CN107634942A - The method and apparatus for identifying malicious requests - Google Patents
The method and apparatus for identifying malicious requests Download PDFInfo
- Publication number
- CN107634942A CN107634942A CN201710805740.6A CN201710805740A CN107634942A CN 107634942 A CN107634942 A CN 107634942A CN 201710805740 A CN201710805740 A CN 201710805740A CN 107634942 A CN107634942 A CN 107634942A
- Authority
- CN
- China
- Prior art keywords
- request
- daily record
- encryption identification
- login banner
- present
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses a kind of method and apparatus for identifying malicious requests, it is related to computer realm.One embodiment of this method includes:The daily record for receiving carrying login banner reports request;It is determined that the daily record report request carry data in encryption identification corresponding with the login banner is not present when, report request to be defined as malicious requests the daily record.The embodiment can be by being implanted into encryption identification in client, and the daily record of automatic identification malice reports request, so as to lift the accuracy of commercial product recommending and real-time.
Description
Technical field
The present invention relates to computer realm, more particularly to a kind of method and apparatus for identifying malicious requests.
Background technology
In field of computer technology, service side often obtains the possible commodity interested of user according to various factors and pushed away
Recommend.It is determined that during Recommendations, an important factor is exactly the number that user browses commodity.In practical application, in order to
Increase goods browse amount, malicious user usually imitates URL (Uniform Resource Location, the unified money of normal request
Source finger URL) form largely sends malicious requests and accesses the commodity of oneself, to obtain bigger recommendation weight, so as to
The recommendation position at family shows the commodity of oneself.
In the prior art, in order to tackle above mentioned problem, service side can be monitored to recommendation results, if it find that in fact
The above-mentioned malicious requests not accessed truly, then filter to it.
During the present invention is realized, inventor has found that prior art at least has problems with:Prior art uses
The strategy for finding and handling afterwards, malicious requests have told on during processing, have had influence on the commodity recommended, therefore push away
The accuracy and real-time recommended are poor, in the environment of real-time recommendation is paid attention at present, easily influence Consumer's Experience.
The content of the invention
In view of this, the embodiment of the present invention provides a kind of method and apparatus for identifying malicious requests, can be by client
End implantation encryption identification, the daily record of automatic identification malice reports request, so as to lift the accuracy of commercial product recommending and real-time.
To achieve the above object, according to an aspect of the invention, there is provided a kind of method for identifying malicious requests.
The method of the identification malicious requests of the embodiment of the present invention includes:The daily record for receiving carrying login banner reports request;
It is determined that the daily record report request carry data in encryption identification corresponding with the login banner is not present when, general described in
Daily record reports request to be defined as malicious requests.
Alternatively, encryption identification corresponding with the login banner is that the login banner is counted using preset algorithm
Obtain.
Alternatively, methods described further comprises:Receive logging request that client is sent, carrying login banner;Root
Encryption identification is generated according to the login banner;It is determined that the encryption identification is not present in the data that the logging request carries
When, the encryption identification is sent to client and is stored in client cookie file.
Alternatively, the daily record reports request further to carry cookie information;It is and described it is determined that in the daily record
Submit a report asking for when encryption identification corresponding with the login banner being not present in the data for ask carrying, report request to determine the daily record
Include for malicious requests:The login banner of request carrying is reported according to the daily record, generates encryption corresponding with the login banner
Mark;It is determined that the daily record report request carry cookie information in encryption identification is not present when, the daily record is reported
Request is defined as malicious requests;It is determined that the daily record report request carry cookie information in encryption identification be present when, will
The encryption identification and compared with encryption identification corresponding to the login banner;If comparative result is difference, by the daily record
Request is reported to be defined as malicious requests.
Alternatively, methods described further comprises:If the comparative result is identical, report request true the daily record
It is set to normal request.
Alternatively, the daily record reports request further to carry:Travel log data and click logs data.
To achieve the above object, according to another aspect of the invention, there is provided a kind of device for identifying malicious requests.
The device of the identification malicious requests of the embodiment of the present invention may include:Receiving unit, mark is logged in available for receiving to carry
The daily record of knowledge reports request;Recognition unit, available for it is determined that the daily record report request carry data in be not present and institute
When stating encryption identification corresponding to login banner, request is reported to be defined as malicious requests the daily record.
Alternatively, encryption identification corresponding with the login banner is that the login banner is counted using preset algorithm
Obtain;The daily record reports request further to carry:Travel log data and click logs data;And described device can
Further comprise:Ciphering unit, for receiving client transmission, carrying login banner logging request;According to the login
Mark generation encryption identification;When it is determined that the encryption identification is not present in the data that the logging request carries, described it will add
Secret mark, which is known, to be sent to client and is stored in client cookie file.
Alternatively, the daily record reports request further to carry cookie information;And the recognition unit can be used for:Root
The login banner of request carrying is reported according to the daily record, generates encryption identification corresponding with the login banner;It is determined that the day
Will is reported in the cookie information that request carries when encryption identification is not present, is reported request to be defined as malice the daily record and is asked
Ask;It is determined that the daily record report request carry cookie information in encryption identification be present when, by the encryption identification and with this
Encryption identification is compared corresponding to login banner:If comparative result is difference, request is reported to be defined as disliking the daily record
Meaning request;If the comparative result is identical, request is reported to be defined as normal request the daily record.
To achieve the above object, according to another aspect of the invention, there is provided a kind of electronic equipment.
The a kind of electronic equipment of the present invention includes:One or more processors;Storage device, for storing one or more
Program, when one or more of programs are by one or more of computing devices so that one or more of processors
The method for realizing identification malicious requests provided by the present invention.
To achieve the above object, in accordance with a further aspect of the present invention, there is provided a kind of computer-readable recording medium.
A kind of computer-readable recording medium of the present invention, is stored thereon with computer program, described program is by processor
The method that identification malicious requests provided by the present invention are realized during execution.
Technique according to the invention scheme, one embodiment in foregoing invention has the following advantages that or beneficial effect:
During user's Website login, encryption identification is generated according to the login banner of user, using preset algorithm, and encryption identification is implanted into and used
The cookie file of client where family, so that user, when Website login browses webpage, the daily record of transmission is reported in request
Carrying includes the cookie information of encryption identification, can accurately differentiate malicious requests and normal request using the encryption information, enter
And malicious requests can be shielded, the real-time recommendation based on normal request progress commodity, recommend real-time, standard so as to improve
True property and Consumer's Experience, overcome that prior art is found afterwards, poor real, accuracy difference etc. caused by post-processing lack
Fall into.
Further effect adds hereinafter in conjunction with embodiment possessed by above-mentioned non-usual optional mode
With explanation.
Brief description of the drawings
Accompanying drawing is used to more fully understand the present invention, does not form inappropriate limitation of the present invention.Wherein:
Fig. 1 is the key step schematic diagram of the method for identification malicious requests according to embodiments of the present invention;
Fig. 2 is the schematic flow sheet of the method for identification malicious requests according to embodiments of the present invention;
Fig. 3 is the major part schematic diagram of the device of identification malicious requests according to embodiments of the present invention;
Fig. 4 is to can apply to exemplary system architecture figure therein according to embodiments of the present invention;
Fig. 5 is the structural representation for realizing the electronic equipment of the method for the embodiment of the present invention.
Embodiment
The one exemplary embodiment of the present invention is explained below in conjunction with accompanying drawing, including the various of the embodiment of the present invention
Details should think them only exemplary to help understanding.Therefore, those of ordinary skill in the art should recognize
Arrive, various changes and modifications can be made to the embodiments described herein, without departing from scope and spirit of the present invention.Together
Sample, for clarity and conciseness, the description to known function and structure is eliminated in following description.
The technical scheme of the embodiment of the present invention is by user's Website login, according to the login banner of user, using pre-
Imputation method generates encryption identification, and encryption identification is implanted into the cookie file of user place client, so that user is stepping on
When recording website browsing webpage, the daily record of transmission reports the cookie information for being carried in request and including encryption identification, utilizes the encryption
Information can accurately differentiate malicious requests and normal request, and then malicious requests can be shielded, be carried out based on normal request
The real-time recommendation of commodity, recommend real-time, accuracy and Consumer's Experience so as to improve, overcome prior art and send out afterwards
Caused by existing, post-processing the defects of poor real, accuracy difference.
Fig. 1 is the key step schematic diagram according to the method for the identification malicious requests of the present embodiment.
As shown in figure 1, the method for the identification malicious requests of the embodiment of the present invention can perform according to following steps:
Step S101:The daily record that service end receives carrying login banner reports request.
In practical application, the commending system often foundation using the User action log that client reports as commercial product recommending.
Therefore in this step, service end receives the daily record that client is sent and reports request first.
Service end receive daily record report request in comprising normal users client send, for report of user behavior
The request of daily record.Wherein, the daily record that normal users are sent reports and User action log data can be carried in request, user steps on
One or more in record mark, cookie information, User action log data can include:Characterize the page letter that user browses
The travel log data of breath, the click logs data that user clicks on behavior are characterized, cookie information is what client preserved
Cookie information.Usually, normal users send daily record report request be by client JS (JavaScript,
JavaScript is a kind of script for client) generation such as script collection daily record data, cookie information.
Meanwhile in actual applications, in order to produce substantial amounts of User action log data, malicious user usually imitates normally
The URL format of request largely sends the malicious requests for accessing its commodity to service end so that the accuracy of existing commending system
It is relatively low.Therefore, the daily record that service end receives, which is reported in request, also includes malicious requests.In order to produce User action log number
According to malicious requests typically all carry login banner.
, in embodiments of the present invention, can be with order to identify that normal daily record reports request to report request with malice daily record
Encryption identification is implanted into the client of normal users in advance, the identification of request is reported using encryption identification progress daily record.Therefore, compared with
Goodly, before step S101, the mark of normal users is carried out according to following steps:
1. service end receives the logging request that client is sent, encryption is generated based on the login banner carried in logging request
Mark.
In this step, client is sent to the logging request of website to service end, and login banner is carried in logging request
With login password.It is understood that login banner is generally ID (user's mark).In practical application, in logging request
Client cookie information can also be carried, client cookie information includes client under the domain where the website and used
The related effective cookie information in family, and in field of computer technology, cookie refers to website to distinguish user identity, enter
Row session tracking and be stored in the data on user local terminal.
In embodiments of the present invention, after receiving logging request, service end is to the login banner in logging request with stepping on
Record password is verified.Afterwards, login banner is generated encryption identification by service end using preset algorithm, for follow-up normal day
Will reports the mark of request.In practical application, preset algorithm can be that (Base64 is a kind of for transmitting 8Bit based on Base64
The coded system of syllabified code) secondary development AES or other applicable AESs, encryption identification for profit
The encrypted characters string with particular form generated with preset algorithm.
2. the encryption identification is sent to by service end when it is determined that encryption identification is not present in the data that logging request carries
Client is simultaneously stored in client cookie file.
In this step, after service end obtains logging request, logging request is parsed first, obtains what logging request carried
Data.Afterwards, judge to whether there is the encryption identification corresponding to login banner in the data that logging request carries:If it is, say
Encryption identification has been saved in the cookie file of bright client, then has not been dealt with;Otherwise, encryption mark step 1 generated
Knowledge is sent to client, and is stored in cookie file of the client under the domain where the website.
It is preferred that in the case where logging request carries client cookie information, service end obtains logging request first
In client cookie information, and judge in client cookie information whether there is corresponding to login banner encryption mark
Know:If it is, having saved encryption identification in the cookie file of explanation client, then do not deal with;Otherwise, by step 1
The encryption identification of generation is sent to client, and is stored in cookie file of the client under the domain where the website.Can
With understanding, the encryption identification generated according to the login banner is referred to corresponding to the encryption identification of login banner.In this step
After rapid, the user normally logged in carries the cookie containing encryption identification in client to the Web request that service end is sent
Information, and the encryption identification is corresponding with the login banner carried in request.
So, service end to the client of normal users by sending encryption identification so that normal daily record reports request
Contain encryption identification in the data of middle carrying, and for malicious user, added because it can not know by login banner generation
Secret mark knows the preset algorithm used, therefore it can not obtain encryption identification corresponding with login banner.So, service end can
To report in request whether contain encryption identification corresponding with login banner to identify malicious requests according to daily record.
Step S102:Service end it is determined that the daily record report request carry data in be not present and the login banner
During corresponding encryption identification, request is reported to be defined as malicious requests the daily record.
Specifically, in this step, after the daily record of service end reception carrying login banner reports request, parse in daily record
Submit a report asking for and ask, obtain the data that daily record reports request to carry, and judge in the data that daily record reports request to carry with the presence or absence of encryption
Mark, if it does not exist, then reporting request to be defined as malicious requests the daily record.If it is present using preset algorithm by day
Will reports the login banner generation encryption identification that request carries, and judges the data that the encryption identification reports request to carry with daily record
In encryption identification it is whether identical:If so, then request is reported to be defined as normal request the daily record;Otherwise, the daily record is reported
Request is defined as malicious requests.
In practical application, daily record reports request often to carry cookie information.In this case, service end performs following
Step realizes the identification of malicious requests:
1. service end parsing daily record reports request, acquisition daily record reports login banner and cookie information in request, and
The login banner is generated into encryption identification using preset algorithm.
2. service end judges that daily record reports in the cookie information in request whether contain any encryption identification:If not yet
Have, it is malicious requests to determine that the daily record reports request.It is understood that in practical application, can be according to the spy of encryption identification
Setting formula judges whether encryption identification.
3. service end contains encryption identification if it is determined that daily record is reported in the cookie information in request, then the encryption is marked
Know and compared with encryption identification corresponding to the login banner:If the two is identical, it is determined that the daily record reports request as just
Often request;If the two is different, it is determined that it is malicious requests that the daily record, which reports request,.Wherein, normal request is referred in user
Under logging status, the daily record in response to user behavior generation reports request.
In embodiments of the present invention, service end can also perform the identification that following steps realize malicious requests:
1. service end parsing daily record reports request, acquisition daily record reports login banner and cookie information in request.
2. service end judges that daily record reports in the cookie information in request whether contain any encryption identification:If not yet
Have, it is malicious requests to determine that the daily record reports request.
3. service end contains encryption identification if it is determined that daily record is reported in the cookie information in request, then pre- imputation is utilized
The login banner is generated corresponding with login banner encryption identification by method, and daily record is reported in the cookie information in asking
The encryption identification that contains and compared with encryption identification corresponding to the login banner:If the two is identical, it is determined that the daily record
It is normal request to report request;If the two is different, it is determined that it is malicious requests that the daily record, which reports request,.
By step S102, the present invention can utilize the encryption identification that client cookie is implanted into when user logs in, accurate
It is normal request or malicious requests that really identification daily record, which reports request, and basis is provided for follow-up data processing.
Further, after identification daily record reports request, server end can shield to malicious requests, will be normal
Ask to be used for commercial product recommending, recommend real-time, accuracy and Consumer's Experience so as to be lifted.
Fig. 2 is the schematic flow sheet of the method for identification malicious requests according to a first embodiment of the present invention.
As shown in Fig. 2 the method for the identification malicious requests of the present embodiment can perform according to following steps:
Step S201:User accesses website, and client shows Website login page.
Step S202:Judge whether user logs in;If without logging into normal report of user user behaviors log.
Step S203:If user logs in, service end judge in logging request whether carrying package pinid containing encryption identification
Cookie information:If so, pinid is contained in explanation client cookie, into step S205.
Step S204:If service end judges not having in logging request carrying package pinid containing encryption identification cookie to believe
Breath, then the login banner pin carried according to logging request generate pinid, pinid are sent into client, and be stored in client
Hold cookie file.
Step S205:User enters the page after logging in, and client JS scripts are by groups such as User action log, cookie informations
Fill and report request for daily record, sent to service end.
Step S206:Service end receives daily record and reports request.
Step S207:Service end judges that daily record reports in request whether contain login banner pin;If not provided, explanation is used
Family is not logged in, then normal report of user user behaviors log.
Step S208:If service end, which judges that daily record is reported in request, contains login banner pin, daily record is determined whether
Report in request and whether contain pinid:If so, pinid corresponding with pin then is generated using preset algorithm, according to pin, by day
Will report request in pinid and compared with pinid corresponding to pin:If the two is identical, it is determined that is submitted a report asking in the daily record
Ask as normal request;If the two is different, it is determined that it is malicious requests that the daily record, which reports request,.If server judges that daily record reports
Pinid is not present in request, then directly judges that the daily record reports request as malicious requests.
Step S209:Malicious requests are shielded, commercial product recommending is carried out based on normal request.
Method according to embodiments of the present invention can be seen that because employing in user's Website login, according to user's
Login banner, encryption identification is generated using preset algorithm, and encryption identification is implanted into the cookie file of user place client
Technological means so that user is when Website login browses webpage, the daily record of transmission, which reports to carry in request, to be included encryption and marks
The cookie information of knowledge, malicious requests and normal request can be accurately differentiated using the encryption information, and then can be to malicious requests
Shielded, the real-time recommendation based on normal request progress commodity, recommend real-time, accuracy and user's body so as to improve
Test, overcome prior art and find afterwards, caused by post-processing the defects of poor real, accuracy difference.
Fig. 3 is the major part schematic diagram of the device of the identification malicious requests of the embodiment of the present invention.
As shown in figure 3, the device 300 of the identification malicious requests of the embodiment of the present invention may include:Receiving unit 301, identification
Unit 302.Wherein:
The daily record that receiving unit 301 can be used for receiving carrying login banner reports request;
Recognition unit 302 can be used for marking with described log in it is determined that being not present in the data that the daily record reports request to carry
Corresponding to knowledge during encryption identification, request is reported to be defined as malicious requests the daily record.
In embodiments of the present invention, encryption identification corresponding with the login banner is to the login using preset algorithm
What mark was calculated;The daily record reports request further to carry:Travel log data and click logs data;And
Described device 300 further comprises ciphering unit, available for the logging request for receiving client is sent carrying login banner;
Encryption identification is generated according to the login banner;It is determined that the encryption identification is not present in the data that the logging request carries
When, the encryption identification is sent to client and is stored in client cookie file.
As a preferred scheme, the daily record reports request further to carry cookie information;And the identification list
Member 302 can be used for:The login banner of request carrying is reported according to the daily record, generates encryption mark corresponding with the login banner
Know;It is determined that the daily record report request carry cookie information in encryption identification is not present when, will be submitted a report asking in the daily record
Ask and be defined as malicious requests;It is determined that the daily record report request carry cookie information in encryption identification be present when, by this
Encryption identification and compared with encryption identification corresponding to the login banner:If comparative result is difference, by the daily record
Submit a report asking for ask and be defined as malicious requests;If the comparative result is identical, request is reported to be defined as normal request the daily record.
Technical scheme according to embodiments of the present invention, by user's Website login, according to the login banner of user, profit
Encryption identification is generated with preset algorithm, and encryption identification is implanted into the cookie file of user place client, so that user
When Website login browses webpage, the daily record of transmission reports the cookie information for being carried in request and including encryption identification, utilizes this
Encryption information can accurately differentiate malicious requests and normal request, and then malicious requests can be shielded, based on normal request
The real-time recommendation of commodity is carried out, recommends real-time, accuracy and Consumer's Experience so as to improve, overcomes prior art afterwards
It was found that, caused by post-processing the defects of poor real, accuracy difference.
Fig. 4 shows the method for the identification malicious requests that can apply the embodiment of the present invention or identifies the device of malicious requests
Exemplary system architecture 400.
As shown in figure 4, system architecture 400 can include terminal device 401,402,403, network 404 and server 405
(this framework is only example, and the component included in specific framework can be according to the adjustment of application concrete condition).Network 404 to
The medium of communication link is provided between terminal device 401,402,403 and server 405.Network 404 can include various connections
Type, such as wired, wireless communication link or fiber optic cables etc..
User can be interacted with using terminal equipment 401,402,403 by network 404 with server 405, to receive or send out
Send message etc..Various telecommunication customer end applications, such as the application of shopping class, net can be installed on terminal device 401,402,403
(merely illustrative) such as the application of page browsing device, searching class application, JICQ, mailbox client, social platform softwares.
Terminal device 401,402,403 can have a display screen and a various electronic equipments that supported web page browses, bag
Include but be not limited to smart mobile phone, tablet personal computer, pocket computer on knee and desktop computer etc..
Server 405 can be to provide the server of various services, such as utilize terminal device 401,402,403 to user
The shopping class website browsed provides the back-stage management server (merely illustrative) supported.Back-stage management server can be to receiving
To the data such as information query request analyze etc. processing, and by result (such as target push information, product letter
Breath -- merely illustrative) feed back to terminal device.
It should be noted that the method for the identification malicious requests that the embodiment of the present invention is provided typically is held by server 405
OK, correspondingly, identify that the device of malicious requests is generally positioned in server 405.
It should be understood that the number of the terminal device, network and server in Fig. 4 is only schematical.According to realizing need
Will, can have any number of terminal device, network and server.
Present invention also offers a kind of electronic equipment.
The electronic equipment of the embodiment of the present invention includes:One or more processors;Storage device, for storing one or more
Individual program, when one or more of programs are by one or more of computing devices so that one or more of processing
The method that device realizes identification malicious requests provided by the present invention.
Below with reference to Fig. 5, it illustrates suitable for for realizing the computer system 500 of the electronic equipment of the embodiment of the present invention
Structural representation.Electronic equipment shown in Fig. 5 is only an example, to the function of the embodiment of the present invention and should not use model
Shroud carrys out any restrictions.
As shown in figure 5, computer system 500 includes CPU (CPU) 501, it can be read-only according to being stored in
Program in memory (ROM) 502 or be loaded into program in random access storage device (RAM) 503 from storage part 508 and
Perform various appropriate actions and processing.In RAM503, be also stored with computer system 500 operate required various programs and
Data.CPU501, ROM 502 and RAM 503 are connected with each other by bus 504.Input/output (I/O) interface 505 also connects
To bus 504.
I/O interfaces 505 are connected to lower component:Importation 506 including keyboard, mouse etc.;Penetrated including such as negative electrode
The output par, c 507 of spool (CRT), liquid crystal display (LCD) etc. and loudspeaker etc.;Storage part 508 including hard disk etc.;
And the communications portion 509 of the NIC including LAN card, modem etc..Communications portion 509 via such as because
The network of spy's net performs communication process.Driver 510 is also according to needing to be connected to I/O interfaces 505.Detachable media 511, such as
Disk, CD, magneto-optic disk, semiconductor memory etc., it is arranged on as needed on driver 510, so as to what is read from it
Computer program is mounted into storage part 508 as needed.
Especially, may be implemented as according to embodiment disclosed by the invention, the process of key step figure above description
Computer software programs.For example, the embodiment of the present invention includes a kind of computer program product, it includes being carried on computer-readable
Computer program on medium, the computer program include the program code for being used for performing the method shown in key step figure.
In above-described embodiment, the computer program can be downloaded and installed by communications portion 509 from network, and/or from removable
Medium 511 is unloaded to be mounted.When the computer program is performed by CPU 501, perform and limited in the system of the present invention
Above-mentioned function.
It should be noted that the computer-readable medium shown in the present invention can be computer-readable signal media or meter
Calculation machine readable storage medium storing program for executing either the two any combination.Computer-readable recording medium for example can be --- but not
Be limited to --- electricity, magnetic, optical, electromagnetic, system, device or the device of infrared ray or semiconductor, or it is any more than combination.Meter
The more specifically example of calculation machine readable storage medium storing program for executing can include but is not limited to:Electrical connection with one or more wires, just
Take formula computer disk, hard disk, random access storage device (RAM), read-only storage (ROM), erasable type and may be programmed read-only storage
Device (EPROM or flash memory), optical fiber, portable compact disc read-only storage (CD-ROM), light storage device, magnetic memory device,
Or above-mentioned any appropriate combination.In the present invention, computer-readable recording medium can any include or store journey
The tangible medium of sequence, the program can be commanded the either device use or in connection of execution system, device.In this hair
In bright, computer-readable signal media can be included in a base band or as a part of data-signal propagated of carrier wave, wherein
Carry computer-readable program code.The data-signal of this propagation can take various forms, and include but is not limited to electricity
Magnetic signal, optical signal or above-mentioned any appropriate combination.Computer-readable signal media can also be computer-readable storage medium
Any computer-readable medium beyond matter, the computer-readable medium can be sent, propagated or transmitted for being held by instruction
Row system, device either device use or program in connection.The program code included on computer-readable medium
It can be transmitted, included but is not limited to any appropriate medium:Wirelessly, electric wire, optical cable, RF etc., or above-mentioned any conjunction
Suitable combination.
Flow chart and block diagram in accompanying drawing, it is illustrated that according to the system of various embodiments of the invention, method and computer journey
Architectural framework in the cards, function and the operation of sequence product.At this point, each square frame in flow chart or block diagram can generation
The part of one module of table, program segment or code, a part for above-mentioned module, program segment or code include one or more
For realizing the executable instruction of defined logic function.It should also be noted that some as replace realization in, institute in square frame
The function of mark can also be with different from the order marked in accompanying drawing generation.For example, two square frames succeedingly represented are actual
On can perform substantially in parallel, they can also be performed in the opposite order sometimes, and this is depending on involved function.
It should be noted that the combination of each square frame and block diagram in block diagram or flow chart or the square frame in flow chart, can use and perform
Defined function or the special hardware based system of operation realize, or can use specialized hardware and computer instruction
Combine to realize.
Being described in unit involved in the embodiment of the present invention can be realized by way of software, can also be by hard
The mode of part is realized.Described unit can also be set within a processor, for example, can be described as:A kind of processor bag
Include receiving unit and recognition unit.Wherein, the title of these units does not form the limit to the unit in itself under certain conditions
It is fixed, for example, receiving unit is also described as " being used for the unit for sending daily record to recognition unit and reporting request ".
As on the other hand, present invention also offers a kind of computer-readable medium, the computer-readable medium can be
Included in equipment described in above-described embodiment;Can also be individualism, and without be incorporated the equipment in.Above-mentioned meter
Calculation machine computer-readable recording medium carries one or more program, when said one or multiple programs are performed by the equipment so that
The step of equipment performs includes:The daily record for receiving carrying login banner reports request;It is determined that the daily record reports request to take
When encryption identification corresponding with the login banner being not present in the data of band, reporting request to be defined as malice the daily record please
Ask.
Technical scheme according to embodiments of the present invention, by user's Website login, according to the login banner of user, profit
Encryption identification is generated with preset algorithm, and encryption identification is implanted into the cookie file of user place client, so that user
When Website login browses webpage, the daily record of transmission reports the cookie information for being carried in request and including encryption identification, utilizes this
Encryption information can accurately differentiate malicious requests and normal request, and then malicious requests can be shielded, based on normal request
The real-time recommendation of commodity is carried out, recommends real-time, accuracy and Consumer's Experience so as to improve, overcomes prior art afterwards
It was found that, caused by post-processing the defects of poor real, accuracy difference.
Above-mentioned embodiment, does not form limiting the scope of the invention.Those skilled in the art should be bright
It is white, depending on design requirement and other factors, various modifications, combination, sub-portfolio and replacement can occur.It is any
Modifications, equivalent substitutions and improvements made within the spirit and principles in the present invention etc., should be included in the scope of the present invention
Within.
Claims (11)
- A kind of 1. method for identifying malicious requests, it is characterised in that including:The daily record for receiving carrying login banner reports request;It is determined that the daily record report request carry data in encryption identification corresponding with the login banner is not present when, general The daily record reports request to be defined as malicious requests.
- 2. according to the method for claim 1, it is characterised in that encryption identification corresponding with the login banner is using pre- The login banner is calculated imputation method.
- 3. according to the method for claim 1, it is characterised in that methods described further comprises:Receive logging request that client is sent, carrying login banner;Encryption identification is generated according to the login banner;When it is determined that the encryption identification is not present in the data that the logging request carries, the encryption identification is sent to visitor Family end is simultaneously stored in client cookie file.
- 4. according to the method for claim 1, it is characterised in that the daily record reports request further to carry cookie letters Breath;AndIt is described it is determined that the daily record report request carry data in encryption identification corresponding with the login banner is not present When, reporting request to be defined as malicious requests the daily record includes:The login banner of request carrying is reported according to the daily record, generates encryption identification corresponding with the login banner;It is determined that the daily record report request carry cookie information in encryption identification is not present when, will be submitted a report asking in the daily record Ask and be defined as malicious requests;It is determined that the daily record report request carry cookie information in encryption identification be present when, by the encryption identification and with this Encryption identification is compared corresponding to login banner;If comparative result is difference, request is reported to be defined as disliking the daily record Meaning request.
- 5. according to the method for claim 4, it is characterised in that methods described further comprises:If the comparative result is identical, request is reported to be defined as normal request the daily record.
- 6. according to any described methods of claim 1-5, it is characterised in that the daily record reports request further to carry:It is clear Look at daily record data and click logs data.
- A kind of 7. device for identifying malicious requests, it is characterised in that including:Receiving unit, the daily record that login banner is carried for receiving report request;Recognition unit, for it is determined that the daily record report request carry data in be not present it is corresponding with the login banner During encryption identification, request is reported to be defined as malicious requests the daily record.
- 8. device according to claim 7, it is characterised in that encryption identification corresponding with the login banner is using pre- The login banner is calculated imputation method;The daily record reports request further to carry:Travel log data and Click logs data;And described device further comprises:Ciphering unit, for receiving client transmission, carrying login banner logging request;Generated according to the login banner Encryption identification;When it is determined that the encryption identification is not present in the data that the logging request carries, the encryption identification is sent out It is sent to client and is stored in client cookie file.
- 9. the device according to claim 7 or 8, it is characterised in that the daily record reports request further to carry cookie Information;And the recognition unit is used for:The login banner of request carrying is reported according to the daily record, generates encryption identification corresponding with the login banner;It is determined that the daily record report request carry cookie information in encryption identification is not present when, will be submitted a report asking in the daily record Ask and be defined as malicious requests;It is determined that the daily record report request carry cookie information in encryption identification be present when, by the encryption identification and with this Encryption identification is compared corresponding to login banner:If comparative result is difference, request is reported to be defined as disliking the daily record Meaning request;If the comparative result is identical, request is reported to be defined as normal request the daily record.
- 10. a kind of electronic equipment, it is characterised in that including:One or more processors;Storage device, for storing one or more programs,When one or more of programs are by one or more of computing devices so that one or more of processors are real The now method as described in any in claim 1-6.
- 11. a kind of computer-readable recording medium, is stored thereon with computer program, it is characterised in that described program is processed The method as described in any in claim 1-6 is realized when device performs.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710805740.6A CN107634942B (en) | 2017-09-08 | 2017-09-08 | Method and device for identifying malicious request |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710805740.6A CN107634942B (en) | 2017-09-08 | 2017-09-08 | Method and device for identifying malicious request |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107634942A true CN107634942A (en) | 2018-01-26 |
CN107634942B CN107634942B (en) | 2020-07-31 |
Family
ID=61101067
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710805740.6A Active CN107634942B (en) | 2017-09-08 | 2017-09-08 | Method and device for identifying malicious request |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107634942B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110764979A (en) * | 2018-07-27 | 2020-02-07 | 北京京东尚科信息技术有限公司 | Log identification method, system, electronic device and computer readable medium |
CN111625721A (en) * | 2020-05-26 | 2020-09-04 | 汉海信息技术(上海)有限公司 | Content recommendation method and device |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7421733B2 (en) * | 2002-02-06 | 2008-09-02 | Hewlett-Packard Development Company, L.P. | System and method for providing multi-class processing of login requests |
CN101827079A (en) * | 2010-01-27 | 2010-09-08 | 南京大学 | Blocking and attacking-resistant terminal connection building method and terminal access authenticating system |
CN102685081A (en) * | 2011-03-17 | 2012-09-19 | 腾讯科技(深圳)有限公司 | Webpage request safe processing method and system |
CN103179134A (en) * | 2013-04-19 | 2013-06-26 | 中国建设银行股份有限公司 | Single sign on method and system based on Cookie and application server thereof |
CN103944900A (en) * | 2014-04-18 | 2014-07-23 | 中国科学院计算技术研究所 | Cross-station request attack defense method and device based on encryption |
CN104519018A (en) * | 2013-09-29 | 2015-04-15 | 阿里巴巴集团控股有限公司 | Method, device and system for preventing malicious requests for server |
CN104639387A (en) * | 2014-12-09 | 2015-05-20 | 北京京东尚科信息技术有限公司 | Users' network behavior tracking method and equipment |
CN105208033A (en) * | 2015-10-08 | 2015-12-30 | 华中科技大学 | Group auxiliary recommendation method and system based on intelligent terminal scenes |
US20160014117A1 (en) * | 2013-06-05 | 2016-01-14 | Sk Planet Co., Ltd. | Authentication method using security token, and system and apparatus for same |
CN105610938A (en) * | 2015-12-24 | 2016-05-25 | 广州爱九游信息技术有限公司 | Logging status synchronization method and system |
CN106850599A (en) * | 2017-01-18 | 2017-06-13 | 中国科学院信息工程研究所 | A kind of NAT detection methods based on fusion user behavior and sudden peal of thunder ID |
-
2017
- 2017-09-08 CN CN201710805740.6A patent/CN107634942B/en active Active
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7421733B2 (en) * | 2002-02-06 | 2008-09-02 | Hewlett-Packard Development Company, L.P. | System and method for providing multi-class processing of login requests |
CN101827079A (en) * | 2010-01-27 | 2010-09-08 | 南京大学 | Blocking and attacking-resistant terminal connection building method and terminal access authenticating system |
CN102685081A (en) * | 2011-03-17 | 2012-09-19 | 腾讯科技(深圳)有限公司 | Webpage request safe processing method and system |
CN103179134A (en) * | 2013-04-19 | 2013-06-26 | 中国建设银行股份有限公司 | Single sign on method and system based on Cookie and application server thereof |
US20160014117A1 (en) * | 2013-06-05 | 2016-01-14 | Sk Planet Co., Ltd. | Authentication method using security token, and system and apparatus for same |
CN104519018A (en) * | 2013-09-29 | 2015-04-15 | 阿里巴巴集团控股有限公司 | Method, device and system for preventing malicious requests for server |
CN103944900A (en) * | 2014-04-18 | 2014-07-23 | 中国科学院计算技术研究所 | Cross-station request attack defense method and device based on encryption |
CN104639387A (en) * | 2014-12-09 | 2015-05-20 | 北京京东尚科信息技术有限公司 | Users' network behavior tracking method and equipment |
CN105208033A (en) * | 2015-10-08 | 2015-12-30 | 华中科技大学 | Group auxiliary recommendation method and system based on intelligent terminal scenes |
CN105610938A (en) * | 2015-12-24 | 2016-05-25 | 广州爱九游信息技术有限公司 | Logging status synchronization method and system |
CN106850599A (en) * | 2017-01-18 | 2017-06-13 | 中国科学院信息工程研究所 | A kind of NAT detection methods based on fusion user behavior and sudden peal of thunder ID |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110764979A (en) * | 2018-07-27 | 2020-02-07 | 北京京东尚科信息技术有限公司 | Log identification method, system, electronic device and computer readable medium |
CN111625721A (en) * | 2020-05-26 | 2020-09-04 | 汉海信息技术(上海)有限公司 | Content recommendation method and device |
CN111625721B (en) * | 2020-05-26 | 2023-12-22 | 汉海信息技术(上海)有限公司 | Content recommendation method and device |
Also Published As
Publication number | Publication date |
---|---|
CN107634942B (en) | 2020-07-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107105031A (en) | Information-pushing method and device | |
US10362086B2 (en) | Method and system for automating submission of issue reports | |
CN108805594A (en) | Information-pushing method and device | |
US10885466B2 (en) | Method for performing user profiling from encrypted network traffic flows | |
CN111488995B (en) | Method, device and system for evaluating joint training model | |
CN107908666A (en) | A kind of method and apparatus of identification equipment mark | |
CN107634947A (en) | Limitation malice logs in or the method and apparatus of registration | |
CN107609890A (en) | A kind of method and apparatus of order tracking | |
CN111612503B (en) | Advertisement pushing method and device based on external page delivery touch user information and electronic equipment | |
CN109685536B (en) | Method and apparatus for outputting information | |
CN109976997A (en) | Test method and device | |
CN107944956A (en) | Method and apparatus for generating information | |
CN107426328A (en) | Information-pushing method and device | |
CN109388548A (en) | Method and apparatus for generating information | |
CN107295067A (en) | Across the method and apparatus of screen identification user | |
CN108334641A (en) | The method of acquisition user behavior data, system, electronic equipment, storage medium | |
US20150370899A1 (en) | Shortened url management method and management device, and storage medium storing computer program for management thereof | |
CN111061956A (en) | Method and apparatus for generating information | |
CN107958009A (en) | Company information acquisition methods, device and equipment | |
CN107784076A (en) | The method and apparatus of visualization structure user behavior data | |
CN110866040A (en) | User portrait generation method, device and system | |
CN107346344A (en) | The method and apparatus of text matches | |
CN110737645B (en) | Data migration method and system among different systems and related equipment | |
CN108702334A (en) | The method and system of distributed testing for the network configuration for zero rate | |
CN107291835A (en) | A kind of recommendation method and apparatus of search term |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |