CN108616522A - A kind of internet data acquisition methods and acquisition device - Google Patents
A kind of internet data acquisition methods and acquisition device Download PDFInfo
- Publication number
- CN108616522A CN108616522A CN201810324739.6A CN201810324739A CN108616522A CN 108616522 A CN108616522 A CN 108616522A CN 201810324739 A CN201810324739 A CN 201810324739A CN 108616522 A CN108616522 A CN 108616522A
- Authority
- CN
- China
- Prior art keywords
- user
- access
- time
- internet data
- access interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephonic Communication Services (AREA)
Abstract
The present invention provides a kind of internet data acquisition methods and acquisition device, including:Receive the call request that at least one user sends;The corresponding user behavior data of the user is obtained according to the call request for each described user at least one user;The corresponding user behavior data of the user obtained is analyzed, and obtains the behavioural analysis result of the user behavior;According to the behavioural analysis of acquisition as a result, determining whether that the user calls access interface corresponding with the call request to obtain internet data.This programme can reduce internet data and be taken off the risk taken.
Description
Technical field
The present invention relates to field of computer technology, more particularly to a kind of internet data acquisition methods and acquisition device.
Background technology
With the continuous development of Internet technology, as information source, the effect for issuing data becomes more and more important for website.And
During information is issued with propagation, how to ensure that the safety of information in website has become the topic for having to solve at present.
Currently, website detection exception IP methods are mainly to be pre-processed to raw security daily record data, from pretreated
As a result characteristic is extracted in, and is classified to characteristic, and abnormal behaviour library and normal behaviour library are created.It recycles abnormal
Behavior library and normal behaviour library carry out abnormal behaviour judgement to obtaining new behavior sample data from new security log data.
But when creating normal behaviour database and abnormal behaviour database, enough sample behavioral datas are needed, and
It obtains enough behavior sample data and then needs a period of time, and in time period, internet data can be increased taken off and take
Risk.
Invention content
An embodiment of the present invention provides a kind of internet data acquisition methods and acquisition device, can reduce internet data
Taken off the risk taken.
In a first aspect, an embodiment of the present invention provides a kind of internet data acquisition methods, including:Receive at least one use
The call request that family is sent;It is obtained according to the call request for each described user at least one user
The corresponding user behavior data of the user;The corresponding user behavior data of the user obtained is analyzed, and obtains institute
State the behavioural analysis result of user behavior;According to the behavioural analysis of acquisition as a result, determining whether that the user calls
Access interface corresponding with the call request obtains internet data.
Preferably, the user behavior data, including:Access IP, access time and access interface;It is described according to the tune
With request, the corresponding user behavior data of the user is obtained, including:The user obtained in the call request is corresponding
Access IP, access time and access interface;The corresponding user behavior data of the user that the analysis obtains, and obtain
The behavioural analysis of the user behavior is as a result, include:Determine that by the access IP, the upper of application is called described by the user
The primary history access time for calling the random access interface in internet;By the access time and the history access time
Subtract each other, obtains the time difference;The behavioural analysis according to acquisition as a result, determine whether the user call with it is described
The corresponding access interface of call request obtains internet data, including:According to the time difference of acquisition, it is determined whether allow institute
Stating user calls access interface corresponding with the call request to obtain internet data.
Preferably, the time difference according to acquisition, it is determined whether allow the user to call and asked with the calling
Corresponding access interface is asked to obtain internet data, including:For the call request described each time of the user,
S0:It determines whether the time difference obtained is more than preset first threshold a, if so, executing S6, otherwise, executes S1;
S1 :Determine that the time difference whether in preset second threshold [b, a], if so, executing S2, otherwise executes S3;
S2:It is 1s/ times to limit the user and call the frequency of the access interface, executes S6;
S3:Determine that the time difference whether in preset third threshold value [c, b], if so, executing S4, otherwise executes S5;
S4:Identifying code is sent to the user, when receive that the user sends according to the identifying code tests with described
S5:The user is forbidden to obtain the internet data by the User IP;
S6:Allow the user that the access interface is called to obtain internet data.
Preferably, the S2, including:The user is recorded in the interior access exception of the second threshold [b, a] 1 time;It determines
Whether the access exception of record is the user in the interior x: th accumulated of the second threshold [b, a], it is preferable that described
S4, including:The user is recorded in the interior access exception of the third threshold value [c, b] 1 time;Determining the access exception of record is
No the y times accumulated in the third threshold value [c, b] for the user is tested if so, executing described sent to the user
Code is demonstrate,proved, when receiving the acknowledgement information identical with the identifying code that the user sends according to the identifying code, executes S6,
Otherwise S6 is executed.
