CN108737387A - Recording method, server and the computer readable storage medium of network request - Google Patents
Recording method, server and the computer readable storage medium of network request Download PDFInfo
- Publication number
- CN108737387A CN108737387A CN201810381767.1A CN201810381767A CN108737387A CN 108737387 A CN108737387 A CN 108737387A CN 201810381767 A CN201810381767 A CN 201810381767A CN 108737387 A CN108737387 A CN 108737387A
- Authority
- CN
- China
- Prior art keywords
- network request
- audit
- progress
- server
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/168—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP] specially adapted for link layer protocols, e.g. asynchronous transfer mode [ATM], synchronous optical network [SONET] or point-to-point protocol [PPP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Debugging And Monitoring (AREA)
Abstract
The embodiment of the present invention provides a kind of recording method of network request, server and computer readable storage medium, method:Audit progress is established in destination server;The network request and the corresponding progress information of the network request in the destination server are recorded by audit progress.
Description
Technical field
The present invention relates to computer technology, more particularly to a kind of recording method of network request, server and computer can
Read storage medium.
Background technology
Existing data center's audit technique can be divided into server operation audit and network strategy, stream according to the audit target
Amount audit and this three classes of protocal analysis.
Server operation audit mainly obtains and records the user name, IP address, login of server OS login
The information such as the operating system command that time and user use carry out backtracking using the operation information of record and complete to examine server
Work is counted, server operation audit presence can not record the behavior that compiled executable program is run in audit operation system
Problem, operation audit, which is only capable of recording, has run some executable program, and can not determine whether the program has the sensitive number of request
According to or externally leak data behavior, executable program be deleted after, then can not continuous audit positioning.
Network strategy, network auditing system are carried out after the network flow sampling to transmission on the network equipments such as fire wall stores
Analysis, for the network transmission strategy and link flow situation of change of point-to-point of auditing, network strategy, network auditing system are only applicable to
There is the self-built data center environment of administration authority to network equipments such as fire walls, and it is uncomfortable for renting the scenes such as Cloud Server
With, and it is only capable of the network strategy of audit point-to-point on network devices, and can not confirm is using the service of the network strategy
It is no to there is exception.
Protocal analysis is by being analyzed to obtain operation behavior to specific application agreement, and by behavior record to audit day
Will is analyzed for backtracking.Protocal analysis is not suitable for the scenes such as cryptographic protocol, proprietary protocol, and due to needing to application protocol
Message stored and analyzed calculating, it is more demanding to the memory space and calculated performance of auditing system, application scenarios limitation
Property it is larger, and protocal analysis is audited according to the obtained operation behavior of analysis, not can determine that the initiation process of behavior, nothing
Method audit malicious process.
Invention content
The embodiment of the present invention provides a kind of recording method of network request, server and computer readable storage medium, energy
Enough trackings find the request malicious process such as sensitive data or the data that leak, and are supported to provide audit.
In order to achieve the above objectives, the technical solution of the embodiment of the present invention is realized in:
The embodiment of the present invention provides a kind of recording method of network request, including:
Audit progress is established in destination server;
The network request and the corresponding process letter of the network request in the destination server are recorded by audit progress
Breath.
Wherein, the method further includes:
It is corresponding to the network request and the network request with random acquisition period tau in the audit progress
Progress information is acquired;
Wherein, the variation range of τ meets:1s≤τ<2·MSL;MSL is the message longest time-to-live.
Wherein, the method further includes:
The audit that audit administration service device is sent is received in the audit progress trusts rule.
Wherein, the method further includes:
Collected network request is trusted rule with the audit to match, is existed for matched network request
It is not recorded in the audit progress.
Wherein, the method further includes:
The network request that rule is trusted for not matching the audit, according to the progress information ratio of network request between server
It is right, the suggestion processing mode trusted or investigated is generated to the network request in the audit progress.
Wherein, the method further includes:
The network request that rule is trusted for not matching the audit, according to the progress information for the network request trusted ratio
It is right, the suggestion processing mode trusted or investigated is generated to the network request in the audit progress.
The embodiment of the present invention provides a kind of server, including:
Module is established, for establishing audit progress;
Logging modle is asked for recording network request in the destination server and the network by audit progress
Seek corresponding progress information.
Wherein, the server further includes acquisition module,
The acquisition module is used in the audit progress, with random acquisition period tau, to the network request and institute
The corresponding progress information of network request is stated to be acquired;
Wherein, the variation range of τ meets:1s≤τ<2·MSL;MSL is the message longest time-to-live.
Wherein, the server further includes receiving module,
The receiving module receives the audit that audit administration service device is sent for audit progress and trusts rule.
The embodiment of the present invention provides a kind of computer readable storage medium, is stored with computer program, the computer journey
The recording method for the network request that the embodiment of the present invention is provided is realized when sequence is executed by processor.
In the technical solution of the embodiment of the present invention, by establishing audit progress in destination server, and pass through audit
Process records network request and the corresponding progress information of the network request in the destination server, so as to complete
The progress information of data transmission is recorded, so as to track find request sensitive data or the data that leak etc. malice into
Journey.
Description of the drawings
Fig. 1 is a kind of flow chart of recording method for network request of the embodiment of the present invention;
Fig. 2 is a kind of audit acquisition method flow chart for network request of the embodiment of the present invention;
Fig. 3 is a kind of flow chart enhanced trust and actively discovered for network request of the embodiment of the present invention;
Fig. 4 is a kind of structural schematic diagram of server of the embodiment of the present invention;
Fig. 5 is a kind of structural schematic diagram of server of the embodiment of the present invention.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation describes.
As shown in Figure 1, a kind of flow diagram of recording method for network request for the embodiment of the present invention, below
Each step is illustrated respectively.
Step 101:Audit progress is established in destination server.
In the destination server for needing to audit, audit progress is disposed, audit progress here is responsible for recording in server
The network request of progress and its corresponding progress information, and realize together with audit administration service device realize trust addition and it is different
The function of often reporting will be elaborated about the function of trusting addition and report extremely in subsequent content.
Step 102:The network request and network request correspondence in the destination server are recorded by audit progress
Progress information.
The information that audit progress records every time includes optionally:Current time, carry out network request process initiation path,
Environmental variance, execute order, (the Internet usage interface and process resource provided by operating system makes process run time
Obtained with interface), (judgement is actively externally request or to receive distal end and ask, and passes through operating system for the transmission direction of network request
The network service state interface of offer obtains), IP/ port informations are (if it is actively externally request then records the local IP used
And far-end IP/port, then record the local ports IP/ and far-end IP if it is distal end request is received).
Wherein, the further record the process in the audit progress may be selected and start path, environmental variance, in order to
Audit finding malicious process carries out network request by way of forging process name;Forge the method citing of process name:Certain clothes
The business process of the entitled process of A catalogue executive process of business device normally accesses user charges interface, and disabled user is in B catalogues
The malicious process for starting same entitled process executes the user charges interface calling of batch, indistinguishable only by process name
Regular traffic process and malicious process.
In the present embodiment, because network request and its corresponding progress information are clearly recorded, thus acquisition information is comprehensive, just
In auditing orientation, the request malicious process such as sensitive data or the data that leak are found so as to track;In addition, it is wide to be applicable in scene
It is general, not by limitations such as service type, application protocols.
In an alternative embodiment, in the audit progress, with random acquisition period tau, to the network request,
And the corresponding progress information of the network request is acquired;
Wherein, the variation range of τ meets:1s≤τ<2·MSL;MSL is the message longest time-to-live.
In actual production, due to the difference of server OS configuration, TCP network requests are completed in every server
The TIME_WAIT times afterwards are different, and TIME_WAIT is to need a kind of state safeguarded in TCP communication after connection closed, indicates clothes
Device be engaged in the response for waiting for opposite end, the most MSL that the time cycle is 2 times, MSL are maximum segment service life (MSL, Maximum
Segment Lifetime), be a TCP segment may exist with the maximum time in internet system, in different server
Middle setting has differences;
In order to ensure record full dose TCP network requests, audit progress need with the period less than the TIME_WAIT times into
Row acquisition, that is, be less than 2 times of MSL, for example, in certain server TIME_WAIT time be 20 seconds, that is, it is most short to represent a used time
TCP requests be to be disconnected immediately into TIME_WAIT states after successful connection, there is audit line in systems in entire request
The time of rope is 20 seconds, will not in acquisition and recording if the audit progress of the server is acquired with the period less than 20 seconds
Omit the TCP requests of shortest time.
In addition, since in addition to TCP network requests, there is also UDP network requests in server, and because UDP networks are asked
Connectionless characteristic is sought, audit acquisition is only done when network transmission carries out, corresponding network request and its right can just be recorded
The progress information answered.In order to acquire full dose TCP network request information, while UDP network request information is acquired as far as possible, optional
Embodiment in, introduce random delay cooperation carry out audit information period acquisition, as shown in Fig. 2, being as follows:
S11 obtains MSL configuration informations in operating system, calculates the corresponding TIME_WAIT times, and the TIME_WAIT times are
2 times of MSL;
S12, audit progress are initiated network request information collection and are recorded;
S13, after audit progress waits for a random delay τ, return to step S12 carries out the acquisition of next cycle, this
The value of random delay τ is more than or equal to 1 second, is less than TIME_WAIT.
In this way, in an alternate embodiment of the invention, realize while carrying out audit acquisition for TCP networks and UDP networks, keep away
Exempt from specific UDP network requests to acquire around audit, ensure that the validity to network request information collection.
In another optional embodiment, the audit letter that audit administration service device is sent is received in the audit progress
Appoint rule, is described as follows:
After the work for completing record of the audit, you can it audits to the network request of sensitive servers, it is careful in order to improve
Meter efficiency actively discovers abnormal network request, needs to increase the network request that the regular traffic on audit aim server uses
Add trust, is as follows:
S21, audit administration service device are communicated with the audit progress on the destination server of trust to be added, and acquisition is gone
Except the full dose after duplicate keys waits for that trust network solicited message (does not include the current time and process run time two in record of the audit
);
The proper network that the network request of business normal use and component rely on is asked mark by S22 according to business structure
To trust;
The trust rule manually adjusted is issued to the audit progress of destination server by S23, audit administration service device.
In another optional embodiment, collected network request and the audit are trusted into rule progress
Match, matched network request is not recorded in the audit progress, specific the step of the trusting that add further includes:
S24 after destination server audit progress receives the trust rule that audit administration service device issues, will trust rule
Configuration file is written, after subsequent acquisition network request information, is then no longer written with the network request packet that rule matches is trusted
Network request audit log.
In another optional embodiment, the network request of rule is trusted for not matching the audit, according to service
The progress information of network request compares between device, and the suggestion trusted or investigated is generated to the network request in the audit progress
Processing mode is actively discovered and specifically included the step of reporting extremely:
S25, audit administration service device periodically obtain the collected newly-increased network request information of destination server, if any newly-increased
It is not added with the network request of trust, audit administration service device can not add newly-increased according to the mode of advance ratio pair between multiserver
Add the network request of trust to carry out suggestion trust and suggests the classification of investigation, such as:In production environment, examining for disaster tolerance
Consider, realizes that the process of specific function can be deployed on multiple servers and form cluster, such as increased multiple servers same process newly
Information is to the network request that is not added with trust of some port IP/, and the progress information for initiating network request exists and trusted
Other network requests rule, it is usually because increasing network request caused by business change newly, audit administration service device then can be to fortune
Dimension personnel suggest carrying out batch trust, raising O&M efficiency to these network requests.
In another optional embodiment, the network request of rule is trusted for not matching the audit, according to having believed
The progress information for the network request appointed compares, and the suggestion trusted or investigated is generated to the network request in the audit progress
Processing mode.It actively discovers and further includes specifically the step of reporting:
S26 trusts the network request of rule for not matching the audit, is believed according to the process for the network request trusted
Breath compares, and the suggestion processing mode trusted or investigated is generated to the network request in the audit progress, for example, newly-increased
Some process in server A to the specific ports IP/ the network request for being not added with trust, and the process on A servers from
There are not trust rule, audit server then can carry out auditing orientation to this network request to operation maintenance personnel suggestion, investigation is
It is no to have the access of malice sensitive data or leaking data problem.The operation that final addition is trusted is still by destination server O&M people
Member carries out, and audit administration service device provides treatment advice raising operation maintenance personnel treatment effeciency by analyzing network request feature.
Trusted by adding, can substantially reduce network request audit log file size, effectively improve audit efficiency;It can
Selection of land, the network request of rule is trusted for not meeting audit can accomplish to actively discover and provide specific suggestion processing side
Formula forms effective monitoring, reduces leaking data risk.
It should be noted that in alternative embodiments above, the network request of rule is trusted for not matching the audit,
It is not limited in being compared according to the progress information for the network request trusted, or is compared according to process between multiserver,
The network request is handled alternatively by other alignments.
In another optional embodiment, as shown in figure 3, one kind for the embodiment of the present invention increases for network request
The flow chart trusted and actively discovered, the embodiment include that the complete addition of above-mentioned S21~S26 Overall Steps is trusted and active
It was found that method, wherein S25/S26 indicates that S25 or S26 steps, which may be selected, handles network request;Believed by adding
The mode appointed and actively discover combination, realizes the dual function of raising and the effective monitoring of audit efficiency.
As shown in figure 4, a kind of structural schematic diagram of server for the embodiment of the present invention, the server include:
Module 301 is established, for establishing audit progress;
Logging modle 302, for recording network request and the network in the destination server by audit progress
Ask corresponding progress information.
In an alternative embodiment, the server further includes acquisition module 303, in the audit progress
In, with random acquisition period tau, the network request and the corresponding progress information of the network request are acquired;
Wherein, the variation range of τ meets:1s≤τ<2·MSL;MSL is the message longest time-to-live.
In the server of the embodiment of the present invention, receiving module 304, matching module 305 and processing module 306 can be according to realities
Border business framework, whether selection is arranged.
Setting receiving module 304 may be selected in the server, receives what audit administration service device was sent for audit progress
Rule is trusted in audit.
Setting matching module 305 may be selected in the server, for believing collected network request and the audit
Rule is appointed to be matched.
Setting processing module 306 may be selected in the server, for for matched network request in matching module 305
It is not recorded in the audit progress;It is additionally operable to trust the network of rule for not matching the audit in matching module 305
Request is compared according to the progress information of network request between server, is generated and is believed to the network request in the audit progress
The suggestion processing mode appointed or investigated;It is additionally operable to ask for not matching the network that rule is trusted in the audit in matching module 305
It asks, is compared according to the progress information for the network request trusted, the network request is generated in the audit progress and is trusted
Or the suggestion processing mode of investigation.
In the embodiment of the present invention, based on it will be appreciated by those skilled in the art that each module in server shown in Fig. 2
Realize that function can refer to the aforementioned associated description for the recording method of network request and understand.In server shown in Fig. 2
The function of each module can be realized by running on the program on processor, can also be realized by specific logic circuit.
Continue to explain the structure for the server for realizing the embodiment of the present invention.
It is an optional structural schematic diagram of server 500 provided in an embodiment of the present invention referring to Fig. 5, it is shown in fig. 5
Server includes:At least one processor 510, at least one communication bus 520, user interface 530, at least one network interface
540 and memory 550.Various components in server 500 are coupled by communication bus 520.It is appreciated that communication is total
Line 520 is for realizing the connection communication between these components.Communication bus 520 further includes power supply in addition to including data/address bus
Bus, controlling bus and status signal bus in addition.But for the sake of clear explanation, in Figure 5 various buses are all designated as communicating
Bus 520.
Wherein, user interface 530 may include display, keyboard, mouse, trace ball, click wheel, button, button, sense of touch
Plate or touch screen etc..Network interface 540 may include that standard wireline interface and wireless interface can be WiFi interfaces.
It is appreciated that memory 550 can be high-speed RAM memory, can also be non-labile memory (Non-
Volatile Memory), a for example, at least magnetic disk storage.Memory 550 can also be it is at least one geographically
Storage system far from processor 510.
The recording method of network request provided in an embodiment of the present invention applied to server can be applied to processor 510
In, or realized by processor 510.Processor 510 may be a kind of IC chip, the processing capacity with signal.?
During realization, the different operation being applied in the recording method of the network request of server can be by processor 510
The integrated logic circuit of hardware or the instruction of software form are completed.Above-mentioned processor 510 can be general processor, DSP
Either other programmable logic device, discrete gate or transistor logic, discrete hardware components etc..Processor 510 can be with
Realize or execute recording method, step and logic diagram that the embodiment of the present invention is applied to the network request of server.It is general
Processor can be microprocessor or any conventional processor etc..It is applied to service in conjunction with what the embodiment of the present invention was provided
The recording method of the network request of device can be embodied directly in hardware decoding processor and execute completion, or use decoding processor
In hardware and software module combination execute completion.
As an example, software module can be located in storage medium, storage medium can be memory as shown in Figure 5
550, processor 510 reads the information in memory 550, is completed in conjunction with its hardware provided in an embodiment of the present invention applied to service
The recording method of the network request of device.
In the exemplary embodiment, the embodiment of the present invention additionally provides a kind of readable storage medium storing program for executing, such as including executable
The memory of program, above-mentioned executable program can be executed by processor, the step of to complete preceding method.Readable storage medium storing program for executing can
To be the storages such as FRAM, ROM, PROM, EPROM, EEPROM, Flash Memory, magnetic surface storage, CD or CD-ROM
Device;Can also be including one of above-mentioned memory or the various equipment arbitrarily combined, such as mobile phone, computer equipment, tablet
Equipment, personal digital assistant, Medical Devices etc..
The embodiment of the present invention also describes a kind of computer readable storage medium, such as the storage including executable program
Device, above-mentioned executable program can be executed by processor, when which is executed by processor, be executed:A kind of network request
Recording method, including:Audit progress is established in destination server;It is recorded in the destination server by audit progress
Network request and the corresponding progress information of the network request.
When the computer program is by processor, also execute:In the audit progress, with random acquisition period tau, to institute
It states network request and the corresponding progress information of the network request is acquired;
Wherein, the variation range of τ meets:1s≤τ<2·MSL;MSL is the message longest time-to-live.
When the computer program is by processor, also execute:Audit administration service device hair is received in the audit progress
Rule is trusted in the audit sent.
When the computer program is by processor, also execute:Collected network request and the audit are trusted and advised
It is then matched, matched network request is not recorded in the audit progress.
When the computer program is by processor, also execute:The network request of rule is trusted for not matching the audit,
It is compared according to the progress information of network request between server, the network request is generated in the audit progress and trusts or arranges
The suggestion processing mode looked into.
When the computer program is by processor, also execute:The network request of rule is trusted for not matching the audit,
It is compared according to the progress information for the network request trusted, the network request is generated in the audit progress and trusts or arranges
The suggestion processing mode looked into.
It should be understood by those skilled in the art that, the embodiment of the present invention can be provided as method, system or computer program
Product.Therefore, the shape of hardware embodiment, software implementation or embodiment combining software and hardware aspects can be used in the present invention
Formula.Moreover, the present invention can be used can use storage in the computer that one or more wherein includes computer usable program code
The form for the computer program product implemented on medium (including but not limited to magnetic disk storage and optical memory etc.).
The present invention be with reference to according to the method for the embodiment of the present invention, the flow of equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that can be realized by computer program instructions every first-class in flowchart and/or the block diagram
The combination of flow and/or box in journey and/or box and flowchart and/or the block diagram.These computer programs can be provided
Instruct the processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine so that the instruction executed by computer or the processor of other programmable data processing devices is generated for real
The device for the function of being specified in present one flow of flow chart or one box of multiple flows and/or block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that instruction generation stored in the computer readable memory includes referring to
Enable the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device so that count
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, in computer or
The instruction executed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in a box or multiple boxes.
The foregoing is only a preferred embodiment of the present invention, is not intended to limit the scope of the present invention.
Claims (10)
1. a kind of recording method of network request, which is characterized in that the method includes:
Audit progress is established in destination server;
The network request and the corresponding progress information of the network request in the destination server are recorded by audit progress.
2. the recording method according to claim 1 based on network request, which is characterized in that the method further includes:
In the audit progress, with random acquisition period tau, to the network request and the corresponding process of the network request
Information is acquired;
Wherein, the variation range of τ meets:1s≤τ<2·MSL;MSL is the message longest time-to-live.
3. the recording method according to claim 1 based on network request, which is characterized in that the method further includes:
The audit that audit administration service device is sent is received in the audit progress trusts rule.
4. the recording method according to claim 3 based on network request, which is characterized in that the method further includes:
Collected network request is trusted rule with the audit to match, for matched network request described
It is not recorded in audit progress.
5. the recording method according to claim 3 based on network request, which is characterized in that the method further includes:
The network request that rule is trusted for not matching the audit, compares according to the progress information of network request between server,
The suggestion processing mode trusted or investigated is generated to the network request in the audit progress.
6. the recording method according to claim 3 based on network request, which is characterized in that the method further includes:
The network request that rule is trusted for not matching the audit, compares according to the progress information for the network request trusted,
The suggestion processing mode trusted or investigated is generated to the network request in the audit progress.
7. a kind of server, which is characterized in that the server includes:
Module is established, for establishing audit progress;
Logging modle, for recording network request and the network request pair in the destination server by audit progress
The progress information answered.
8. server according to claim 7, which is characterized in that the server further includes acquisition module,
The acquisition module is used in the audit progress, with random acquisition period tau, to the network request and the net
Network asks corresponding progress information to be acquired;
Wherein, the variation range of τ meets:1s≤τ<2·MSL;MSL is the message longest time-to-live.
9. server according to claim 7, which is characterized in that the server further includes receiving module,
The receiving module receives the audit that audit administration service device is sent for audit progress and trusts rule.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program quilt
The recording method based on network request as described in any one of claim 1-6 is realized when processor executes.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810381767.1A CN108737387A (en) | 2018-04-25 | 2018-04-25 | Recording method, server and the computer readable storage medium of network request |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810381767.1A CN108737387A (en) | 2018-04-25 | 2018-04-25 | Recording method, server and the computer readable storage medium of network request |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108737387A true CN108737387A (en) | 2018-11-02 |
Family
ID=63939281
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810381767.1A Pending CN108737387A (en) | 2018-04-25 | 2018-04-25 | Recording method, server and the computer readable storage medium of network request |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108737387A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110278269A (en) * | 2019-06-21 | 2019-09-24 | 广州小鹏汽车科技有限公司 | A kind of user behavior recording method and device |
CN110719282A (en) * | 2019-10-10 | 2020-01-21 | 国网山东省电力公司信息通信公司 | Authentication dual-active system based on unified authority |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101242658A (en) * | 2008-03-11 | 2008-08-13 | 金柘苗 | Mobile information multi-layer network secure auditing system |
CN103124293A (en) * | 2012-12-31 | 2013-05-29 | 中国人民解放军理工大学 | Cloud data safe auditing method based on multi-Agent |
CN104063473A (en) * | 2014-06-30 | 2014-09-24 | 江苏华大天益电力科技有限公司 | Database auditing monitoring system and database auditing monitoring method |
US20160301561A1 (en) * | 2010-07-01 | 2016-10-13 | Logrhythm, Inc. | Log collection, structuring and processing |
CN106156628A (en) * | 2015-04-16 | 2016-11-23 | 阿里巴巴集团控股有限公司 | A kind of user behavior analysis method and device |
CN106599295A (en) * | 2016-12-27 | 2017-04-26 | 四川中电启明星信息技术有限公司 | Multi-track visual analyzing evidence-collecting method for user behaviors and system |
CN107580005A (en) * | 2017-11-01 | 2018-01-12 | 北京知道创宇信息技术有限公司 | Website protection method, device, website safeguard and readable storage medium storing program for executing |
-
2018
- 2018-04-25 CN CN201810381767.1A patent/CN108737387A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101242658A (en) * | 2008-03-11 | 2008-08-13 | 金柘苗 | Mobile information multi-layer network secure auditing system |
US20160301561A1 (en) * | 2010-07-01 | 2016-10-13 | Logrhythm, Inc. | Log collection, structuring and processing |
CN103124293A (en) * | 2012-12-31 | 2013-05-29 | 中国人民解放军理工大学 | Cloud data safe auditing method based on multi-Agent |
CN104063473A (en) * | 2014-06-30 | 2014-09-24 | 江苏华大天益电力科技有限公司 | Database auditing monitoring system and database auditing monitoring method |
CN106156628A (en) * | 2015-04-16 | 2016-11-23 | 阿里巴巴集团控股有限公司 | A kind of user behavior analysis method and device |
CN106599295A (en) * | 2016-12-27 | 2017-04-26 | 四川中电启明星信息技术有限公司 | Multi-track visual analyzing evidence-collecting method for user behaviors and system |
CN107580005A (en) * | 2017-11-01 | 2018-01-12 | 北京知道创宇信息技术有限公司 | Website protection method, device, website safeguard and readable storage medium storing program for executing |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110278269A (en) * | 2019-06-21 | 2019-09-24 | 广州小鹏汽车科技有限公司 | A kind of user behavior recording method and device |
CN110719282A (en) * | 2019-10-10 | 2020-01-21 | 国网山东省电力公司信息通信公司 | Authentication dual-active system based on unified authority |
CN110719282B (en) * | 2019-10-10 | 2021-10-29 | 国网山东省电力公司信息通信公司 | Authentication dual-active system based on unified authority |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11757650B2 (en) | Distributed self sovereign identities for network function virtualization | |
US8584942B1 (en) | Systems and methods for network inventory management utilizing mobile technology | |
CN106302346A (en) | The safety certifying method of API Calls, device, system | |
CN109379247A (en) | The method and device that the network delay of a kind of pair of application program is detected | |
US10637890B2 (en) | Methods and systems for establishment of VPN security policy by SDN application | |
US10374946B2 (en) | Centralized wireless network management system | |
CN107707557A (en) | Anonymous access method, apparatus, the network equipment and readable storage medium storing program for executing | |
CN111404774B (en) | Data monitoring method, device, equipment and storage medium | |
CN108737387A (en) | Recording method, server and the computer readable storage medium of network request | |
US11734257B2 (en) | Variation recognition between heterogeneous computer systems | |
US8966321B2 (en) | Logical port and layer protocol test configuration resource manager | |
US11503442B2 (en) | Methods of enabling flexible charging in M2M IoT service layer | |
CN113129002A (en) | Data processing method and equipment | |
CN112787975B (en) | Method, device and system for determining type of access device | |
US8687518B1 (en) | Automatic address configuration in a network test system | |
US20130325974A1 (en) | Statistics reporting in a network test system | |
US10866981B2 (en) | Variance detection between heterogeneous computer systems | |
CN114390114A (en) | Method, system, terminal and storage medium for scanning user data packet protocol port | |
CN113242205B (en) | Network traffic classification control method, device, server and storage medium | |
West et al. | dNextG: A Zero-Trust Decentralized Mobile Network User Plane | |
CN112134733B (en) | Method and system for automatically testing load balance under UDP protocol | |
EP4334877A1 (en) | Zero-knowledge service level agreement (sla) monitoring | |
CN110535690A (en) | VPN device management method, device, electronic equipment | |
Khurri | Evaluating IP security and mobility on lightweight hardware |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181102 |