CN107634942A - The method and apparatus for identifying malicious requests - Google Patents

The method and apparatus for identifying malicious requests Download PDF

Info

Publication number
CN107634942A
CN107634942A CN201710805740.6A CN201710805740A CN107634942A CN 107634942 A CN107634942 A CN 107634942A CN 201710805740 A CN201710805740 A CN 201710805740A CN 107634942 A CN107634942 A CN 107634942A
Authority
CN
China
Prior art keywords
request
daily record
encryption identification
login banner
present
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710805740.6A
Other languages
Chinese (zh)
Other versions
CN107634942B (en
Inventor
王海旭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Original Assignee
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingdong Century Trading Co Ltd, Beijing Jingdong Shangke Information Technology Co Ltd filed Critical Beijing Jingdong Century Trading Co Ltd
Priority to CN201710805740.6A priority Critical patent/CN107634942B/en
Publication of CN107634942A publication Critical patent/CN107634942A/en
Application granted granted Critical
Publication of CN107634942B publication Critical patent/CN107634942B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention discloses a kind of method and apparatus for identifying malicious requests, it is related to computer realm.One embodiment of this method includes:The daily record for receiving carrying login banner reports request;It is determined that the daily record report request carry data in encryption identification corresponding with the login banner is not present when, report request to be defined as malicious requests the daily record.The embodiment can be by being implanted into encryption identification in client, and the daily record of automatic identification malice reports request, so as to lift the accuracy of commercial product recommending and real-time.

Description

The method and apparatus for identifying malicious requests
Technical field
The present invention relates to computer realm, more particularly to a kind of method and apparatus for identifying malicious requests.
Background technology
In field of computer technology, service side often obtains the possible commodity interested of user according to various factors and pushed away Recommend.It is determined that during Recommendations, an important factor is exactly the number that user browses commodity.In practical application, in order to Increase goods browse amount, malicious user usually imitates URL (Uniform Resource Location, the unified money of normal request Source finger URL) form largely sends malicious requests and accesses the commodity of oneself, to obtain bigger recommendation weight, so as to The recommendation position at family shows the commodity of oneself.
In the prior art, in order to tackle above mentioned problem, service side can be monitored to recommendation results, if it find that in fact The above-mentioned malicious requests not accessed truly, then filter to it.
During the present invention is realized, inventor has found that prior art at least has problems with:Prior art uses The strategy for finding and handling afterwards, malicious requests have told on during processing, have had influence on the commodity recommended, therefore push away The accuracy and real-time recommended are poor, in the environment of real-time recommendation is paid attention at present, easily influence Consumer's Experience.
The content of the invention
In view of this, the embodiment of the present invention provides a kind of method and apparatus for identifying malicious requests, can be by client End implantation encryption identification, the daily record of automatic identification malice reports request, so as to lift the accuracy of commercial product recommending and real-time.
To achieve the above object, according to an aspect of the invention, there is provided a kind of method for identifying malicious requests.
The method of the identification malicious requests of the embodiment of the present invention includes:The daily record for receiving carrying login banner reports request; It is determined that the daily record report request carry data in encryption identification corresponding with the login banner is not present when, general described in Daily record reports request to be defined as malicious requests.
Alternatively, encryption identification corresponding with the login banner is that the login banner is counted using preset algorithm Obtain.
Alternatively, methods described further comprises:Receive logging request that client is sent, carrying login banner;Root Encryption identification is generated according to the login banner;It is determined that the encryption identification is not present in the data that the logging request carries When, the encryption identification is sent to client and is stored in client cookie file.
Alternatively, the daily record reports request further to carry cookie information;It is and described it is determined that in the daily record Submit a report asking for when encryption identification corresponding with the login banner being not present in the data for ask carrying, report request to determine the daily record Include for malicious requests:The login banner of request carrying is reported according to the daily record, generates encryption corresponding with the login banner Mark;It is determined that the daily record report request carry cookie information in encryption identification is not present when, the daily record is reported Request is defined as malicious requests;It is determined that the daily record report request carry cookie information in encryption identification be present when, will The encryption identification and compared with encryption identification corresponding to the login banner;If comparative result is difference, by the daily record Request is reported to be defined as malicious requests.
Alternatively, methods described further comprises:If the comparative result is identical, report request true the daily record It is set to normal request.
Alternatively, the daily record reports request further to carry:Travel log data and click logs data.
To achieve the above object, according to another aspect of the invention, there is provided a kind of device for identifying malicious requests.
The device of the identification malicious requests of the embodiment of the present invention may include:Receiving unit, mark is logged in available for receiving to carry The daily record of knowledge reports request;Recognition unit, available for it is determined that the daily record report request carry data in be not present and institute When stating encryption identification corresponding to login banner, request is reported to be defined as malicious requests the daily record.
Alternatively, encryption identification corresponding with the login banner is that the login banner is counted using preset algorithm Obtain;The daily record reports request further to carry:Travel log data and click logs data;And described device can Further comprise:Ciphering unit, for receiving client transmission, carrying login banner logging request;According to the login Mark generation encryption identification;When it is determined that the encryption identification is not present in the data that the logging request carries, described it will add Secret mark, which is known, to be sent to client and is stored in client cookie file.
Alternatively, the daily record reports request further to carry cookie information;And the recognition unit can be used for:Root The login banner of request carrying is reported according to the daily record, generates encryption identification corresponding with the login banner;It is determined that the day Will is reported in the cookie information that request carries when encryption identification is not present, is reported request to be defined as malice the daily record and is asked Ask;It is determined that the daily record report request carry cookie information in encryption identification be present when, by the encryption identification and with this Encryption identification is compared corresponding to login banner:If comparative result is difference, request is reported to be defined as disliking the daily record Meaning request;If the comparative result is identical, request is reported to be defined as normal request the daily record.
To achieve the above object, according to another aspect of the invention, there is provided a kind of electronic equipment.
The a kind of electronic equipment of the present invention includes:One or more processors;Storage device, for storing one or more Program, when one or more of programs are by one or more of computing devices so that one or more of processors The method for realizing identification malicious requests provided by the present invention.
To achieve the above object, in accordance with a further aspect of the present invention, there is provided a kind of computer-readable recording medium.
A kind of computer-readable recording medium of the present invention, is stored thereon with computer program, described program is by processor The method that identification malicious requests provided by the present invention are realized during execution.
Technique according to the invention scheme, one embodiment in foregoing invention has the following advantages that or beneficial effect: During user's Website login, encryption identification is generated according to the login banner of user, using preset algorithm, and encryption identification is implanted into and used The cookie file of client where family, so that user, when Website login browses webpage, the daily record of transmission is reported in request Carrying includes the cookie information of encryption identification, can accurately differentiate malicious requests and normal request using the encryption information, enter And malicious requests can be shielded, the real-time recommendation based on normal request progress commodity, recommend real-time, standard so as to improve True property and Consumer's Experience, overcome that prior art is found afterwards, poor real, accuracy difference etc. caused by post-processing lack Fall into.
Further effect adds hereinafter in conjunction with embodiment possessed by above-mentioned non-usual optional mode With explanation.
Brief description of the drawings
Accompanying drawing is used to more fully understand the present invention, does not form inappropriate limitation of the present invention.Wherein:
Fig. 1 is the key step schematic diagram of the method for identification malicious requests according to embodiments of the present invention;
Fig. 2 is the schematic flow sheet of the method for identification malicious requests according to embodiments of the present invention;
Fig. 3 is the major part schematic diagram of the device of identification malicious requests according to embodiments of the present invention;
Fig. 4 is to can apply to exemplary system architecture figure therein according to embodiments of the present invention;
Fig. 5 is the structural representation for realizing the electronic equipment of the method for the embodiment of the present invention.
Embodiment
The one exemplary embodiment of the present invention is explained below in conjunction with accompanying drawing, including the various of the embodiment of the present invention Details should think them only exemplary to help understanding.Therefore, those of ordinary skill in the art should recognize Arrive, various changes and modifications can be made to the embodiments described herein, without departing from scope and spirit of the present invention.Together Sample, for clarity and conciseness, the description to known function and structure is eliminated in following description.
The technical scheme of the embodiment of the present invention is by user's Website login, according to the login banner of user, using pre- Imputation method generates encryption identification, and encryption identification is implanted into the cookie file of user place client, so that user is stepping on When recording website browsing webpage, the daily record of transmission reports the cookie information for being carried in request and including encryption identification, utilizes the encryption Information can accurately differentiate malicious requests and normal request, and then malicious requests can be shielded, be carried out based on normal request The real-time recommendation of commodity, recommend real-time, accuracy and Consumer's Experience so as to improve, overcome prior art and send out afterwards Caused by existing, post-processing the defects of poor real, accuracy difference.
Fig. 1 is the key step schematic diagram according to the method for the identification malicious requests of the present embodiment.
As shown in figure 1, the method for the identification malicious requests of the embodiment of the present invention can perform according to following steps:
Step S101:The daily record that service end receives carrying login banner reports request.
In practical application, the commending system often foundation using the User action log that client reports as commercial product recommending. Therefore in this step, service end receives the daily record that client is sent and reports request first.
Service end receive daily record report request in comprising normal users client send, for report of user behavior The request of daily record.Wherein, the daily record that normal users are sent reports and User action log data can be carried in request, user steps on One or more in record mark, cookie information, User action log data can include:Characterize the page letter that user browses The travel log data of breath, the click logs data that user clicks on behavior are characterized, cookie information is what client preserved Cookie information.Usually, normal users send daily record report request be by client JS (JavaScript, JavaScript is a kind of script for client) generation such as script collection daily record data, cookie information.
Meanwhile in actual applications, in order to produce substantial amounts of User action log data, malicious user usually imitates normally The URL format of request largely sends the malicious requests for accessing its commodity to service end so that the accuracy of existing commending system It is relatively low.Therefore, the daily record that service end receives, which is reported in request, also includes malicious requests.In order to produce User action log number According to malicious requests typically all carry login banner.
, in embodiments of the present invention, can be with order to identify that normal daily record reports request to report request with malice daily record Encryption identification is implanted into the client of normal users in advance, the identification of request is reported using encryption identification progress daily record.Therefore, compared with Goodly, before step S101, the mark of normal users is carried out according to following steps:
1. service end receives the logging request that client is sent, encryption is generated based on the login banner carried in logging request Mark.
In this step, client is sent to the logging request of website to service end, and login banner is carried in logging request With login password.It is understood that login banner is generally ID (user's mark).In practical application, in logging request Client cookie information can also be carried, client cookie information includes client under the domain where the website and used The related effective cookie information in family, and in field of computer technology, cookie refers to website to distinguish user identity, enter Row session tracking and be stored in the data on user local terminal.
In embodiments of the present invention, after receiving logging request, service end is to the login banner in logging request with stepping on Record password is verified.Afterwards, login banner is generated encryption identification by service end using preset algorithm, for follow-up normal day Will reports the mark of request.In practical application, preset algorithm can be that (Base64 is a kind of for transmitting 8Bit based on Base64 The coded system of syllabified code) secondary development AES or other applicable AESs, encryption identification for profit The encrypted characters string with particular form generated with preset algorithm.
2. the encryption identification is sent to by service end when it is determined that encryption identification is not present in the data that logging request carries Client is simultaneously stored in client cookie file.
In this step, after service end obtains logging request, logging request is parsed first, obtains what logging request carried Data.Afterwards, judge to whether there is the encryption identification corresponding to login banner in the data that logging request carries:If it is, say Encryption identification has been saved in the cookie file of bright client, then has not been dealt with;Otherwise, encryption mark step 1 generated Knowledge is sent to client, and is stored in cookie file of the client under the domain where the website.
It is preferred that in the case where logging request carries client cookie information, service end obtains logging request first In client cookie information, and judge in client cookie information whether there is corresponding to login banner encryption mark Know:If it is, having saved encryption identification in the cookie file of explanation client, then do not deal with;Otherwise, by step 1 The encryption identification of generation is sent to client, and is stored in cookie file of the client under the domain where the website.Can With understanding, the encryption identification generated according to the login banner is referred to corresponding to the encryption identification of login banner.In this step After rapid, the user normally logged in carries the cookie containing encryption identification in client to the Web request that service end is sent Information, and the encryption identification is corresponding with the login banner carried in request.
So, service end to the client of normal users by sending encryption identification so that normal daily record reports request Contain encryption identification in the data of middle carrying, and for malicious user, added because it can not know by login banner generation Secret mark knows the preset algorithm used, therefore it can not obtain encryption identification corresponding with login banner.So, service end can To report in request whether contain encryption identification corresponding with login banner to identify malicious requests according to daily record.
Step S102:Service end it is determined that the daily record report request carry data in be not present and the login banner During corresponding encryption identification, request is reported to be defined as malicious requests the daily record.
Specifically, in this step, after the daily record of service end reception carrying login banner reports request, parse in daily record Submit a report asking for and ask, obtain the data that daily record reports request to carry, and judge in the data that daily record reports request to carry with the presence or absence of encryption Mark, if it does not exist, then reporting request to be defined as malicious requests the daily record.If it is present using preset algorithm by day Will reports the login banner generation encryption identification that request carries, and judges the data that the encryption identification reports request to carry with daily record In encryption identification it is whether identical:If so, then request is reported to be defined as normal request the daily record;Otherwise, the daily record is reported Request is defined as malicious requests.
In practical application, daily record reports request often to carry cookie information.In this case, service end performs following Step realizes the identification of malicious requests:
1. service end parsing daily record reports request, acquisition daily record reports login banner and cookie information in request, and The login banner is generated into encryption identification using preset algorithm.
2. service end judges that daily record reports in the cookie information in request whether contain any encryption identification:If not yet Have, it is malicious requests to determine that the daily record reports request.It is understood that in practical application, can be according to the spy of encryption identification Setting formula judges whether encryption identification.
3. service end contains encryption identification if it is determined that daily record is reported in the cookie information in request, then the encryption is marked Know and compared with encryption identification corresponding to the login banner:If the two is identical, it is determined that the daily record reports request as just Often request;If the two is different, it is determined that it is malicious requests that the daily record, which reports request,.Wherein, normal request is referred in user Under logging status, the daily record in response to user behavior generation reports request.
In embodiments of the present invention, service end can also perform the identification that following steps realize malicious requests:
1. service end parsing daily record reports request, acquisition daily record reports login banner and cookie information in request.
2. service end judges that daily record reports in the cookie information in request whether contain any encryption identification:If not yet Have, it is malicious requests to determine that the daily record reports request.
3. service end contains encryption identification if it is determined that daily record is reported in the cookie information in request, then pre- imputation is utilized The login banner is generated corresponding with login banner encryption identification by method, and daily record is reported in the cookie information in asking The encryption identification that contains and compared with encryption identification corresponding to the login banner:If the two is identical, it is determined that the daily record It is normal request to report request;If the two is different, it is determined that it is malicious requests that the daily record, which reports request,.
By step S102, the present invention can utilize the encryption identification that client cookie is implanted into when user logs in, accurate It is normal request or malicious requests that really identification daily record, which reports request, and basis is provided for follow-up data processing.
Further, after identification daily record reports request, server end can shield to malicious requests, will be normal Ask to be used for commercial product recommending, recommend real-time, accuracy and Consumer's Experience so as to be lifted.
Fig. 2 is the schematic flow sheet of the method for identification malicious requests according to a first embodiment of the present invention.
As shown in Fig. 2 the method for the identification malicious requests of the present embodiment can perform according to following steps:
Step S201:User accesses website, and client shows Website login page.
Step S202:Judge whether user logs in;If without logging into normal report of user user behaviors log.
Step S203:If user logs in, service end judge in logging request whether carrying package pinid containing encryption identification Cookie information:If so, pinid is contained in explanation client cookie, into step S205.
Step S204:If service end judges not having in logging request carrying package pinid containing encryption identification cookie to believe Breath, then the login banner pin carried according to logging request generate pinid, pinid are sent into client, and be stored in client Hold cookie file.
Step S205:User enters the page after logging in, and client JS scripts are by groups such as User action log, cookie informations Fill and report request for daily record, sent to service end.
Step S206:Service end receives daily record and reports request.
Step S207:Service end judges that daily record reports in request whether contain login banner pin;If not provided, explanation is used Family is not logged in, then normal report of user user behaviors log.
Step S208:If service end, which judges that daily record is reported in request, contains login banner pin, daily record is determined whether Report in request and whether contain pinid:If so, pinid corresponding with pin then is generated using preset algorithm, according to pin, by day Will report request in pinid and compared with pinid corresponding to pin:If the two is identical, it is determined that is submitted a report asking in the daily record Ask as normal request;If the two is different, it is determined that it is malicious requests that the daily record, which reports request,.If server judges that daily record reports Pinid is not present in request, then directly judges that the daily record reports request as malicious requests.