Preferably, the step S5, including:Record the user preset 4th threshold value (0, c] interior access exception 1
It is secondary;
Determine the access exception of record whether be the user the 4th threshold value (0, c] in accumulate the z times, if
It is that the user is forbidden to obtain the internet data by the User IP described in execution, otherwise executes S6.
Preferably, when the random access interface is the access interface;The determination user passes through the visit
It asks the IP history access times for calling the random access interface in internet, including:The user is determined by the access IP,
In the upper history access time for once calling the access interface for calling application.
Second aspect, an embodiment of the present invention provides a kind of internet data acquisition device, including:Acquiring unit is used for
Receive the call request that at least one user sends;For each described user at least one user, according to institute
Call request is stated, the corresponding user behavior data of the user is obtained;Processing unit, for analyzing the acquiring unit acquisition
The corresponding user behavior data of the user, and obtain the behavioural analysis result of the user behavior;Determination unit is used for
The behavioural analysis obtained according to the processing unit is as a result, determine whether that the user calls and the call request
Corresponding access interface obtains internet data.
Preferably, when the user behavior data, including:When accessing IP, access time and access interface, the acquisition is single
Member, for obtaining the corresponding access IP of the user in the call request, access time and access interface;The processing is single
Member, for determining the user by the access IP, in the upper primary arbitrary visit called in internet for calling application
Ask the history access time of interface;The access time and the history access time are subtracted each other, the time difference is obtained;It is described true
Order member, for the time difference according to acquisition, it is determined whether allow the user to call corresponding with the call request
Access interface obtains internet data.
Preferably, the processing unit is executed for the call request described each time for the user:
S0:It determines whether the time difference obtained is more than preset first threshold a, if so, executing S6, otherwise, executes S1;
S1 :Determine that the time difference whether in preset second threshold [b, a], if so, executing S2, otherwise executes S3;
S2:It is 1s/ times to limit the user and call the frequency of the access interface, executes S6;
S3:Determine that the time difference whether in preset third threshold value [c, b], if so, executing S4, otherwise executes S5;
S4:Identifying code is sent to the user, it is being sent according to the identifying code with the identifying code when receiving the user
When identical acknowledgement information, and execute S6;
S5:The user is forbidden to obtain the internet data by the User IP;
S6:Allow the user that the access interface is called to obtain internet data.
Preferably, the processing unit, for recording the user in the interior access exception of the second threshold [b, a] 1 time;
Determine whether the access exception of record is x: th of the user in the interior accumulation of the second threshold [b, a], if so,
It is 1s/ times to execute the limitation user and call the frequency of the access interface, executes S6, otherwise executes S6.
Preferably, the processing unit, for recording the user in the interior access exception of the third threshold value [c, b] 1 time;
The y times for determining the access exception of record whether be the user accumulating in the third threshold value [c, b], if so,
Execute it is described send identifying code to the user, it is being sent according to the identifying code with the identifying code when receiving the user
When identical acknowledgement information, S6 is executed, S6 is otherwise executed;
Preferably, the processing unit, for record the user preset 4th threshold value (0, c] interior access exception 1 time;Really
Surely the access exception recorded whether be the user the 4th threshold value (0, c] in accumulate the z times, if so, holding
Forbid the user to obtain the internet data by the User IP described in row, otherwise executes S6.
Preferably, when the random access interface is the access interface;
The processing unit, for determining the user by the access IP, in the upper primary calling institute for calling application
State the history access time of access interface.
In embodiments of the present invention, it when receiving the call request of user's transmission, needs first to be obtained according to call request
The user behavior data of user, then user behavior data is analyzed, you can determine whether user can obtain interconnection netting index
According to without the behavioral data of user to be compared with other behavior sample data, avoiding and obtaining enough behaviors
Internet data, which is taken off, when sample data takes, and the risk taken is taken off so as to reduce internet data.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is the present invention
Some embodiments for those of ordinary skill in the art without creative efforts, can also basis
These attached drawings obtain other attached drawings.
Fig. 1 is a kind of flow chart for internet data acquisition methods that one embodiment of the invention provides;
Fig. 2 is the flow chart for another internet data acquisition methods that one embodiment of the invention provides;
Fig. 3 is a kind of structural schematic diagram for internet data acquisition device that one embodiment of the invention provides.
Specific implementation mode
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments, based on the embodiments of the present invention, those of ordinary skill in the art
The every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
As shown in Figure 1, an embodiment of the present invention provides a kind of internet acquisition methods, including:
Step 101:Receive the call request that at least one user sends;
Step 102:For each described user at least one user, according to the call request, described in acquisition
The corresponding user behavior data of user;
Step 103:The corresponding user behavior data of the user obtained is analyzed, and obtains the behavior of the user behavior
Analysis result;Step 104:According to the behavioural analysis of acquisition as a result, determining whether that the user calls and the tune
Internet data is obtained with corresponding access interface is asked.
In embodiments of the present invention, it when receiving the call request of user's transmission, is not necessarily to and other behavior sample data
It is compared, only need to obtain user behavior data according to call request, then analyze the user behavior data of acquisition, need
The user behavior data of user is first obtained according to call request, then user behavior data is analyzed, you can determines that user is
It is no to obtain internet data, without the behavioral data of user to be compared with other behavior sample data, avoid
When obtaining enough behavior sample data, internet data, which is taken off, takes, and the wind taken is taken off so as to reduce internet data
Danger.
In an embodiment of the present invention, the user behavior data, including:Access IP, access time and access interface;Institute
It states according to the call request, obtains the corresponding user behavior data of the user, including:Obtain the institute in the call request
State the corresponding access IP of user, access time and access interface;The corresponding user's row of the user that the analysis obtains
For data, and the behavioural analysis of the user behavior is obtained as a result, including:The user is determined by the access IP, in institute
State the last history access time for calling the random access interface in internet for calling application;By the access time and institute
It states history access time to subtract each other, obtains the time difference;The behavioural analysis according to acquisition is as a result, determine whether described
User calls access interface corresponding with the call request to obtain internet data, including:According to the time difference of acquisition,
Determine whether that the user calls access interface corresponding with the call request to obtain internet data.
In embodiments of the present invention, it when determining whether user can obtain internet data, needs to be sent according to user
Calling application, to obtain the access IP of user, access time and access interface, according to access IP, obtain this user this tune
Time with access interface and the last time difference for calling random access interface, further according to the time difference of acquisition, you can determine
Whether this user can obtain internet data.To sum up, it when determining whether user can obtain internet data, only needs
It is this time called according to the access IP of user the time difference of the access time and last time calling random access interface of access interface, and nothing
The behavioral data of user need to be compared with other behavior sample data, enough behavior samples are being obtained so as to reduce
Internet data is taken off the risk taken when notebook data.
In an embodiment of the present invention, the time difference according to acquisition, it is determined whether the user is allowed to call
Access interface corresponding with the call request obtains internet data, including:
For the call request described each time of the user,
S0:It determines whether the time difference obtained is more than preset first threshold a, if so, executing S6, otherwise, executes S1;
S1 :Determine that the time difference whether in preset second threshold [b, a], if so, executing S2, otherwise executes S3;
S2:It is 1s/ times to limit the user and call the frequency of the access interface, executes S6;
S3:Determine that the time difference whether in preset third threshold value [c, b], if so, executing S4, otherwise executes S5;
S4:Identifying code is sent to the user, it is being sent according to the identifying code with the identifying code when receiving the user
When identical acknowledgement information, and execute S6;
S5:The user is forbidden to obtain the internet data by the User IP;
S6:Allow the user that the access interface is called to obtain internet data.
In embodiments of the present invention, after obtaining the time difference that user calls access interface according to the access time of user,
It needs time difference being compared with preset threshold value, so as to which the access of user is judged and limited according to comparison result
System avoids user from being taken off for machine access and takes internet data, the risk taken is taken off so as to reduce internet data.
Whether allow user to obtain internet data, or the access behavior of user is limited.
In an embodiment of the present invention, the S2, including:
The user is recorded in the interior access exception of the second threshold [b, a] 1 time;
Determine whether the access exception of record is x: th of the user in the interior accumulation of the second threshold [b, a],
If so, it is 1s/ times to execute the limitation user to call the frequency of the access interface, S6 is executed, is otherwise executed
S6。
In embodiments of the present invention, when the time difference corresponding to the user preset second threshold (for example, [500ms,
1000ms]) it is interior when, need record user this time in second threshold access exception, and determine user whether in the second threshold
The abnormal access number of accumulation in value reaches x times the abnormal access number of accumulation (for example, 3 times), and if only if the different of user
When normal access times reach x times, the access frequency for reducing user is needed, avoids being frequently visited by the user internet data.
In an embodiment of the present invention, the S4, including:
The user is recorded in the interior access exception of the third threshold value [c, b] 1 time;
The y times for determining the access exception of record whether be the user accumulating in the third threshold value [c, b],
If so, execute it is described send identifying code to the user, when receiving what the user sent according to the identifying code
When acknowledgement information identical with the identifying code, S6 is executed, S6 is otherwise executed.
In embodiments of the present invention, when the time difference corresponding to the user preset third threshold value (for example, [200ms,
When 500ms)) interior, need to record user's this time access exception in third threshold value, and determine user whether in third threshold value
The abnormal access number of interior accumulation reaches y times the abnormal access number of accumulation (for example, 3 times), and if only if the exception of user
Whether when access times reach y times, it is this time that machine accesses, and is receiving and identifying code to send identifying code to user to determine
When identical acknowledgement information, just user is allowed to obtain internet data.To sum up, according to user in preset threshold value,
The abnormal access number of accumulation and corresponding volume is done to the access of user and is limited, internet data can be reduced by the risk taken of lying prone.
In an embodiment of the present invention, the step S5, including:
Record the user preset 4th threshold value (0, c] interior access exception 1 time;
Determine the access exception of record whether be the user the 4th threshold value (0, c] in accumulate the z times, if
It is that the user is forbidden to obtain the internet data by the User IP described in execution, otherwise executes S6.
In embodiments of the present invention, when the time difference corresponding to the user preset 4th threshold value (for example, (0ms,
When 200ms)) interior, need to record user's this time access exception in the 4th threshold value, and determine user whether in the 4th threshold value
The abnormal access number of interior accumulation reaches z times (such as the abnormal access number of accumulation 2 times), and if only if the different of user's accumulation
When normal access times reach z times, user is directly pulled in into blacklist, user is forbidden to obtain internet data, can be used to avoid this
Family, which is taken off, takes internet data, so as to improve the safety of internet data.
In an embodiment of the present invention, when the random access interface is the access interface;
The determination user calls the history access time of the random access interface in internet, packet by the access IP
It includes:
Determine that the user by the access IP, visits in the upper history for once calling the access interface for calling application
Ask the time.
In embodiments of the present invention, it when analyzing the access behavior of user, needs, according to the corresponding access IP of user, to determine
User's last time calls the history access time of same access interface by accessing IP, according to history access time and this access
Time finds out the time difference, can determine whether that user obtains internet data further according to the time difference, no longer need to obtain enough
More behavior sample data are taken off the risk taken so as to reduce the internet data when obtaining behavior sample data.
In order to more clearly illustrate technical scheme of the present invention and advantage, it is with preset first threshold below
1000ms, second threshold be [500ms, 1000ms], third threshold value be [200ms, 500ms) and the 4th threshold value for (0ms,
200) and user a is by accessing IP, and it is 26 minutes 10 points of on December 11st, 2016 that this, which calls the access time of access interface a,
01 second and call the history access time of access interface a be 26 minutes and 55 seconds 10 points of on December 11st, 2016 and for, to the present invention
A kind of internet data acquisition methods that embodiment provides are described in detail, as shown in Fig. 2, specifically including following steps:
Step 201:Receive what user a was sent by accessing IP when access time is 10: 49 26: on the 11st December in 2016
Call the call request of access interface a.
Specifically, for the sensitive data in internet, corresponding sensitive data can be protected by access interface, works as reception
To user send calling application when, then can directly according to call application relevant information come determine whether user obtain
Internet data, without obtaining enough behavior sample data, so as to reduce internet data by the risk taken of lying prone.
Step 202:According to the call request of user a, when determining that user a calls the access of access interface a by accessing IP
Between 26 minutes and 55 seconds 10 points of on December 11st, 2016.
Specifically, when determining whether user can obtain internet data, mainly according to user at same access IP,
The time difference of identical access interface is called to determine.
Step 203:It is 2016 to determine that user a calls the history access time of access interface a by the access IP last times
26 minutes and 01 second 10 points of December 11.
Specifically, it is determined that user is by same access IP, in the upper primary history access time for calling access interface a, with
Make to determine whether that user obtains internet data according to the time difference of history access time and this visit time.
Step 204:It will be 26 minutes and 55 seconds 10 points of on December 11st, 2016 and 2016 12 history access time access time
10 points of the moon 11 subtracts each other for 01 second 26 minutes, and the acquisition time difference is 54s.
Specifically, it when determining that user accumulates the same access interface of calling by same access IP, needs to be visited according to this
It asks that time and history access time acquire the time difference, is compared with preset threshold value further according to the time difference, it is determined whether permitted
Family allowable obtains internet data.
Step 205:The time difference 54s of acquisition and first threshold 1000ms is compared, determines that the time difference is less than first threshold.
Specifically, it after getting user's corresponding time difference, needs time difference and preset different grades of threshold value
It is compared, so as to determine whether user can obtain internet data in corresponding threshold value according to the time difference.
Step 206:Time difference 54s and second threshold [500ms, 1000ms] are compared, determine the time difference second
In threshold value.
Specifically, determining that the time difference no more than after first threshold, needs time difference being compared with second threshold, pass through
Crossing comparison can determine time difference 54s in second threshold.
Step 207:User a is recorded by access IP when access time is 11 days 10 points 26 minutes 55 December in 2016,
Access exception 1 time in second threshold.
Specifically, when determining that user accesses the time difference of calling access interface a in second threshold by accessing IP, really
Determine user's this visit exception, the time for recording this visit, the access interface for accessing IP and being called, so as to sentence afterwards
As foundation when the behavior of disconnected user a.
Step 208:Determine user a by access IP call the cumulative frequency of access interface a be twice, it is not up to preset
Cumulative frequency 3 times, specifically, determine user call the time difference of access interface a in second threshold when, be not directly to
Family carries out restriction, and is to determine user and calls whether the cumulative frequency of same access interface a reaches by same access IP
Preset limits value 3 times just can limit user a accordingly when more than or equal to preset limits value 3 times.
Step 209:User a is allowed to call access interface a to obtain internet data by accessing IP.
Specifically, the cumulative frequency of access interface a is called to be not up to preset limits value, institute by accessing IP due to user
To allow user a to call access interface a to obtain internet data by accessing IP.
As shown in figure 3, an embodiment of the present invention provides a kind of internet data acquisition device, including:
Acquiring unit 301, the call request sent for receiving at least one user;For every at least one user
One user obtains the corresponding user behavior data of the user according to the call request;
Processing unit 302, the corresponding user behavior data of the user for analyzing the acquisition of the acquiring unit 301,
And obtain the behavioural analysis result of the user behavior;
Determination unit 303, the behavioural analysis for being obtained according to the processing unit 302 is as a result, determine whether institute
Stating user calls access interface corresponding with the call request to obtain internet data.
In embodiments of the present invention, acquiring unit needs first when receiving the call request of user's transmission according to calling
The user behavior data of acquisition request user, then the user behavior data obtained through the processing unit to acquiring unit divide
Analysis can determine whether user can obtain internet data, without by the behavioral data of user and its by determination unit
He is compared behavior sample data, avoids the internet data when obtaining enough behavior sample data and is taken off and takes, from
And internet data can be reduced and taken off the risk taken.
In an embodiment of the present invention, when the user behavior data, including:Access IP, access time and access interface
When, the acquiring unit connects for obtaining the corresponding access IP of the user in the call request, access time and access
Mouthful;The processing unit, for determining the user by the access IP, in the upper primary calling interconnection for calling application
The history access time of random access interface in net;The access time and the history access time are subtracted each other, when acquisition
Between it is poor;The determination unit, for the time difference according to acquisition, it is determined whether the user is allowed to call and the calling
Corresponding access interface is asked to obtain internet data.
In an embodiment of the present invention, the processing unit, the call request described each time for being directed to the user,
It executes:
S0:It determines whether the time difference obtained is more than preset first threshold a, if so, executing S6, otherwise, executes S1;
S1 :Determine that the time difference whether in preset second threshold [b, a], if so, executing S2, otherwise executes S3;
S2:It is 1s/ times to limit the user and call the frequency of the access interface, executes S6;
S3:Determine that the time difference whether in preset third threshold value [c, b], if so, executing S4, otherwise executes S5;
S4:Identifying code is sent to the user, it is being sent according to the identifying code with the identifying code when receiving the user
When identical acknowledgement information, and execute S6;
S5:The user is forbidden to obtain the internet data by the User IP;
S6:Allow the user that the access interface is called to obtain internet data.
In an embodiment of the present invention, the processing unit, for recording the user in the second threshold [b, a]
Access exception 1 time;The for determining the access exception of record whether be the user accumulating in the second threshold [b, a]
X times, if so, it is 1s/ times to execute the limitation user to call the frequency of the access interface, S6 is executed, otherwise
Execute S6.
In an embodiment of the present invention, the processing unit, for recording the user in the third threshold value [c, b]
Access exception 1 time;The for determining the access exception of record whether be the user accumulating in the third threshold value [c, b]
It y times, if so, execution is described to send identifying code to the user, is sent out according to the identifying code when receiving the user
When the acknowledgement information identical with the identifying code sent, S6 is executed, S6 is otherwise executed.
In an embodiment of the present invention, the processing unit, for record the user preset 4th threshold value (0, c]
Interior access exception 1 time;Determine the access exception of record whether be the user the 4th threshold value (0, c] in accumulate
The z times, if so, the user is forbidden to obtain the internet data by the User IP described in executing, otherwise execute S6.
In an embodiment of the present invention, when the random access interface is the access interface;
The processing unit, for determining the user by the access IP, in the upper primary calling institute for calling application
State the history access time of access interface.
The each embodiment of the present invention at least has the advantages that:
1, in an embodiment of the present invention, it when receiving the call request of user's transmission, needs first according to call request
The user behavior data of user is obtained, then user behavior data is analyzed, you can determines whether user can obtain
Internet data is avoided and is being obtained enough without the behavioral data of user to be compared with other behavior sample data
Internet data, which is taken off, when more behavior sample data takes, and the risk taken is taken off so as to reduce internet data.
2, in an embodiment of the present invention, it when determining whether user can obtain internet data, needs according to user
The calling application of transmission, according to IP is accessed, obtains this user's sheet to obtain the access IP of user, access time and access interface
The secondary time for calling access interface and the last time difference for calling random access interface, further according to the time difference of acquisition, you can
Determine whether this user can obtain internet data.To sum up, when determining whether user can obtain internet data,
The access time of access interface only need to be this time called to call the time difference of random access interface with last time according to the access IP of user,
Without the behavioral data of user to be compared with other behavior sample data, enough rows are being obtained so as to reduce
For sample data when internet data taken off the risk taken.
3, in an embodiment of the present invention, the time difference that user calls access interface is being obtained according to the access time of user
Afterwards, it needs time difference being compared with preset threshold value, so as to which the access of user is judged and limited according to comparison result
System avoids user from being taken off for machine access and takes internet data, the risk taken is taken off so as to reduce internet data.
4, in an embodiment of the present invention, when the time difference corresponding to the user preset second threshold (for example,
[500ms, 1000ms]) it is interior when, need record user this time in second threshold access exception, and determine user whether
The abnormal access number of accumulation in second threshold reaches x times the abnormal access number of accumulation (for example, 3 times), and if only if with
When the abnormal access number at family reaches x times, the access frequency for reducing user is needed, avoids being frequently visited by the user internet data.
5, in an embodiment of the present invention, when the time difference corresponding to the user preset third threshold value (for example,
[200ms, 500ms)) it is interior when, need record user this time in third threshold value access exception, and determine user whether
The abnormal access number of accumulation in third threshold value reaches y times the abnormal access number of accumulation (for example, 3 times), and if only if with
Whether when the abnormal access number at family reaches y times, it is this time that machine accesses, and is receiving to send identifying code to user to determine
When acknowledgement information identical with identifying code, just user is allowed to obtain internet data.To sum up, according to user preset
In threshold value, the abnormal access number of accumulation and corresponding volume is done to the access of user and is limited, internet data can be reduced lain prone taking
Risk.
6, in an embodiment of the present invention, when the time difference corresponding to the user preset 4th threshold value (for example, (0ms,
When 200ms)) interior, need to record user's this time access exception in the 4th threshold value, and determine user whether in the 4th threshold value
The abnormal access number of interior accumulation reaches z times (such as the abnormal access number of accumulation 2 times), and if only if the different of user's accumulation
When normal access times reach z times, user is directly pulled in into blacklist, user is forbidden to obtain internet data, can be used to avoid this
Family, which is taken off, takes internet data, so as to improve the safety of internet data.
7, in an embodiment of the present invention, it when analyzing the access behavior of user, needs according to the corresponding access IP of user,
Determine that user's last time calls the history access time of same access interface by accessing IP, according to history access time and this
Access time finds out the time difference, can determine whether that user obtains internet data further according to the time difference, no longer need to obtain
Enough behavior sample data are taken off the risk taken so as to reduce the internet data when obtaining behavior sample data.
It should be noted that herein, such as first and second etc relational terms are used merely to an entity
Or operation is distinguished with another entity or operation, is existed without necessarily requiring or implying between these entities or operation
Any actual relationship or order.Moreover, the terms "include", "comprise" or its any other variant be intended to it is non-
It is exclusive to include, so that the process, method, article or equipment including a series of elements includes not only those elements,
But also include other elements that are not explicitly listed, or further include solid by this process, method, article or equipment
Some elements.In the absence of more restrictions, the element limited by sentence " including a 〃 〃 ", it is not excluded that
There is also other identical factors in the process, method, article or apparatus that includes the element.
Finally, it should be noted that:The foregoing is merely presently preferred embodiments of the present invention, is merely to illustrate the skill of the present invention
Art scheme, is not intended to limit the scope of the present invention.Any modification for being made all within the spirits and principles of the present invention,
Equivalent replacement, improvement etc., are included within the scope of protection of the present invention.
Claims (10)
1. a kind of internet data acquisition methods, which is characterized in that including:Receive the call request that at least one user sends;
It obtains the user according to the call request for each described user at least one user and corresponds to
User behavior data;
The corresponding user behavior data of the user obtained is analyzed, and obtains the behavioural analysis knot of the user behavior
Fruit;
According to the behavioural analysis of acquisition as a result, determining whether that the user calls visit corresponding with the call request
Ask that interface obtains internet data.
2. acquisition methods according to claim 1, which is characterized in that
The user behavior data, including:Access IP, access time and access interface;
It is described that the corresponding user behavior data of the user is obtained according to the call request, including:Obtain the call request
In the corresponding access IP of the user, access time and access interface;
The corresponding user behavior data of the user that the analysis obtains, and obtain the behavioural analysis of the user behavior
As a result, including:
The user is determined by the access IP, the random access in the upper primary calling internet for calling application connects
The history access time of mouth;
The access time and the history access time are subtracted each other, the time difference is obtained;
The behavioural analysis according to acquisition is as a result, determine whether that user's calling is opposite with the call request
Access interface is answered to obtain internet data, including:
According to the time difference of acquisition, it is determined whether the user is allowed to call access interface corresponding with the call request
Obtain internet data.
3. acquisition methods according to claim 2, which is characterized in that
The time difference according to acquisition, it is determined whether the user is allowed to call access corresponding with the call request
Interface obtains internet data, including:
For the call request described each time of the user,
S0:It determines whether the time difference obtained is more than preset first threshold a, if so, executing S6, otherwise, executes S1;
S1:Determine that the time difference whether in preset second threshold [b, a], if so, executing S2, otherwise executes S3;
S2:It is 1s/ times to limit the user and call the frequency of the access interface, executes S6;
S3:Determine that the time difference whether in preset third threshold value [c, b], if so, executing S4, otherwise executes S5;
S4:Identifying code is sent to the user, it is being sent according to the identifying code with the identifying code when receiving the user
When identical acknowledgement information, and execute S6;
S5:The user is forbidden to obtain the internet data by the User IP;
S6:Allow the user that the access interface is called to obtain internet data.
4. acquisition methods according to claim 3, which is characterized in that the S2, including:
The user is recorded in the interior access exception of the second threshold [b, a] 1 time;
Determine whether the access exception of record is x: th of the user in the interior accumulation of the second threshold [b, a], if
It is that it is 1s/ times that the execution limitation user, which calls the frequency of the access interface, executes S6, otherwise executes S6;
And/or
The S4, including:
The user is recorded in the interior access exception of the third threshold value [c, b] 1 time;
The y times for determining the access exception of record whether be the user accumulating in the third threshold value [c, b], if
Be execute it is described send identifying code to the user, when receive that the user sends according to the identifying code tests with described
When demonstrate,proving the identical acknowledgement information of code, S6 is executed, S6 is otherwise executed;
And/or
The step S5, including:
Record the user preset 4th threshold value (0, c] interior access exception 1 time;
Determine the access exception of record whether be the user the 4th threshold value (0, c] in accumulate the z times, if
It is that the user is forbidden to obtain the internet data by the User IP described in execution, otherwise executes S6.
5. according to any acquisition methods in claim 2 to 4, which is characterized in that when the random access interface is institute
When stating access interface;
The determination user calls the history access time of the random access interface in internet, packet by the access IP
It includes:
Determine that the user by the access IP, visits in the upper history for once calling the access interface for calling application
Ask the time.
6. a kind of internet data acquisition device, which is characterized in that including:
Acquiring unit, the call request sent for receiving at least one user;For each at least one user
A user obtains the corresponding user behavior data of the user according to the call request;
Processing unit, the corresponding user behavior data of the user obtained for analyzing the acquiring unit, and obtain
The behavioural analysis result of the user behavior;
Determination unit, the behavioural analysis for being obtained according to the processing unit is as a result, determine whether the user
Access interface corresponding with the call request is called to obtain internet data.
7. acquisition device according to claim 6, which is characterized in that
When the user behavior data, including:When accessing IP, access time and access interface,
The acquiring unit, for obtaining the corresponding access IP of the user in the call request, access time and access
Interface;
The processing unit, for determining that the user by the access IP, calls the upper primary calling applied mutual described
The history access time of random access interface in networking;The access time and the history access time are subtracted each other, obtained
Time difference;
The determination unit, for the time difference according to acquisition, it is determined whether the user is allowed to call and the calling
Corresponding access interface is asked to obtain internet data.
8. acquisition device according to claim 7, which is characterized in that
The processing unit is executed for the call request described each time for the user:
S0:It determines whether the time difference obtained is more than preset first threshold a, if so, executing S6, otherwise, executes S1;
S1:Determine that the time difference whether in preset second threshold [b, a], if so, executing S2, otherwise executes S3;
S2:It is 1s/ times to limit the user and call the frequency of the access interface, executes S6;
S3:Determine that the time difference whether in preset third threshold value [c, b], if so, executing S4, otherwise executes S5;
S4:Identifying code is sent to the user, it is being sent according to the identifying code with the identifying code when receiving the user
When identical acknowledgement information, and execute S6;
S5:The user is forbidden to obtain the internet data by the User IP;
S6:Allow the user that the access interface is called to obtain internet data.
9. acquisition device according to claim 8, which is characterized in that
The processing unit, for recording the user in the interior access exception of the second threshold [b, a] 1 time;Determine record
Whether the access exception is x: th of the user in the interior accumulation of the second threshold [b, a], if so, executing the limit
It is 1s/ times to make the user and call the frequency of the access interface, executes S6, otherwise executes S6;
And/or
The processing unit, for recording the user in the interior access exception of the third threshold value [c, b] 1 time;Determine record
Accumulated in the third threshold value [c, b] the y time that whether access exception is the user, if so, execution it is described to
The user sends identifying code, when the receipt identical with the identifying code for receiving the user and being sent according to the identifying code
When information, S6 is executed, S6 is otherwise executed;
And/or
The processing unit, for record the user preset 4th threshold value (0, c] interior access exception 1 time;Determine record
The access exception whether be the user the 4th threshold value (0, c] in accumulate the z time, if so, described in execution
Forbid the user to obtain the internet data by the User IP, otherwise executes S6.
10. according to any acquisition device in claim 7 to 9, which is characterized in that when the random access interface is
When the access interface;
The processing unit, for determining the user by the access IP, in the upper primary calling institute for calling application
State the history access time of access interface.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810324739.6A CN108616522A (en) | 2018-04-12 | 2018-04-12 | A kind of internet data acquisition methods and acquisition device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810324739.6A CN108616522A (en) | 2018-04-12 | 2018-04-12 | A kind of internet data acquisition methods and acquisition device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108616522A true CN108616522A (en) | 2018-10-02 |
Family
ID=63659714
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810324739.6A Withdrawn CN108616522A (en) | 2018-04-12 | 2018-04-12 | A kind of internet data acquisition methods and acquisition device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108616522A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113807862A (en) * | 2021-01-29 | 2021-12-17 | 北京沃东天骏信息技术有限公司 | Access security control method, device, equipment and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105262717A (en) * | 2015-08-31 | 2016-01-20 | 福建天晴数码有限公司 | Network service security management method and device |
CN107528861A (en) * | 2017-10-12 | 2017-12-29 | 山东浪潮云服务信息科技有限公司 | A kind of method and device for determining IP user's access rights |
CN107888604A (en) * | 2017-11-27 | 2018-04-06 | 山东浪潮云服务信息科技有限公司 | A kind of internet data acquisition methods and acquisition device |
-
2018
- 2018-04-12 CN CN201810324739.6A patent/CN108616522A/en not_active Withdrawn
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105262717A (en) * | 2015-08-31 | 2016-01-20 | 福建天晴数码有限公司 | Network service security management method and device |
CN107528861A (en) * | 2017-10-12 | 2017-12-29 | 山东浪潮云服务信息科技有限公司 | A kind of method and device for determining IP user's access rights |
CN107888604A (en) * | 2017-11-27 | 2018-04-06 | 山东浪潮云服务信息科技有限公司 | A kind of internet data acquisition methods and acquisition device |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113807862A (en) * | 2021-01-29 | 2021-12-17 | 北京沃东天骏信息技术有限公司 | Access security control method, device, equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107888604A (en) | A kind of internet data acquisition methods and acquisition device | |
CN109062809B (en) | Online test case generation method and device and electronic equipment | |
CN111092852B (en) | Network security monitoring method, device, equipment and storage medium based on big data | |
US20200267183A1 (en) | Systems and methods for vulnerability analysis of phishing attacks | |
CN109766263A (en) | Automatic test analysis and processing method, device, computer equipment and storage medium | |
CN105095207B (en) | Retrieval, the method and apparatus for obtaining application software content | |
CN105721187A (en) | Service fault diagnosis method and apparatus | |
CN111309539A (en) | Abnormity monitoring method and device and electronic equipment | |
CN105224691B (en) | A kind of information processing method and device | |
CN107888602A (en) | A kind of method and device for detecting abnormal user | |
CN110309473A (en) | Merge the anti-brush ticket method and device of identity and voting behavior monitoring | |
Amato et al. | E-cigarette use 1 year later in a population-based prospective cohort | |
CN111262854A (en) | Internet anti-cheating behavior method, device, equipment and readable storage medium | |
CN109189675A (en) | Big data Framework Software test method, device, computer equipment and storage medium | |
CN108270637B (en) | Website quality multi-layer drilling system and method | |
CN108616522A (en) | A kind of internet data acquisition methods and acquisition device | |
CN106815137A (en) | Ui testing method and apparatus | |
CN107135199A (en) | The detection method and device at webpage back door | |
CN111625700B (en) | Anti-grabbing method, device, equipment and computer storage medium | |
CN103618761B (en) | Method and browser for processing cookie information | |
CN116932549A (en) | Intelligent model-based platform data storage method, system, medium and equipment | |
CN110427971A (en) | Recognition methods, device, server and the storage medium of user and IP | |
US10572661B2 (en) | Automated blackbox inference of external origin user behavior | |
CN109427177B (en) | Monitoring alarm method and device | |
EP3731533A1 (en) | Method for monitoring usage of at least one application executed within an operating system, corresponding apparatus, computer program product and computer-readable carrier medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20181002 |
|
WW01 | Invention patent application withdrawn after publication |