CN108616522A - A kind of internet data acquisition methods and acquisition device - Google Patents

A kind of internet data acquisition methods and acquisition device Download PDF

Info

Publication number
CN108616522A
CN108616522A CN201810324739.6A CN201810324739A CN108616522A CN 108616522 A CN108616522 A CN 108616522A CN 201810324739 A CN201810324739 A CN 201810324739A CN 108616522 A CN108616522 A CN 108616522A
Authority
CN
China
Prior art keywords
user
access
time
internet data
access interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201810324739.6A
Other languages
Chinese (zh)
Inventor
周宜星
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Copper Qian Cao Science And Technology Co Ltd
Original Assignee
Suzhou Copper Qian Cao Science And Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Copper Qian Cao Science And Technology Co Ltd filed Critical Suzhou Copper Qian Cao Science And Technology Co Ltd
Priority to CN201810324739.6A priority Critical patent/CN108616522A/en
Publication of CN108616522A publication Critical patent/CN108616522A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The present invention provides a kind of internet data acquisition methods and acquisition device, including:Receive the call request that at least one user sends;The corresponding user behavior data of the user is obtained according to the call request for each described user at least one user;The corresponding user behavior data of the user obtained is analyzed, and obtains the behavioural analysis result of the user behavior;According to the behavioural analysis of acquisition as a result, determining whether that the user calls access interface corresponding with the call request to obtain internet data.This programme can reduce internet data and be taken off the risk taken.

Description

A kind of internet data acquisition methods and acquisition device
Technical field
The present invention relates to field of computer technology, more particularly to a kind of internet data acquisition methods and acquisition device.
Background technology
With the continuous development of Internet technology, as information source, the effect for issuing data becomes more and more important for website.And During information is issued with propagation, how to ensure that the safety of information in website has become the topic for having to solve at present.
Currently, website detection exception IP methods are mainly to be pre-processed to raw security daily record data, from pretreated As a result characteristic is extracted in, and is classified to characteristic, and abnormal behaviour library and normal behaviour library are created.It recycles abnormal Behavior library and normal behaviour library carry out abnormal behaviour judgement to obtaining new behavior sample data from new security log data.
But when creating normal behaviour database and abnormal behaviour database, enough sample behavioral datas are needed, and It obtains enough behavior sample data and then needs a period of time, and in time period, internet data can be increased taken off and take Risk.
Invention content
An embodiment of the present invention provides a kind of internet data acquisition methods and acquisition device, can reduce internet data Taken off the risk taken.
In a first aspect, an embodiment of the present invention provides a kind of internet data acquisition methods, including:Receive at least one use The call request that family is sent;It is obtained according to the call request for each described user at least one user The corresponding user behavior data of the user;The corresponding user behavior data of the user obtained is analyzed, and obtains institute State the behavioural analysis result of user behavior;According to the behavioural analysis of acquisition as a result, determining whether that the user calls Access interface corresponding with the call request obtains internet data.
Preferably, the user behavior data, including:Access IP, access time and access interface;It is described according to the tune With request, the corresponding user behavior data of the user is obtained, including:The user obtained in the call request is corresponding Access IP, access time and access interface;The corresponding user behavior data of the user that the analysis obtains, and obtain The behavioural analysis of the user behavior is as a result, include:Determine that by the access IP, the upper of application is called described by the user The primary history access time for calling the random access interface in internet;By the access time and the history access time Subtract each other, obtains the time difference;The behavioural analysis according to acquisition as a result, determine whether the user call with it is described The corresponding access interface of call request obtains internet data, including:According to the time difference of acquisition, it is determined whether allow institute Stating user calls access interface corresponding with the call request to obtain internet data.
Preferably, the time difference according to acquisition, it is determined whether allow the user to call and asked with the calling Corresponding access interface is asked to obtain internet data, including:For the call request described each time of the user,
S0:It determines whether the time difference obtained is more than preset first threshold a, if so, executing S6, otherwise, executes S1;
S1 :Determine that the time difference whether in preset second threshold [b, a], if so, executing S2, otherwise executes S3;
S2:It is 1s/ times to limit the user and call the frequency of the access interface, executes S6;
S3:Determine that the time difference whether in preset third threshold value [c, b], if so, executing S4, otherwise executes S5;
S4:Identifying code is sent to the user, when receive that the user sends according to the identifying code tests with described
S5:The user is forbidden to obtain the internet data by the User IP;
S6:Allow the user that the access interface is called to obtain internet data.
Preferably, the S2, including:The user is recorded in the interior access exception of the second threshold [b, a] 1 time;It determines Whether the access exception of record is the user in the interior x: th accumulated of the second threshold [b, a], it is preferable that described S4, including:The user is recorded in the interior access exception of the third threshold value [c, b] 1 time;Determining the access exception of record is No the y times accumulated in the third threshold value [c, b] for the user is tested if so, executing described sent to the user Code is demonstrate,proved, when receiving the acknowledgement information identical with the identifying code that the user sends according to the identifying code, executes S6, Otherwise S6 is executed.
Preferably, the step S5, including:Record the user preset 4th threshold value (0, c] interior access exception 1 It is secondary;
Determine the access exception of record whether be the user the 4th threshold value (0, c] in accumulate the z times, if It is that the user is forbidden to obtain the internet data by the User IP described in execution, otherwise executes S6.
Preferably, when the random access interface is the access interface;The determination user passes through the visit It asks the IP history access times for calling the random access interface in internet, including:The user is determined by the access IP, In the upper history access time for once calling the access interface for calling application.
Second aspect, an embodiment of the present invention provides a kind of internet data acquisition device, including:Acquiring unit is used for Receive the call request that at least one user sends;For each described user at least one user, according to institute Call request is stated, the corresponding user behavior data of the user is obtained;Processing unit, for analyzing the acquiring unit acquisition The corresponding user behavior data of the user, and obtain the behavioural analysis result of the user behavior;Determination unit is used for The behavioural analysis obtained according to the processing unit is as a result, determine whether that the user calls and the call request Corresponding access interface obtains internet data.
Preferably, when the user behavior data, including:When accessing IP, access time and access interface, the acquisition is single Member, for obtaining the corresponding access IP of the user in the call request, access time and access interface;The processing is single Member, for determining the user by the access IP, in the upper primary arbitrary visit called in internet for calling application Ask the history access time of interface;The access time and the history access time are subtracted each other, the time difference is obtained;It is described true Order member, for the time difference according to acquisition, it is determined whether allow the user to call corresponding with the call request Access interface obtains internet data.
Preferably, the processing unit is executed for the call request described each time for the user:
S0:It determines whether the time difference obtained is more than preset first threshold a, if so, executing S6, otherwise, executes S1;
S1 :Determine that the time difference whether in preset second threshold [b, a], if so, executing S2, otherwise executes S3;
S2:It is 1s/ times to limit the user and call the frequency of the access interface, executes S6;
S3:Determine that the time difference whether in preset third threshold value [c, b], if so, executing S4, otherwise executes S5;
S4:Identifying code is sent to the user, it is being sent according to the identifying code with the identifying code when receiving the user When identical acknowledgement information, and execute S6;
S5:The user is forbidden to obtain the internet data by the User IP;
S6:Allow the user that the access interface is called to obtain internet data.
Preferably, the processing unit, for recording the user in the interior access exception of the second threshold [b, a] 1 time; Determine whether the access exception of record is x: th of the user in the interior accumulation of the second threshold [b, a], if so, It is 1s/ times to execute the limitation user and call the frequency of the access interface, executes S6, otherwise executes S6.
Preferably, the processing unit, for recording the user in the interior access exception of the third threshold value [c, b] 1 time; The y times for determining the access exception of record whether be the user accumulating in the third threshold value [c, b], if so, Execute it is described send identifying code to the user, it is being sent according to the identifying code with the identifying code when receiving the user When identical acknowledgement information, S6 is executed, S6 is otherwise executed;
Preferably, the processing unit, for record the user preset 4th threshold value (0, c] interior access exception 1 time;Really Surely the access exception recorded whether be the user the 4th threshold value (0, c] in accumulate the z times, if so, holding Forbid the user to obtain the internet data by the User IP described in row, otherwise executes S6.
Preferably, when the random access interface is the access interface;
The processing unit, for determining the user by the access IP, in the upper primary calling institute for calling application State the history access time of access interface.
In embodiments of the present invention, it when receiving the call request of user's transmission, needs first to be obtained according to call request The user behavior data of user, then user behavior data is analyzed, you can determine whether user can obtain interconnection netting index According to without the behavioral data of user to be compared with other behavior sample data, avoiding and obtaining enough behaviors Internet data, which is taken off, when sample data takes, and the risk taken is taken off so as to reduce internet data.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is the present invention Some embodiments for those of ordinary skill in the art without creative efforts, can also basis These attached drawings obtain other attached drawings.
Fig. 1 is a kind of flow chart for internet data acquisition methods that one embodiment of the invention provides;
Fig. 2 is the flow chart for another internet data acquisition methods that one embodiment of the invention provides;
Fig. 3 is a kind of structural schematic diagram for internet data acquisition device that one embodiment of the invention provides.
Specific implementation mode
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments, based on the embodiments of the present invention, those of ordinary skill in the art The every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
As shown in Figure 1, an embodiment of the present invention provides a kind of internet acquisition methods, including:
Step 101:Receive the call request that at least one user sends;
Step 102:For each described user at least one user, according to the call request, described in acquisition The corresponding user behavior data of user;
Step 103:The corresponding user behavior data of the user obtained is analyzed, and obtains the behavior of the user behavior Analysis result;Step 104:According to the behavioural analysis of acquisition as a result, determining whether that the user calls and the tune Internet data is obtained with corresponding access interface is asked.
In embodiments of the present invention, it when receiving the call request of user's transmission, is not necessarily to and other behavior sample data It is compared, only need to obtain user behavior data according to call request, then analyze the user behavior data of acquisition, need The user behavior data of user is first obtained according to call request, then user behavior data is analyzed, you can determines that user is It is no to obtain internet data, without the behavioral data of user to be compared with other behavior sample data, avoid When obtaining enough behavior sample data, internet data, which is taken off, takes, and the wind taken is taken off so as to reduce internet data Danger.
In an embodiment of the present invention, the user behavior data, including:Access IP, access time and access interface;Institute It states according to the call request, obtains the corresponding user behavior data of the user, including:Obtain the institute in the call request State the corresponding access IP of user, access time and access interface;The corresponding user's row of the user that the analysis obtains For data, and the behavioural analysis of the user behavior is obtained as a result, including:The user is determined by the access IP, in institute State the last history access time for calling the random access interface in internet for calling application;By the access time and institute It states history access time to subtract each other, obtains the time difference;The behavioural analysis according to acquisition is as a result, determine whether described User calls access interface corresponding with the call request to obtain internet data, including:According to the time difference of acquisition, Determine whether that the user calls access interface corresponding with the call request to obtain internet data.
In embodiments of the present invention, it when determining whether user can obtain internet data, needs to be sent according to user Calling application, to obtain the access IP of user, access time and access interface, according to access IP, obtain this user this tune Time with access interface and the last time difference for calling random access interface, further according to the time difference of acquisition, you can determine Whether this user can obtain internet data.To sum up, it when determining whether user can obtain internet data, only needs It is this time called according to the access IP of user the time difference of the access time and last time calling random access interface of access interface, and nothing The behavioral data of user need to be compared with other behavior sample data, enough behavior samples are being obtained so as to reduce Internet data is taken off the risk taken when notebook data.
In an embodiment of the present invention, the time difference according to acquisition, it is determined whether the user is allowed to call Access interface corresponding with the call request obtains internet data, including:
For the call request described each time of the user,
S0:It determines whether the time difference obtained is more than preset first threshold a, if so, executing S6, otherwise, executes S1;
S1 :Determine that the time difference whether in preset second threshold [b, a], if so, executing S2, otherwise executes S3;
S2:It is 1s/ times to limit the user and call the frequency of the access interface, executes S6;
S3:Determine that the time difference whether in preset third threshold value [c, b], if so, executing S4, otherwise executes S5;
S4:Identifying code is sent to the user, it is being sent according to the identifying code with the identifying code when receiving the user When identical acknowledgement information, and execute S6;
S5:The user is forbidden to obtain the internet data by the User IP;
S6:Allow the user that the access interface is called to obtain internet data.
In embodiments of the present invention, after obtaining the time difference that user calls access interface according to the access time of user,
It needs time difference being compared with preset threshold value, so as to which the access of user is judged and limited according to comparison result System avoids user from being taken off for machine access and takes internet data, the risk taken is taken off so as to reduce internet data.
Whether allow user to obtain internet data, or the access behavior of user is limited.
In an embodiment of the present invention, the S2, including:
The user is recorded in the interior access exception of the second threshold [b, a] 1 time;
Determine whether the access exception of record is x: th of the user in the interior accumulation of the second threshold [b, a],
If so, it is 1s/ times to execute the limitation user to call the frequency of the access interface, S6 is executed, is otherwise executed S6。
In embodiments of the present invention, when the time difference corresponding to the user preset second threshold (for example, [500ms,
1000ms]) it is interior when, need record user this time in second threshold access exception, and determine user whether in the second threshold The abnormal access number of accumulation in value reaches x times the abnormal access number of accumulation (for example, 3 times), and if only if the different of user When normal access times reach x times, the access frequency for reducing user is needed, avoids being frequently visited by the user internet data.
In an embodiment of the present invention, the S4, including:
The user is recorded in the interior access exception of the third threshold value [c, b] 1 time;
The y times for determining the access exception of record whether be the user accumulating in the third threshold value [c, b],
If so, execute it is described send identifying code to the user, when receiving what the user sent according to the identifying code When acknowledgement information identical with the identifying code, S6 is executed, S6 is otherwise executed.
In embodiments of the present invention, when the time difference corresponding to the user preset third threshold value (for example, [200ms,
When 500ms)) interior, need to record user's this time access exception in third threshold value, and determine user whether in third threshold value The abnormal access number of interior accumulation reaches y times the abnormal access number of accumulation (for example, 3 times), and if only if the exception of user Whether when access times reach y times, it is this time that machine accesses, and is receiving and identifying code to send identifying code to user to determine When identical acknowledgement information, just user is allowed to obtain internet data.To sum up, according to user in preset threshold value, The abnormal access number of accumulation and corresponding volume is done to the access of user and is limited, internet data can be reduced by the risk taken of lying prone.
In an embodiment of the present invention, the step S5, including:
Record the user preset 4th threshold value (0, c] interior access exception 1 time;
Determine the access exception of record whether be the user the 4th threshold value (0, c] in accumulate the z times, if It is that the user is forbidden to obtain the internet data by the User IP described in execution, otherwise executes S6.
In embodiments of the present invention, when the time difference corresponding to the user preset 4th threshold value (for example, (0ms,
When 200ms)) interior, need to record user's this time access exception in the 4th threshold value, and determine user whether in the 4th threshold value The abnormal access number of interior accumulation reaches z times (such as the abnormal access number of accumulation 2 times), and if only if the different of user's accumulation When normal access times reach z times, user is directly pulled in into blacklist, user is forbidden to obtain internet data, can be used to avoid this Family, which is taken off, takes internet data, so as to improve the safety of internet data.
In an embodiment of the present invention, when the random access interface is the access interface;
The determination user calls the history access time of the random access interface in internet, packet by the access IP It includes:
Determine that the user by the access IP, visits in the upper history for once calling the access interface for calling application Ask the time.
In embodiments of the present invention, it when analyzing the access behavior of user, needs, according to the corresponding access IP of user, to determine User's last time calls the history access time of same access interface by accessing IP, according to history access time and this access Time finds out the time difference, can determine whether that user obtains internet data further according to the time difference, no longer need to obtain enough More behavior sample data are taken off the risk taken so as to reduce the internet data when obtaining behavior sample data.
In order to more clearly illustrate technical scheme of the present invention and advantage, it is with preset first threshold below
1000ms, second threshold be [500ms, 1000ms], third threshold value be [200ms, 500ms) and the 4th threshold value for (0ms, 200) and user a is by accessing IP, and it is 26 minutes 10 points of on December 11st, 2016 that this, which calls the access time of access interface a, 01 second and call the history access time of access interface a be 26 minutes and 55 seconds 10 points of on December 11st, 2016 and for, to the present invention A kind of internet data acquisition methods that embodiment provides are described in detail, as shown in Fig. 2, specifically including following steps:
Step 201:Receive what user a was sent by accessing IP when access time is 10: 49 26: on the 11st December in 2016 Call the call request of access interface a.
Specifically, for the sensitive data in internet, corresponding sensitive data can be protected by access interface, works as reception To user send calling application when, then can directly according to call application relevant information come determine whether user obtain Internet data, without obtaining enough behavior sample data, so as to reduce internet data by the risk taken of lying prone.
Step 202:According to the call request of user a, when determining that user a calls the access of access interface a by accessing IP Between 26 minutes and 55 seconds 10 points of on December 11st, 2016.
Specifically, when determining whether user can obtain internet data, mainly according to user at same access IP, The time difference of identical access interface is called to determine.
Step 203:It is 2016 to determine that user a calls the history access time of access interface a by the access IP last times
26 minutes and 01 second 10 points of December 11.
Specifically, it is determined that user is by same access IP, in the upper primary history access time for calling access interface a, with Make to determine whether that user obtains internet data according to the time difference of history access time and this visit time.
Step 204:It will be 26 minutes and 55 seconds 10 points of on December 11st, 2016 and 2016 12 history access time access time 10 points of the moon 11 subtracts each other for 01 second 26 minutes, and the acquisition time difference is 54s.
Specifically, it when determining that user accumulates the same access interface of calling by same access IP, needs to be visited according to this It asks that time and history access time acquire the time difference, is compared with preset threshold value further according to the time difference, it is determined whether permitted Family allowable obtains internet data.
Step 205:The time difference 54s of acquisition and first threshold 1000ms is compared, determines that the time difference is less than first threshold.
Specifically, it after getting user's corresponding time difference, needs time difference and preset different grades of threshold value It is compared, so as to determine whether user can obtain internet data in corresponding threshold value according to the time difference.
Step 206:Time difference 54s and second threshold [500ms, 1000ms] are compared, determine the time difference second In threshold value.
Specifically, determining that the time difference no more than after first threshold, needs time difference being compared with second threshold, pass through Crossing comparison can determine time difference 54s in second threshold.
Step 207:User a is recorded by access IP when access time is 11 days 10 points 26 minutes 55 December in 2016, Access exception 1 time in second threshold.
Specifically, when determining that user accesses the time difference of calling access interface a in second threshold by accessing IP, really Determine user's this visit exception, the time for recording this visit, the access interface for accessing IP and being called, so as to sentence afterwards As foundation when the behavior of disconnected user a.
Step 208:Determine user a by access IP call the cumulative frequency of access interface a be twice, it is not up to preset Cumulative frequency 3 times, specifically, determine user call the time difference of access interface a in second threshold when, be not directly to Family carries out restriction, and is to determine user and calls whether the cumulative frequency of same access interface a reaches by same access IP Preset limits value 3 times just can limit user a accordingly when more than or equal to preset limits value 3 times.
Step 209:User a is allowed to call access interface a to obtain internet data by accessing IP.
Specifically, the cumulative frequency of access interface a is called to be not up to preset limits value, institute by accessing IP due to user To allow user a to call access interface a to obtain internet data by accessing IP.
As shown in figure 3, an embodiment of the present invention provides a kind of internet data acquisition device, including:
Acquiring unit 301, the call request sent for receiving at least one user;For every at least one user One user obtains the corresponding user behavior data of the user according to the call request;
Processing unit 302, the corresponding user behavior data of the user for analyzing the acquisition of the acquiring unit 301, And obtain the behavioural analysis result of the user behavior;
Determination unit 303, the behavioural analysis for being obtained according to the processing unit 302 is as a result, determine whether institute Stating user calls access interface corresponding with the call request to obtain internet data.
In embodiments of the present invention, acquiring unit needs first when receiving the call request of user's transmission according to calling The user behavior data of acquisition request user, then the user behavior data obtained through the processing unit to acquiring unit divide Analysis can determine whether user can obtain internet data, without by the behavioral data of user and its by determination unit He is compared behavior sample data, avoids the internet data when obtaining enough behavior sample data and is taken off and takes, from And internet data can be reduced and taken off the risk taken.
In an embodiment of the present invention, when the user behavior data, including:Access IP, access time and access interface When, the acquiring unit connects for obtaining the corresponding access IP of the user in the call request, access time and access Mouthful;The processing unit, for determining the user by the access IP, in the upper primary calling interconnection for calling application The history access time of random access interface in net;The access time and the history access time are subtracted each other, when acquisition Between it is poor;The determination unit, for the time difference according to acquisition, it is determined whether the user is allowed to call and the calling Corresponding access interface is asked to obtain internet data.
In an embodiment of the present invention, the processing unit, the call request described each time for being directed to the user, It executes:
S0:It determines whether the time difference obtained is more than preset first threshold a, if so, executing S6, otherwise, executes S1;
S1 :Determine that the time difference whether in preset second threshold [b, a], if so, executing S2, otherwise executes S3;
S2:It is 1s/ times to limit the user and call the frequency of the access interface, executes S6;
S3:Determine that the time difference whether in preset third threshold value [c, b], if so, executing S4, otherwise executes S5;
S4:Identifying code is sent to the user, it is being sent according to the identifying code with the identifying code when receiving the user When identical acknowledgement information, and execute S6;
S5:The user is forbidden to obtain the internet data by the User IP;
S6:Allow the user that the access interface is called to obtain internet data.
In an embodiment of the present invention, the processing unit, for recording the user in the second threshold [b, a] Access exception 1 time;The for determining the access exception of record whether be the user accumulating in the second threshold [b, a]
X times, if so, it is 1s/ times to execute the limitation user to call the frequency of the access interface, S6 is executed, otherwise Execute S6.
In an embodiment of the present invention, the processing unit, for recording the user in the third threshold value [c, b] Access exception 1 time;The for determining the access exception of record whether be the user accumulating in the third threshold value [c, b]
It y times, if so, execution is described to send identifying code to the user, is sent out according to the identifying code when receiving the user When the acknowledgement information identical with the identifying code sent, S6 is executed, S6 is otherwise executed.
In an embodiment of the present invention, the processing unit, for record the user preset 4th threshold value (0, c] Interior access exception 1 time;Determine the access exception of record whether be the user the 4th threshold value (0, c] in accumulate The z times, if so, the user is forbidden to obtain the internet data by the User IP described in executing, otherwise execute S6.
In an embodiment of the present invention, when the random access interface is the access interface;
The processing unit, for determining the user by the access IP, in the upper primary calling institute for calling application State the history access time of access interface.
The each embodiment of the present invention at least has the advantages that:
1, in an embodiment of the present invention, it when receiving the call request of user's transmission, needs first according to call request
The user behavior data of user is obtained, then user behavior data is analyzed, you can determines whether user can obtain Internet data is avoided and is being obtained enough without the behavioral data of user to be compared with other behavior sample data Internet data, which is taken off, when more behavior sample data takes, and the risk taken is taken off so as to reduce internet data.
2, in an embodiment of the present invention, it when determining whether user can obtain internet data, needs according to user The calling application of transmission, according to IP is accessed, obtains this user's sheet to obtain the access IP of user, access time and access interface The secondary time for calling access interface and the last time difference for calling random access interface, further according to the time difference of acquisition, you can Determine whether this user can obtain internet data.To sum up, when determining whether user can obtain internet data, The access time of access interface only need to be this time called to call the time difference of random access interface with last time according to the access IP of user, Without the behavioral data of user to be compared with other behavior sample data, enough rows are being obtained so as to reduce For sample data when internet data taken off the risk taken.
3, in an embodiment of the present invention, the time difference that user calls access interface is being obtained according to the access time of user Afterwards, it needs time difference being compared with preset threshold value, so as to which the access of user is judged and limited according to comparison result System avoids user from being taken off for machine access and takes internet data, the risk taken is taken off so as to reduce internet data.
4, in an embodiment of the present invention, when the time difference corresponding to the user preset second threshold (for example,
[500ms, 1000ms]) it is interior when, need record user this time in second threshold access exception, and determine user whether The abnormal access number of accumulation in second threshold reaches x times the abnormal access number of accumulation (for example, 3 times), and if only if with When the abnormal access number at family reaches x times, the access frequency for reducing user is needed, avoids being frequently visited by the user internet data.
5, in an embodiment of the present invention, when the time difference corresponding to the user preset third threshold value (for example,
[200ms, 500ms)) it is interior when, need record user this time in third threshold value access exception, and determine user whether The abnormal access number of accumulation in third threshold value reaches y times the abnormal access number of accumulation (for example, 3 times), and if only if with Whether when the abnormal access number at family reaches y times, it is this time that machine accesses, and is receiving to send identifying code to user to determine When acknowledgement information identical with identifying code, just user is allowed to obtain internet data.To sum up, according to user preset In threshold value, the abnormal access number of accumulation and corresponding volume is done to the access of user and is limited, internet data can be reduced lain prone taking Risk.
6, in an embodiment of the present invention, when the time difference corresponding to the user preset 4th threshold value (for example, (0ms,
When 200ms)) interior, need to record user's this time access exception in the 4th threshold value, and determine user whether in the 4th threshold value The abnormal access number of interior accumulation reaches z times (such as the abnormal access number of accumulation 2 times), and if only if the different of user's accumulation When normal access times reach z times, user is directly pulled in into blacklist, user is forbidden to obtain internet data, can be used to avoid this Family, which is taken off, takes internet data, so as to improve the safety of internet data.
7, in an embodiment of the present invention, it when analyzing the access behavior of user, needs according to the corresponding access IP of user, Determine that user's last time calls the history access time of same access interface by accessing IP, according to history access time and this Access time finds out the time difference, can determine whether that user obtains internet data further according to the time difference, no longer need to obtain Enough behavior sample data are taken off the risk taken so as to reduce the internet data when obtaining behavior sample data.
It should be noted that herein, such as first and second etc relational terms are used merely to an entity Or operation is distinguished with another entity or operation, is existed without necessarily requiring or implying between these entities or operation Any actual relationship or order.Moreover, the terms "include", "comprise" or its any other variant be intended to it is non- It is exclusive to include, so that the process, method, article or equipment including a series of elements includes not only those elements, But also include other elements that are not explicitly listed, or further include solid by this process, method, article or equipment Some elements.In the absence of more restrictions, the element limited by sentence " including a 〃 〃 ", it is not excluded that There is also other identical factors in the process, method, article or apparatus that includes the element.
Finally, it should be noted that:The foregoing is merely presently preferred embodiments of the present invention, is merely to illustrate the skill of the present invention Art scheme, is not intended to limit the scope of the present invention.Any modification for being made all within the spirits and principles of the present invention, Equivalent replacement, improvement etc., are included within the scope of protection of the present invention.

Claims (10)

1. a kind of internet data acquisition methods, which is characterized in that including:Receive the call request that at least one user sends;
It obtains the user according to the call request for each described user at least one user and corresponds to User behavior data;
The corresponding user behavior data of the user obtained is analyzed, and obtains the behavioural analysis knot of the user behavior Fruit;
According to the behavioural analysis of acquisition as a result, determining whether that the user calls visit corresponding with the call request Ask that interface obtains internet data.
2. acquisition methods according to claim 1, which is characterized in that
The user behavior data, including:Access IP, access time and access interface;
It is described that the corresponding user behavior data of the user is obtained according to the call request, including:Obtain the call request In the corresponding access IP of the user, access time and access interface;
The corresponding user behavior data of the user that the analysis obtains, and obtain the behavioural analysis of the user behavior As a result, including:
The user is determined by the access IP, the random access in the upper primary calling internet for calling application connects The history access time of mouth;
The access time and the history access time are subtracted each other, the time difference is obtained;
The behavioural analysis according to acquisition is as a result, determine whether that user's calling is opposite with the call request Access interface is answered to obtain internet data, including:
According to the time difference of acquisition, it is determined whether the user is allowed to call access interface corresponding with the call request Obtain internet data.
3. acquisition methods according to claim 2, which is characterized in that
The time difference according to acquisition, it is determined whether the user is allowed to call access corresponding with the call request Interface obtains internet data, including:
For the call request described each time of the user,
S0:It determines whether the time difference obtained is more than preset first threshold a, if so, executing S6, otherwise, executes S1;
S1:Determine that the time difference whether in preset second threshold [b, a], if so, executing S2, otherwise executes S3;
S2:It is 1s/ times to limit the user and call the frequency of the access interface, executes S6;
S3:Determine that the time difference whether in preset third threshold value [c, b], if so, executing S4, otherwise executes S5;
S4:Identifying code is sent to the user, it is being sent according to the identifying code with the identifying code when receiving the user When identical acknowledgement information, and execute S6;
S5:The user is forbidden to obtain the internet data by the User IP;
S6:Allow the user that the access interface is called to obtain internet data.
4. acquisition methods according to claim 3, which is characterized in that the S2, including:
The user is recorded in the interior access exception of the second threshold [b, a] 1 time;
Determine whether the access exception of record is x: th of the user in the interior accumulation of the second threshold [b, a], if It is that it is 1s/ times that the execution limitation user, which calls the frequency of the access interface, executes S6, otherwise executes S6;
And/or
The S4, including:
The user is recorded in the interior access exception of the third threshold value [c, b] 1 time;
The y times for determining the access exception of record whether be the user accumulating in the third threshold value [c, b], if Be execute it is described send identifying code to the user, when receive that the user sends according to the identifying code tests with described When demonstrate,proving the identical acknowledgement information of code, S6 is executed, S6 is otherwise executed;
And/or
The step S5, including:
Record the user preset 4th threshold value (0, c] interior access exception 1 time;
Determine the access exception of record whether be the user the 4th threshold value (0, c] in accumulate the z times, if It is that the user is forbidden to obtain the internet data by the User IP described in execution, otherwise executes S6.
5. according to any acquisition methods in claim 2 to 4, which is characterized in that when the random access interface is institute When stating access interface;
The determination user calls the history access time of the random access interface in internet, packet by the access IP It includes:
Determine that the user by the access IP, visits in the upper history for once calling the access interface for calling application Ask the time.
6. a kind of internet data acquisition device, which is characterized in that including:
Acquiring unit, the call request sent for receiving at least one user;For each at least one user A user obtains the corresponding user behavior data of the user according to the call request;
Processing unit, the corresponding user behavior data of the user obtained for analyzing the acquiring unit, and obtain The behavioural analysis result of the user behavior;
Determination unit, the behavioural analysis for being obtained according to the processing unit is as a result, determine whether the user Access interface corresponding with the call request is called to obtain internet data.
7. acquisition device according to claim 6, which is characterized in that
When the user behavior data, including:When accessing IP, access time and access interface,
The acquiring unit, for obtaining the corresponding access IP of the user in the call request, access time and access Interface;
The processing unit, for determining that the user by the access IP, calls the upper primary calling applied mutual described The history access time of random access interface in networking;The access time and the history access time are subtracted each other, obtained Time difference;
The determination unit, for the time difference according to acquisition, it is determined whether the user is allowed to call and the calling Corresponding access interface is asked to obtain internet data.
8. acquisition device according to claim 7, which is characterized in that
The processing unit is executed for the call request described each time for the user:
S0:It determines whether the time difference obtained is more than preset first threshold a, if so, executing S6, otherwise, executes S1;
S1:Determine that the time difference whether in preset second threshold [b, a], if so, executing S2, otherwise executes S3;
S2:It is 1s/ times to limit the user and call the frequency of the access interface, executes S6;
S3:Determine that the time difference whether in preset third threshold value [c, b], if so, executing S4, otherwise executes S5;
S4:Identifying code is sent to the user, it is being sent according to the identifying code with the identifying code when receiving the user
When identical acknowledgement information, and execute S6;
S5:The user is forbidden to obtain the internet data by the User IP;
S6:Allow the user that the access interface is called to obtain internet data.
9. acquisition device according to claim 8, which is characterized in that
The processing unit, for recording the user in the interior access exception of the second threshold [b, a] 1 time;Determine record Whether the access exception is x: th of the user in the interior accumulation of the second threshold [b, a], if so, executing the limit It is 1s/ times to make the user and call the frequency of the access interface, executes S6, otherwise executes S6;
And/or
The processing unit, for recording the user in the interior access exception of the third threshold value [c, b] 1 time;Determine record Accumulated in the third threshold value [c, b] the y time that whether access exception is the user, if so, execution it is described to The user sends identifying code, when the receipt identical with the identifying code for receiving the user and being sent according to the identifying code When information, S6 is executed, S6 is otherwise executed;
And/or
The processing unit, for record the user preset 4th threshold value (0, c] interior access exception 1 time;Determine record The access exception whether be the user the 4th threshold value (0, c] in accumulate the z time, if so, described in execution Forbid the user to obtain the internet data by the User IP, otherwise executes S6.
10. according to any acquisition device in claim 7 to 9, which is characterized in that when the random access interface is When the access interface;
The processing unit, for determining the user by the access IP, in the upper primary calling institute for calling application State the history access time of access interface.
CN201810324739.6A 2018-04-12 2018-04-12 A kind of internet data acquisition methods and acquisition device Withdrawn CN108616522A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810324739.6A CN108616522A (en) 2018-04-12 2018-04-12 A kind of internet data acquisition methods and acquisition device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810324739.6A CN108616522A (en) 2018-04-12 2018-04-12 A kind of internet data acquisition methods and acquisition device

Publications (1)

Publication Number Publication Date
CN108616522A true CN108616522A (en) 2018-10-02

Family

ID=63659714

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810324739.6A Withdrawn CN108616522A (en) 2018-04-12 2018-04-12 A kind of internet data acquisition methods and acquisition device

Country Status (1)

Country Link
CN (1) CN108616522A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113807862A (en) * 2021-01-29 2021-12-17 北京沃东天骏信息技术有限公司 Access security control method, device, equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105262717A (en) * 2015-08-31 2016-01-20 福建天晴数码有限公司 Network service security management method and device
CN107528861A (en) * 2017-10-12 2017-12-29 山东浪潮云服务信息科技有限公司 A kind of method and device for determining IP user's access rights
CN107888604A (en) * 2017-11-27 2018-04-06 山东浪潮云服务信息科技有限公司 A kind of internet data acquisition methods and acquisition device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105262717A (en) * 2015-08-31 2016-01-20 福建天晴数码有限公司 Network service security management method and device
CN107528861A (en) * 2017-10-12 2017-12-29 山东浪潮云服务信息科技有限公司 A kind of method and device for determining IP user's access rights
CN107888604A (en) * 2017-11-27 2018-04-06 山东浪潮云服务信息科技有限公司 A kind of internet data acquisition methods and acquisition device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113807862A (en) * 2021-01-29 2021-12-17 北京沃东天骏信息技术有限公司 Access security control method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
CN107888604A (en) A kind of internet data acquisition methods and acquisition device
CN109062809B (en) Online test case generation method and device and electronic equipment
CN111092852B (en) Network security monitoring method, device, equipment and storage medium based on big data
US20200267183A1 (en) Systems and methods for vulnerability analysis of phishing attacks
CN109766263A (en) Automatic test analysis and processing method, device, computer equipment and storage medium
CN105095207B (en) Retrieval, the method and apparatus for obtaining application software content
CN105721187A (en) Service fault diagnosis method and apparatus
CN111309539A (en) Abnormity monitoring method and device and electronic equipment
CN105224691B (en) A kind of information processing method and device
CN107888602A (en) A kind of method and device for detecting abnormal user
CN110309473A (en) Merge the anti-brush ticket method and device of identity and voting behavior monitoring
Amato et al. E-cigarette use 1 year later in a population-based prospective cohort
CN111262854A (en) Internet anti-cheating behavior method, device, equipment and readable storage medium
CN109189675A (en) Big data Framework Software test method, device, computer equipment and storage medium
CN108270637B (en) Website quality multi-layer drilling system and method
CN108616522A (en) A kind of internet data acquisition methods and acquisition device
CN106815137A (en) Ui testing method and apparatus
CN107135199A (en) The detection method and device at webpage back door
CN111625700B (en) Anti-grabbing method, device, equipment and computer storage medium
CN103618761B (en) Method and browser for processing cookie information
CN116932549A (en) Intelligent model-based platform data storage method, system, medium and equipment
CN110427971A (en) Recognition methods, device, server and the storage medium of user and IP
US10572661B2 (en) Automated blackbox inference of external origin user behavior
CN109427177B (en) Monitoring alarm method and device
EP3731533A1 (en) Method for monitoring usage of at least one application executed within an operating system, corresponding apparatus, computer program product and computer-readable carrier medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20181002

WW01 Invention patent application withdrawn after publication