Step S209:Malicious requests are shielded, commercial product recommending is carried out based on normal request.
Method according to embodiments of the present invention can be seen that because employing in user's Website login, according to user's Login banner, encryption identification is generated using preset algorithm, and encryption identification is implanted into the cookie file of user place client Technological means so that user is when Website login browses webpage, the daily record of transmission, which reports to carry in request, to be included encryption and marks The cookie information of knowledge, malicious requests and normal request can be accurately differentiated using the encryption information, and then can be to malicious requests Shielded, the real-time recommendation based on normal request progress commodity, recommend real-time, accuracy and user's body so as to improve Test, overcome prior art and find afterwards, caused by post-processing the defects of poor real, accuracy difference.
Fig. 3 is the major part schematic diagram of the device of the identification malicious requests of the embodiment of the present invention.
As shown in figure 3, the device 300 of the identification malicious requests of the embodiment of the present invention may include:Receiving unit 301, identification Unit 302.Wherein:
The daily record that receiving unit 301 can be used for receiving carrying login banner reports request;
Recognition unit 302 can be used for marking with described log in it is determined that being not present in the data that the daily record reports request to carry Corresponding to knowledge during encryption identification, request is reported to be defined as malicious requests the daily record.
In embodiments of the present invention, encryption identification corresponding with the login banner is to the login using preset algorithm What mark was calculated;The daily record reports request further to carry:Travel log data and click logs data;And Described device 300 further comprises ciphering unit, available for the logging request for receiving client is sent carrying login banner; Encryption identification is generated according to the login banner;It is determined that the encryption identification is not present in the data that the logging request carries When, the encryption identification is sent to client and is stored in client cookie file.
As a preferred scheme, the daily record reports request further to carry cookie information;And the identification list Member 302 can be used for:The login banner of request carrying is reported according to the daily record, generates encryption mark corresponding with the login banner Know;It is determined that the daily record report request carry cookie information in encryption identification is not present when, will be submitted a report asking in the daily record Ask and be defined as malicious requests;It is determined that the daily record report request carry cookie information in encryption identification be present when, by this Encryption identification and compared with encryption identification corresponding to the login banner:If comparative result is difference, by the daily record Submit a report asking for ask and be defined as malicious requests;If the comparative result is identical, request is reported to be defined as normal request the daily record.
Technical scheme according to embodiments of the present invention, by user's Website login, according to the login banner of user, profit Encryption identification is generated with preset algorithm, and encryption identification is implanted into the cookie file of user place client, so that user When Website login browses webpage, the daily record of transmission reports the cookie information for being carried in request and including encryption identification, utilizes this Encryption information can accurately differentiate malicious requests and normal request, and then malicious requests can be shielded, based on normal request The real-time recommendation of commodity is carried out, recommends real-time, accuracy and Consumer's Experience so as to improve, overcomes prior art afterwards It was found that, caused by post-processing the defects of poor real, accuracy difference.
Fig. 4 shows the method for the identification malicious requests that can apply the embodiment of the present invention or identifies the device of malicious requests Exemplary system architecture 400.
As shown in figure 4, system architecture 400 can include terminal device 401,402,403, network 404 and server 405 (this framework is only example, and the component included in specific framework can be according to the adjustment of application concrete condition).Network 404 to The medium of communication link is provided between terminal device 401,402,403 and server 405.Network 404 can include various connections Type, such as wired, wireless communication link or fiber optic cables etc..
User can be interacted with using terminal equipment 401,402,403 by network 404 with server 405, to receive or send out Send message etc..Various telecommunication customer end applications, such as the application of shopping class, net can be installed on terminal device 401,402,403 (merely illustrative) such as the application of page browsing device, searching class application, JICQ, mailbox client, social platform softwares.
Terminal device 401,402,403 can have a display screen and a various electronic equipments that supported web page browses, bag Include but be not limited to smart mobile phone, tablet personal computer, pocket computer on knee and desktop computer etc..
Server 405 can be to provide the server of various services, such as utilize terminal device 401,402,403 to user The shopping class website browsed provides the back-stage management server (merely illustrative) supported.Back-stage management server can be to receiving To the data such as information query request analyze etc. processing, and by result (such as target push information, product letter Breath -- merely illustrative) feed back to terminal device.
It should be noted that the method for the identification malicious requests that the embodiment of the present invention is provided typically is held by server 405 OK, correspondingly, identify that the device of malicious requests is generally positioned in server 405.
It should be understood that the number of the terminal device, network and server in Fig. 4 is only schematical.According to realizing need Will, can have any number of terminal device, network and server.
Present invention also offers a kind of electronic equipment.
The electronic equipment of the embodiment of the present invention includes:One or more processors;Storage device, for storing one or more Individual program, when one or more of programs are by one or more of computing devices so that one or more of processing The method that device realizes identification malicious requests provided by the present invention.
Below with reference to Fig. 5, it illustrates suitable for for realizing the computer system 500 of the electronic equipment of the embodiment of the present invention Structural representation.Electronic equipment shown in Fig. 5 is only an example, to the function of the embodiment of the present invention and should not use model Shroud carrys out any restrictions.
As shown in figure 5, computer system 500 includes CPU (CPU) 501, it can be read-only according to being stored in Program in memory (ROM) 502 or be loaded into program in random access storage device (RAM) 503 from storage part 508 and Perform various appropriate actions and processing.In RAM503, be also stored with computer system 500 operate required various programs and Data.CPU501, ROM 502 and RAM 503 are connected with each other by bus 504.Input/output (I/O) interface 505 also connects To bus 504.
I/O interfaces 505 are connected to lower component:Importation 506 including keyboard, mouse etc.;Penetrated including such as negative electrode The output par, c 507 of spool (CRT), liquid crystal display (LCD) etc. and loudspeaker etc.;Storage part 508 including hard disk etc.; And the communications portion 509 of the NIC including LAN card, modem etc..Communications portion 509 via such as because The network of spy's net performs communication process.Driver 510 is also according to needing to be connected to I/O interfaces 505.Detachable media 511, such as Disk, CD, magneto-optic disk, semiconductor memory etc., it is arranged on as needed on driver 510, so as to what is read from it Computer program is mounted into storage part 508 as needed.
Especially, may be implemented as according to embodiment disclosed by the invention, the process of key step figure above description Computer software programs.For example, the embodiment of the present invention includes a kind of computer program product, it includes being carried on computer-readable Computer program on medium, the computer program include the program code for being used for performing the method shown in key step figure. In above-described embodiment, the computer program can be downloaded and installed by communications portion 509 from network, and/or from removable Medium 511 is unloaded to be mounted.When the computer program is performed by CPU 501, perform and limited in the system of the present invention Above-mentioned function.
It should be noted that the computer-readable medium shown in the present invention can be computer-readable signal media or meter Calculation machine readable storage medium storing program for executing either the two any combination.Computer-readable recording medium for example can be --- but not Be limited to --- electricity, magnetic, optical, electromagnetic, system, device or the device of infrared ray or semiconductor, or it is any more than combination.Meter The more specifically example of calculation machine readable storage medium storing program for executing can include but is not limited to:Electrical connection with one or more wires, just Take formula computer disk, hard disk, random access storage device (RAM), read-only storage (ROM), erasable type and may be programmed read-only storage Device (EPROM or flash memory), optical fiber, portable compact disc read-only storage (CD-ROM), light storage device, magnetic memory device, Or above-mentioned any appropriate combination.In the present invention, computer-readable recording medium can any include or store journey The tangible medium of sequence, the program can be commanded the either device use or in connection of execution system, device.In this hair In bright, computer-readable signal media can be included in a base band or as a part of data-signal propagated of carrier wave, wherein Carry computer-readable program code.The data-signal of this propagation can take various forms, and include but is not limited to electricity Magnetic signal, optical signal or above-mentioned any appropriate combination.Computer-readable signal media can also be computer-readable storage medium Any computer-readable medium beyond matter, the computer-readable medium can be sent, propagated or transmitted for being held by instruction Row system, device either device use or program in connection.The program code included on computer-readable medium It can be transmitted, included but is not limited to any appropriate medium:Wirelessly, electric wire, optical cable, RF etc., or above-mentioned any conjunction Suitable combination.
Flow chart and block diagram in accompanying drawing, it is illustrated that according to the system of various embodiments of the invention, method and computer journey Architectural framework in the cards, function and the operation of sequence product.At this point, each square frame in flow chart or block diagram can generation The part of one module of table, program segment or code, a part for above-mentioned module, program segment or code include one or more For realizing the executable instruction of defined logic function.It should also be noted that some as replace realization in, institute in square frame The function of mark can also be with different from the order marked in accompanying drawing generation.For example, two square frames succeedingly represented are actual On can perform substantially in parallel, they can also be performed in the opposite order sometimes, and this is depending on involved function. It should be noted that the combination of each square frame and block diagram in block diagram or flow chart or the square frame in flow chart, can use and perform Defined function or the special hardware based system of operation realize, or can use specialized hardware and computer instruction Combine to realize.
Being described in unit involved in the embodiment of the present invention can be realized by way of software, can also be by hard The mode of part is realized.Described unit can also be set within a processor, for example, can be described as:A kind of processor bag Include receiving unit and recognition unit.Wherein, the title of these units does not form the limit to the unit in itself under certain conditions It is fixed, for example, receiving unit is also described as " being used for the unit for sending daily record to recognition unit and reporting request ".
As on the other hand, present invention also offers a kind of computer-readable medium, the computer-readable medium can be Included in equipment described in above-described embodiment;Can also be individualism, and without be incorporated the equipment in.Above-mentioned meter Calculation machine computer-readable recording medium carries one or more program, when said one or multiple programs are performed by the equipment so that The step of equipment performs includes:The daily record for receiving carrying login banner reports request;It is determined that the daily record reports request to take When encryption identification corresponding with the login banner being not present in the data of band, reporting request to be defined as malice the daily record please Ask.
Technical scheme according to embodiments of the present invention, by user's Website login, according to the login banner of user, profit Encryption identification is generated with preset algorithm, and encryption identification is implanted into the cookie file of user place client, so that user When Website login browses webpage, the daily record of transmission reports the cookie information for being carried in request and including encryption identification, utilizes this Encryption information can accurately differentiate malicious requests and normal request, and then malicious requests can be shielded, based on normal request The real-time recommendation of commodity is carried out, recommends real-time, accuracy and Consumer's Experience so as to improve, overcomes prior art afterwards It was found that, caused by post-processing the defects of poor real, accuracy difference.
Above-mentioned embodiment, does not form limiting the scope of the invention.Those skilled in the art should be bright It is white, depending on design requirement and other factors, various modifications, combination, sub-portfolio and replacement can occur.It is any Modifications, equivalent substitutions and improvements made within the spirit and principles in the present invention etc., should be included in the scope of the present invention Within.

Claims (11)

  1. A kind of 1. method for identifying malicious requests, it is characterised in that including:
    The daily record for receiving carrying login banner reports request;
    It is determined that the daily record report request carry data in encryption identification corresponding with the login banner is not present when, general The daily record reports request to be defined as malicious requests.
  2. 2. according to the method for claim 1, it is characterised in that encryption identification corresponding with the login banner is using pre- The login banner is calculated imputation method.
  3. 3. according to the method for claim 1, it is characterised in that methods described further comprises:
    Receive logging request that client is sent, carrying login banner;Encryption identification is generated according to the login banner;
    When it is determined that the encryption identification is not present in the data that the logging request carries, the encryption identification is sent to visitor Family end is simultaneously stored in client cookie file.
  4. 4. according to the method for claim 1, it is characterised in that the daily record reports request further to carry cookie letters Breath;And
    It is described it is determined that the daily record report request carry data in encryption identification corresponding with the login banner is not present When, reporting request to be defined as malicious requests the daily record includes:
    The login banner of request carrying is reported according to the daily record, generates encryption identification corresponding with the login banner;
    It is determined that the daily record report request carry cookie information in encryption identification is not present when, will be submitted a report asking in the daily record Ask and be defined as malicious requests;
    It is determined that the daily record report request carry cookie information in encryption identification be present when, by the encryption identification and with this Encryption identification is compared corresponding to login banner;If comparative result is difference, request is reported to be defined as disliking the daily record Meaning request.
  5. 5. according to the method for claim 4, it is characterised in that methods described further comprises:
    If the comparative result is identical, request is reported to be defined as normal request the daily record.
  6. 6. according to any described methods of claim 1-5, it is characterised in that the daily record reports request further to carry:It is clear Look at daily record data and click logs data.
  7. A kind of 7. device for identifying malicious requests, it is characterised in that including:
    Receiving unit, the daily record that login banner is carried for receiving report request;
    Recognition unit, for it is determined that the daily record report request carry data in be not present it is corresponding with the login banner During encryption identification, request is reported to be defined as malicious requests the daily record.
  8. 8. device according to claim 7, it is characterised in that encryption identification corresponding with the login banner is using pre- The login banner is calculated imputation method;The daily record reports request further to carry:Travel log data and Click logs data;And described device further comprises:
    Ciphering unit, for receiving client transmission, carrying login banner logging request;Generated according to the login banner Encryption identification;When it is determined that the encryption identification is not present in the data that the logging request carries, the encryption identification is sent out It is sent to client and is stored in client cookie file.
  9. 9. the device according to claim 7 or 8, it is characterised in that the daily record reports request further to carry cookie Information;And the recognition unit is used for:
    The login banner of request carrying is reported according to the daily record, generates encryption identification corresponding with the login banner;
    It is determined that the daily record report request carry cookie information in encryption identification is not present when, will be submitted a report asking in the daily record Ask and be defined as malicious requests;
    It is determined that the daily record report request carry cookie information in encryption identification be present when, by the encryption identification and with this Encryption identification is compared corresponding to login banner:If comparative result is difference, request is reported to be defined as disliking the daily record Meaning request;If the comparative result is identical, request is reported to be defined as normal request the daily record.
  10. 10. a kind of electronic equipment, it is characterised in that including:
    One or more processors;
    Storage device, for storing one or more programs,
    When one or more of programs are by one or more of computing devices so that one or more of processors are real The now method as described in any in claim 1-6.
  11. 11. a kind of computer-readable recording medium, is stored thereon with computer program, it is characterised in that described program is processed The method as described in any in claim 1-6 is realized when device performs.
CN201710805740.6A 2017-09-08 2017-09-08 Method and device for identifying malicious request Active CN107634942B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710805740.6A CN107634942B (en) 2017-09-08 2017-09-08 Method and device for identifying malicious request

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710805740.6A CN107634942B (en) 2017-09-08 2017-09-08 Method and device for identifying malicious request

Publications (2)

Publication Number Publication Date
CN107634942A true CN107634942A (en) 2018-01-26
CN107634942B CN107634942B (en) 2020-07-31

Family

ID=61101067

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710805740.6A Active CN107634942B (en) 2017-09-08 2017-09-08 Method and device for identifying malicious request

Country Status (1)

Country Link
CN (1) CN107634942B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110764979A (en) * 2018-07-27 2020-02-07 北京京东尚科信息技术有限公司 Log identification method, system, electronic device and computer readable medium
CN111625721A (en) * 2020-05-26 2020-09-04 汉海信息技术(上海)有限公司 Content recommendation method and device

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7421733B2 (en) * 2002-02-06 2008-09-02 Hewlett-Packard Development Company, L.P. System and method for providing multi-class processing of login requests
CN101827079A (en) * 2010-01-27 2010-09-08 南京大学 Blocking and attacking-resistant terminal connection building method and terminal access authenticating system
CN102685081A (en) * 2011-03-17 2012-09-19 腾讯科技(深圳)有限公司 Webpage request safe processing method and system
CN103179134A (en) * 2013-04-19 2013-06-26 中国建设银行股份有限公司 Single sign on method and system based on Cookie and application server thereof
CN103944900A (en) * 2014-04-18 2014-07-23 中国科学院计算技术研究所 Cross-station request attack defense method and device based on encryption
CN104519018A (en) * 2013-09-29 2015-04-15 阿里巴巴集团控股有限公司 Method, device and system for preventing malicious requests for server
CN104639387A (en) * 2014-12-09 2015-05-20 北京京东尚科信息技术有限公司 Users' network behavior tracking method and equipment
CN105208033A (en) * 2015-10-08 2015-12-30 华中科技大学 Group auxiliary recommendation method and system based on intelligent terminal scenes
US20160014117A1 (en) * 2013-06-05 2016-01-14 Sk Planet Co., Ltd. Authentication method using security token, and system and apparatus for same
CN105610938A (en) * 2015-12-24 2016-05-25 广州爱九游信息技术有限公司 Logging status synchronization method and system
CN106850599A (en) * 2017-01-18 2017-06-13 中国科学院信息工程研究所 A kind of NAT detection methods based on fusion user behavior and sudden peal of thunder ID

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7421733B2 (en) * 2002-02-06 2008-09-02 Hewlett-Packard Development Company, L.P. System and method for providing multi-class processing of login requests
CN101827079A (en) * 2010-01-27 2010-09-08 南京大学 Blocking and attacking-resistant terminal connection building method and terminal access authenticating system
CN102685081A (en) * 2011-03-17 2012-09-19 腾讯科技(深圳)有限公司 Webpage request safe processing method and system
CN103179134A (en) * 2013-04-19 2013-06-26 中国建设银行股份有限公司 Single sign on method and system based on Cookie and application server thereof
US20160014117A1 (en) * 2013-06-05 2016-01-14 Sk Planet Co., Ltd. Authentication method using security token, and system and apparatus for same
CN104519018A (en) * 2013-09-29 2015-04-15 阿里巴巴集团控股有限公司 Method, device and system for preventing malicious requests for server
CN103944900A (en) * 2014-04-18 2014-07-23 中国科学院计算技术研究所 Cross-station request attack defense method and device based on encryption
CN104639387A (en) * 2014-12-09 2015-05-20 北京京东尚科信息技术有限公司 Users' network behavior tracking method and equipment
CN105208033A (en) * 2015-10-08 2015-12-30 华中科技大学 Group auxiliary recommendation method and system based on intelligent terminal scenes
CN105610938A (en) * 2015-12-24 2016-05-25 广州爱九游信息技术有限公司 Logging status synchronization method and system
CN106850599A (en) * 2017-01-18 2017-06-13 中国科学院信息工程研究所 A kind of NAT detection methods based on fusion user behavior and sudden peal of thunder ID

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110764979A (en) * 2018-07-27 2020-02-07 北京京东尚科信息技术有限公司 Log identification method, system, electronic device and computer readable medium
CN111625721A (en) * 2020-05-26 2020-09-04 汉海信息技术(上海)有限公司 Content recommendation method and device
CN111625721B (en) * 2020-05-26 2023-12-22 汉海信息技术(上海)有限公司 Content recommendation method and device

Also Published As

Publication number Publication date
CN107634942B (en) 2020-07-31

Similar Documents

Publication Publication Date Title
CN107105031A (en) Information-pushing method and device
US10362086B2 (en) Method and system for automating submission of issue reports
CN108805594A (en) Information-pushing method and device
US10885466B2 (en) Method for performing user profiling from encrypted network traffic flows
CN111488995B (en) Method, device and system for evaluating joint training model
CN107908666A (en) A kind of method and apparatus of identification equipment mark
CN107634947A (en) Limitation malice logs in or the method and apparatus of registration
CN107609890A (en) A kind of method and apparatus of order tracking
CN111612503B (en) Advertisement pushing method and device based on external page delivery touch user information and electronic equipment
CN109685536B (en) Method and apparatus for outputting information
CN109976997A (en) Test method and device
CN107944956A (en) Method and apparatus for generating information
CN107426328A (en) Information-pushing method and device
CN109388548A (en) Method and apparatus for generating information
CN107295067A (en) Across the method and apparatus of screen identification user
CN108334641A (en) The method of acquisition user behavior data, system, electronic equipment, storage medium
US20150370899A1 (en) Shortened url management method and management device, and storage medium storing computer program for management thereof
CN111061956A (en) Method and apparatus for generating information
CN107958009A (en) Company information acquisition methods, device and equipment
CN107784076A (en) The method and apparatus of visualization structure user behavior data
CN110866040A (en) User portrait generation method, device and system
CN107346344A (en) The method and apparatus of text matches
CN110737645B (en) Data migration method and system among different systems and related equipment
CN108702334A (en) The method and system of distributed testing for the network configuration for zero rate
CN107291835A (en) A kind of recommendation method and apparatus of search term

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant