjustment weighting function, is advantageous to improve the degree of accuracy of website traffic analysis and early warning.
On the basis of previous embodiment, in another embodiment of the present invention, methods described is further comprising the steps of.
When the curve deviation between the actual distribution curve and the reference profile meets preparatory condition, to institute
State the website traffic corresponding to target time section described in the website traffic and historical record corresponding to target time section
Carry out curve fitting, obtain new reference profile.
In embodiments of the present invention, when the abnormal conditions such as under attack do not occur for website, that is, obtained website traffic is monitored
It is that user is normally accessed caused by website, is because some external factor (such as network promotion sides more than the first predetermined threshold value
Formula) caused by number of users when increasing sharply, can will monitor target in the obtained website traffic and historical record of target time section
Website traffic corresponding to period together carries out curve fitting, and obtains new reference profile, in order to realize weight letter
Several renewals, reference profile is updated at any time with website situation of change, be advantageous to website traffic analysis and early warning method
It is permanently effective, avoid temporal limitation.
On the basis of previous embodiment, in another embodiment of the present invention, as shown in figure 3, methods described also includes
Following steps.
Step S301, when the curve deviation between the actual distribution curve and the reference profile meets default bar
During part, the difference more than the second predetermined threshold value is judged whether.
In embodiments of the present invention, second predetermined threshold value is more than first predetermined threshold value;
Step S302, when the difference more than the second predetermined threshold value be present, the value of the weighting function is adjusted, so that in profit
After the website traffic for calculating the difference being corrected with the value of the weighting function, the website traffic and the reference distribution
Difference between the website traffic of curve synchronization is less than first predetermined threshold value.
In embodiments of the present invention, when the abnormal conditions such as under attack do not occur for website, that is, obtained website traffic is monitored
It is that user is normally accessed caused by website, is because some external factor (such as network promotion sides more than the first predetermined threshold value
Formula) caused by number of users when increasing sharply, the value of weighting function can be adjusted.
The embodiment of the present invention can realize the renewal of weighting function, enable reference profile with website situation of change with
Shi Gengxin, it is permanently effective to be advantageous to website traffic analysis and early warning method, avoids temporal limitation.
On the basis of previous embodiment, in another embodiment of the present invention, it is based on as shown in figure 4, also providing one kind
Website traffic analysis and early warning device, the device that the embodiment of the present invention is provided, its realization principle and caused technique effect are with before
It is identical to state embodiment of the method, to briefly describe, device embodiment part does not refer to part, refers to phase in preceding method embodiment
Answer content.Described device includes:Acquisition module 11, fitting module 12, judge module 13 and sending module 14;
Acquisition module 11, for website target time section website traffic;
Fitting module 12, for the website traffic point according to corresponding to the website traffic drafting target time section
Cloth carries out curve fitting, and obtains actual distribution curve;
Judge module 13, for judging actual distribution curve reference profile corresponding with the target time section
Between curve deviation whether meet preparatory condition, reference profile target time section institute according to historical record
Corresponding website traffic determines;
Sending module 14, for when the curve deviation between the actual distribution curve map and the reference profile figure
When meeting preparatory condition, predetermined encryption channel transmitted traffic abnormity early warning information is utilized.
In another embodiment of the present invention, a kind of electronic equipment, including memory, processor, deposit in the memory
The computer program that can be run on the processor is contained, realizes foregoing side described in the computing device during computer program
The step of method described in method embodiment.
In another embodiment of the present invention, a kind of computer for the non-volatile program code that can perform with processor
Computer-readable recording medium, described program code make the method described in the computing device preceding method embodiment.
The computer program product for the website traffic analysis and early warning method and device that the embodiment of the present invention is provided, including deposit
The computer-readable recording medium of program code is stored up, the instruction that described program code includes can be used for performing previous methods implementation
Method described in example, specific implementation can be found in embodiment of the method, will not be repeated here.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description
With the specific work process of device, the corresponding process in preceding method embodiment is may be referred to, will not be repeated here.
In addition, in the description of the embodiment of the present invention, unless otherwise clearly defined and limited, term " installation ", " phase
Even ", " connection " should be interpreted broadly, for example, it may be being fixedly connected or being detachably connected, or be integrally connected;Can
To be mechanical connection or electrical connection;Can be joined directly together, can also be indirectly connected by intermediary, Ke Yishi
The connection of two element internals.For the ordinary skill in the art, with concrete condition above-mentioned term can be understood at this
Concrete meaning in invention.
If the function is realized in the form of SFU software functional unit and is used as independent production marketing or in use, can be with
It is stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially in other words
The part to be contributed to prior art or the part of the technical scheme can be embodied in the form of software product, the meter
Calculation machine software product is stored in a storage medium, including some instructions are causing a computer equipment (can be
People's computer, server, or network equipment etc.) perform all or part of step of each embodiment methods described of the present invention.
And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited
Reservoir (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of store program codes.
In the description of the invention, it is necessary to explanation, term " " center ", " on ", " under ", "left", "right", " vertical ",
The orientation or position relationship of the instruction such as " level ", " interior ", " outer " be based on orientation shown in the drawings or position relationship, merely to
Be easy to the description present invention and simplify description, rather than instruction or imply signified device or element must have specific orientation,
With specific azimuth configuration and operation, therefore it is not considered as limiting the invention.In addition, term " first ", " second ",
" the 3rd " is only used for describing purpose, and it is not intended that instruction or hint relative importance.
Finally it should be noted that:Embodiment described above, it is only the embodiment of the present invention, to illustrate the present invention
Technical scheme, rather than its limitations, protection scope of the present invention is not limited thereto, although with reference to the foregoing embodiments to this hair
It is bright to be described in detail, it will be understood by those within the art that:Any one skilled in the art
The invention discloses technical scope in, it can still modify to the technical scheme described in previous embodiment or can be light
Change is readily conceivable that, or equivalent substitution is carried out to which part technical characteristic;And these modifications, change or replacement, do not make
The essence of appropriate technical solution departs from the spirit and scope of technical scheme of the embodiment of the present invention, should all cover the protection in the present invention
Within the scope of.Therefore, protection scope of the present invention described should be defined by scope of the claims.
Claims (10)
1. one kind is based on website traffic analysis and early warning method, it is characterised in that including:
Obtain website traffic of the monitored website in target time section;
Website traffic distribution corresponding to drawing the target time section according to the website traffic is carried out curve fitting, obtained
Actual distribution curve;
Judge whether is curve deviation between reference profile corresponding to the actual distribution curve and the target time section
Meet preparatory condition, website traffic of the reference profile according to historical record corresponding to target time section is true
It is fixed;
When the curve deviation between the actual distribution curve map and the reference profile figure meets preparatory condition, utilize
Predetermined encryption channel transmitted traffic abnormity early warning information.
2. according to claim 1 be based on website traffic analysis and early warning method, it is characterised in that the reference profile
Functional relation f (x) be:
<mrow>
<mi>f</mi>
<mrow>
<mo>(</mo>
<mi>x</mi>
<mo>)</mo>
</mrow>
<mo>=</mo>
<mfrac>
<mn>1</mn>
<msqrt>
<mrow>
<mn>2</mn>
<mi>&pi;</mi>
</mrow>
</msqrt>
</mfrac>
<msup>
<mi>e</mi>
<mrow>
<mo>(</mo>
<mo>-</mo>
<mfrac>
<msup>
<mrow>
<mo>(</mo>
<mi>x</mi>
<mo>-</mo>
<mi>t</mi>
<mo>)</mo>
</mrow>
<mn>2</mn>
</msup>
<mn>2</mn>
</mfrac>
<mo>)</mo>
</mrow>
</msup>
<mo>*</mo>
<mi>g</mi>
<mrow>
<mo>(</mo>
<mi>x</mi>
<mo>)</mo>
</mrow>
<mo>*</mo>
<mi>H</mi>
<mrow>
<mo>(</mo>
<mi>x</mi>
<mo>)</mo>
</mrow>
</mrow>
Wherein, x is the hashed value of target time section, and t is daily website traffic in historical record to the period of peaking, H (x)
For the weighting function of target time section, g (x) is the website traffic of target time section in historical record.
3. according to claim 2 be based on website traffic analysis and early warning method, it is characterised in that described to judge the reality
Whether the curve deviation between reference profile corresponding to distribution curve and the target time section meets preparatory condition, bag
Include:
For each moment in target time section, the website traffic in actual distribution curve and the reference profile are calculated
Difference between website traffic;
When at least one difference be present and be more than the first predetermined threshold value, when determining the actual distribution curve with the target
Between curve deviation between reference profile corresponding to section meet preparatory condition.
4. according to claim 3 be based on website traffic analysis and early warning method, it is characterised in that methods described also includes:
When any difference be present and be more than the first predetermined threshold value, verify and be used to calculate the difference in the actual distribution curve
The website traffic of value whether measuring error;
When the website traffic measuring error, delete and be used for the website stream for calculating the difference in the actual distribution curve
Amount;
When receiving the input operation of value of adjustment weighting function, the weighting function is adjusted according to the input operation
Value.
5. according to claim 4 be based on website traffic analysis and early warning method, it is characterised in that methods described also includes:
When the curve deviation between the actual distribution curve and the reference profile meets preparatory condition, to the mesh
The website traffic described in the website traffic and historical record corresponding to the period corresponding to target time section is marked to carry out
Curve matching, obtain new reference profile.
6. according to claim 4 be based on website traffic analysis and early warning method, it is characterised in that methods described also includes:
When the curve deviation between the actual distribution curve and the reference profile meets preparatory condition, judge whether
In the presence of the difference more than the second predetermined threshold value, second predetermined threshold value is more than first predetermined threshold value;
When the difference more than the second predetermined threshold value be present, the value of the weighting function is adjusted, so as to utilize the weight letter
After several values corrects the website traffic for calculating the difference, the website traffic and the reference profile synchronization
Website traffic between difference be less than first predetermined threshold value.
7. according to any one of claims 1 to 6 be based on website traffic analysis and early warning method, it is characterised in that methods described
Also include:
When the curve deviation between the actual distribution curve and the reference profile is unsatisfactory for preparatory condition, under acquisition
The website traffic of one target time section.
8. one kind is based on website traffic analysis and early warning device, it is characterised in that including:
Acquisition module, for website target time section website traffic;
Fitting module, carried out for being distributed to the website traffic according to corresponding to the website traffic drafting target time section
Curve matching, obtain actual distribution curve;
Judge module, for judging between actual distribution curve reference profile corresponding with the target time section
Whether curve deviation meets preparatory condition, and the reference profile is according to historical record corresponding to target time section
Website traffic determines;
Sending module, for meeting in advance when the curve deviation between the actual distribution curve map and the reference profile figure
If during condition, utilize predetermined encryption channel transmitted traffic abnormity early warning information.
9. a kind of electronic equipment, including memory, processor, it is stored with what can be run on the processor in the memory
Computer program, it is characterised in that realize that the claims 1 to 6 are any during computer program described in the computing device
Described in method the step of.
10. a kind of computer-readable medium for the non-volatile program code that can perform with processor, it is characterised in that described
Program code makes any methods describeds of claim 1-6 described in the computing device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710767142.4A CN107508815B (en) | 2017-08-30 | 2017-08-30 | Early warning method and device based on website traffic analysis |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710767142.4A CN107508815B (en) | 2017-08-30 | 2017-08-30 | Early warning method and device based on website traffic analysis |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107508815A true CN107508815A (en) | 2017-12-22 |
| CN107508815B CN107508815B (en) | 2020-09-11 |
Family
ID=60693731
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710767142.4A Active CN107508815B (en) | 2017-08-30 | 2017-08-30 | Early warning method and device based on website traffic analysis |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107508815B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108334774A (en) * | 2018-01-24 | 2018-07-27 | 中国银联股份有限公司 | A kind of method, first server and the second server of detection attack |
| CN108880931A (en) * | 2018-05-29 | 2018-11-23 | 北京百度网讯科技有限公司 | Method and apparatus for output information |
| CN110011926A (en) * | 2019-03-07 | 2019-07-12 | 新华三技术有限公司 | A kind of method, apparatus, equipment and storage medium adjusting message sending time |
| CN111027477A (en) * | 2019-12-10 | 2020-04-17 | 珠海读书郎网络教育有限公司 | Online flat learning degree early warning method based on facial recognition |
| CN111415089A (en) * | 2020-03-20 | 2020-07-14 | 读书郎教育科技有限公司 | Online flat learning result early warning method based on learning degree analysis |
| CN111953601A (en) * | 2020-07-03 | 2020-11-17 | 黔南热线网络有限责任公司 | Station group management method and system |
| CN112994978A (en) * | 2021-02-25 | 2021-06-18 | 网宿科技股份有限公司 | Network traffic monitoring method and device |
| CN113240486A (en) * | 2021-05-10 | 2021-08-10 | 北京沃东天骏信息技术有限公司 | Traffic distribution method and device in search scene |
| CN114173390A (en) * | 2021-12-06 | 2022-03-11 | 深圳Tcl新技术有限公司 | Network control method, network control device, electronic equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103078760A (en) * | 2009-12-31 | 2013-05-01 | 蓝盾信息安全技术股份有限公司 | Online diagnosis method for abnormal network flow |
| CN103647665A (en) * | 2013-12-13 | 2014-03-19 | 北京启明星辰信息技术股份有限公司 | Network flow curve analysis method and apparatus |
| CN103973663A (en) * | 2013-02-01 | 2014-08-06 | 中国移动通信集团河北有限公司 | Method and device for dynamic threshold anomaly traffic detection of DDOS (distributed denial of service) attack |
| CN104202329A (en) * | 2014-09-12 | 2014-12-10 | 北京神州绿盟信息安全科技股份有限公司 | DDoS (distributed denial of service) attack detection method and device |
| US20160219071A1 (en) * | 2015-01-22 | 2016-07-28 | Cisco Technology, Inc. | Data visualization in self learning networks |
| CN107086944A (en) * | 2017-06-22 | 2017-08-22 | 北京奇艺世纪科技有限公司 | A kind of method for detecting abnormality and device |
-
2017
- 2017-08-30 CN CN201710767142.4A patent/CN107508815B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103078760A (en) * | 2009-12-31 | 2013-05-01 | 蓝盾信息安全技术股份有限公司 | Online diagnosis method for abnormal network flow |
| CN103973663A (en) * | 2013-02-01 | 2014-08-06 | 中国移动通信集团河北有限公司 | Method and device for dynamic threshold anomaly traffic detection of DDOS (distributed denial of service) attack |
| CN103647665A (en) * | 2013-12-13 | 2014-03-19 | 北京启明星辰信息技术股份有限公司 | Network flow curve analysis method and apparatus |
| CN104202329A (en) * | 2014-09-12 | 2014-12-10 | 北京神州绿盟信息安全科技股份有限公司 | DDoS (distributed denial of service) attack detection method and device |
| US20160219071A1 (en) * | 2015-01-22 | 2016-07-28 | Cisco Technology, Inc. | Data visualization in self learning networks |
| CN107086944A (en) * | 2017-06-22 | 2017-08-22 | 北京奇艺世纪科技有限公司 | A kind of method for detecting abnormality and device |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108334774A (en) * | 2018-01-24 | 2018-07-27 | 中国银联股份有限公司 | A kind of method, first server and the second server of detection attack |
| US11169911B2 (en) * | 2018-05-29 | 2021-11-09 | Beijing Baidu Netcom Science And Technology Co., Ltd. | Method and apparatus for performing a fitting calculation on test data and generating data fluctuation values |
| CN108880931A (en) * | 2018-05-29 | 2018-11-23 | 北京百度网讯科技有限公司 | Method and apparatus for output information |
| CN110011926A (en) * | 2019-03-07 | 2019-07-12 | 新华三技术有限公司 | A kind of method, apparatus, equipment and storage medium adjusting message sending time |
| CN111027477A (en) * | 2019-12-10 | 2020-04-17 | 珠海读书郎网络教育有限公司 | Online flat learning degree early warning method based on facial recognition |
| CN111415089B (en) * | 2020-03-20 | 2021-07-06 | 读书郎教育科技有限公司 | Online flat learning result early warning method based on learning degree analysis |
| CN111415089A (en) * | 2020-03-20 | 2020-07-14 | 读书郎教育科技有限公司 | Online flat learning result early warning method based on learning degree analysis |
| CN111953601A (en) * | 2020-07-03 | 2020-11-17 | 黔南热线网络有限责任公司 | Station group management method and system |
| CN112994978A (en) * | 2021-02-25 | 2021-06-18 | 网宿科技股份有限公司 | Network traffic monitoring method and device |
| CN112994978B (en) * | 2021-02-25 | 2023-01-24 | 网宿科技股份有限公司 | Network traffic monitoring method and device |
| CN113240486A (en) * | 2021-05-10 | 2021-08-10 | 北京沃东天骏信息技术有限公司 | Traffic distribution method and device in search scene |
| CN114173390A (en) * | 2021-12-06 | 2022-03-11 | 深圳Tcl新技术有限公司 | Network control method, network control device, electronic equipment and storage medium |
| CN114173390B (en) * | 2021-12-06 | 2024-01-19 | 深圳Tcl新技术有限公司 | Network control method, device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107508815B (en) | 2020-09-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107508815A (en) | Based on website traffic analysis and early warning method and device | |
| CN111126824B (en) | Multi-index correlation model training method and multi-index anomaly analysis method | |
| CN109495502B (en) | Industrial control network security and health index evaluation method and device | |
| EP3044681B1 (en) | Systems and methods for collecting, tracking, and storing system performance and event data for computing devices | |
| CN102853871B (en) | Oil level monitoring method and system | |
| CN106100937A (en) | System monitoring method and apparatus | |
| CN108696368B (en) | Network element health state detection method and equipment | |
| CN106254137A (en) | The alarm root-cause analysis system and method for supervisory systems | |
| CN109612760A (en) | A kind of Working condition detecting method of mechanical equipment, device and storage medium | |
| CN106487612A (en) | A kind of server node monitoring method, monitoring server and system | |
| CN107782530A (en) | Distributed optical fiber sensing system fibercuts monitoring and positioning method, device and medium | |
| CN106776243A (en) | A kind of monitoring method and device for monitoring software | |
| US20120101749A1 (en) | Advanced Metering Infrastructure Network Visualization | |
| CN105554122A (en) | Information updating method, information updating device, terminal and server | |
| EP2976750B1 (en) | Geospatial smoothing in web applications | |
| CN107819745A (en) | The defence method and device of abnormal flow | |
| US20150039481A1 (en) | Service utilization browser plug-in | |
| CN105188059A (en) | Authentication method based on Portal server abnormity, and wireless access point | |
| CN107835174B (en) | Account book anti-fraud system and method based on Internet of things | |
| CN103279816A (en) | Active window-based terminal work efficiency statistical method and system | |
| CN113515786B (en) | Method and device for detecting whether device fingerprints collide or not by combining wind control system | |
| CN109873836A (en) | A kind of methods of risk assessment and device of data | |
| CN104731778A (en) | Active danger prevention method based on online time sequence | |
| CN115175174A (en) | Method for realizing probe equipment management and control system based on Internet of things platform | |
| CN112532615B (en) | Smart grid worm detection method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 310000 No. 188 Lianhui Street, Xixing Street, Binjiang District, Hangzhou City, Zhejiang Province Applicant after: Hangzhou Anheng Information Technology Co.,Ltd. Address before: Zhejiang Zhongcai Building No. 68 Binjiang District road Hangzhou City, Zhejiang Province, the 310051 and 15 layer Applicant before: DBAPPSECURITY Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |