CN108737387A - Recording method, server and the computer readable storage medium of network request - Google Patents

Recording method, server and the computer readable storage medium of network request Download PDF

Info

Publication number
CN108737387A
CN108737387A CN201810381767.1A CN201810381767A CN108737387A CN 108737387 A CN108737387 A CN 108737387A CN 201810381767 A CN201810381767 A CN 201810381767A CN 108737387 A CN108737387 A CN 108737387A
Authority
CN
China
Prior art keywords
network request
audit
progress
server
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810381767.1A
Other languages
Chinese (zh)
Inventor
王林涛
张竞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
MIGU Culture Technology Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
MIGU Culture Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, MIGU Culture Technology Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201810381767.1A priority Critical patent/CN108737387A/en
Publication of CN108737387A publication Critical patent/CN108737387A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/168Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP] specially adapted for link layer protocols, e.g. asynchronous transfer mode [ATM], synchronous optical network [SONET] or point-to-point protocol [PPP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The embodiment of the present invention provides a kind of recording method of network request, server and computer readable storage medium, method:Audit progress is established in destination server;The network request and the corresponding progress information of the network request in the destination server are recorded by audit progress.

Description

Recording method, server and the computer readable storage medium of network request
Technical field
The present invention relates to computer technology, more particularly to a kind of recording method of network request, server and computer can Read storage medium.
Background technology
Existing data center's audit technique can be divided into server operation audit and network strategy, stream according to the audit target Amount audit and this three classes of protocal analysis.
Server operation audit mainly obtains and records the user name, IP address, login of server OS login The information such as the operating system command that time and user use carry out backtracking using the operation information of record and complete to examine server Work is counted, server operation audit presence can not record the behavior that compiled executable program is run in audit operation system Problem, operation audit, which is only capable of recording, has run some executable program, and can not determine whether the program has the sensitive number of request According to or externally leak data behavior, executable program be deleted after, then can not continuous audit positioning.
Network strategy, network auditing system are carried out after the network flow sampling to transmission on the network equipments such as fire wall stores Analysis, for the network transmission strategy and link flow situation of change of point-to-point of auditing, network strategy, network auditing system are only applicable to There is the self-built data center environment of administration authority to network equipments such as fire walls, and it is uncomfortable for renting the scenes such as Cloud Server With, and it is only capable of the network strategy of audit point-to-point on network devices, and can not confirm is using the service of the network strategy It is no to there is exception.
Protocal analysis is by being analyzed to obtain operation behavior to specific application agreement, and by behavior record to audit day Will is analyzed for backtracking.Protocal analysis is not suitable for the scenes such as cryptographic protocol, proprietary protocol, and due to needing to application protocol Message stored and analyzed calculating, it is more demanding to the memory space and calculated performance of auditing system, application scenarios limitation Property it is larger, and protocal analysis is audited according to the obtained operation behavior of analysis, not can determine that the initiation process of behavior, nothing Method audit malicious process.
Invention content
The embodiment of the present invention provides a kind of recording method of network request, server and computer readable storage medium, energy Enough trackings find the request malicious process such as sensitive data or the data that leak, and are supported to provide audit.
In order to achieve the above objectives, the technical solution of the embodiment of the present invention is realized in:
The embodiment of the present invention provides a kind of recording method of network request, including:
Audit progress is established in destination server;
The network request and the corresponding process letter of the network request in the destination server are recorded by audit progress Breath.
Wherein, the method further includes:
It is corresponding to the network request and the network request with random acquisition period tau in the audit progress Progress information is acquired;
Wherein, the variation range of τ meets:1s≤τ<2·MSL;MSL is the message longest time-to-live.
Wherein, the method further includes:
The audit that audit administration service device is sent is received in the audit progress trusts rule.
Wherein, the method further includes:
Collected network request is trusted rule with the audit to match, is existed for matched network request It is not recorded in the audit progress.
Wherein, the method further includes:
The network request that rule is trusted for not matching the audit, according to the progress information ratio of network request between server It is right, the suggestion processing mode trusted or investigated is generated to the network request in the audit progress.
Wherein, the method further includes:
The network request that rule is trusted for not matching the audit, according to the progress information for the network request trusted ratio It is right, the suggestion processing mode trusted or investigated is generated to the network request in the audit progress.
The embodiment of the present invention provides a kind of server, including:
Module is established, for establishing audit progress;
Logging modle is asked for recording network request in the destination server and the network by audit progress Seek corresponding progress information.
Wherein, the server further includes acquisition module,
The acquisition module is used in the audit progress, with random acquisition period tau, to the network request and institute The corresponding progress information of network request is stated to be acquired;
Wherein, the variation range of τ meets:1s≤τ<2·MSL;MSL is the message longest time-to-live.
Wherein, the server further includes receiving module,
The receiving module receives the audit that audit administration service device is sent for audit progress and trusts rule.
The embodiment of the present invention provides a kind of computer readable storage medium, is stored with computer program, the computer journey The recording method for the network request that the embodiment of the present invention is provided is realized when sequence is executed by processor.
In the technical solution of the embodiment of the present invention, by establishing audit progress in destination server, and pass through audit Process records network request and the corresponding progress information of the network request in the destination server, so as to complete The progress information of data transmission is recorded, so as to track find request sensitive data or the data that leak etc. malice into Journey.
Description of the drawings
Fig. 1 is a kind of flow chart of recording method for network request of the embodiment of the present invention;
Fig. 2 is a kind of audit acquisition method flow chart for network request of the embodiment of the present invention;
Fig. 3 is a kind of flow chart enhanced trust and actively discovered for network request of the embodiment of the present invention;
Fig. 4 is a kind of structural schematic diagram of server of the embodiment of the present invention;
Fig. 5 is a kind of structural schematic diagram of server of the embodiment of the present invention.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation describes.
As shown in Figure 1, a kind of flow diagram of recording method for network request for the embodiment of the present invention, below Each step is illustrated respectively.
Step 101:Audit progress is established in destination server.
In the destination server for needing to audit, audit progress is disposed, audit progress here is responsible for recording in server The network request of progress and its corresponding progress information, and realize together with audit administration service device realize trust addition and it is different The function of often reporting will be elaborated about the function of trusting addition and report extremely in subsequent content.
Step 102:The network request and network request correspondence in the destination server are recorded by audit progress Progress information.
The information that audit progress records every time includes optionally:Current time, carry out network request process initiation path, Environmental variance, execute order, (the Internet usage interface and process resource provided by operating system makes process run time Obtained with interface), (judgement is actively externally request or to receive distal end and ask, and passes through operating system for the transmission direction of network request The network service state interface of offer obtains), IP/ port informations are (if it is actively externally request then records the local IP used And far-end IP/port, then record the local ports IP/ and far-end IP if it is distal end request is received).
Wherein, the further record the process in the audit progress may be selected and start path, environmental variance, in order to Audit finding malicious process carries out network request by way of forging process name;Forge the method citing of process name:Certain clothes The business process of the entitled process of A catalogue executive process of business device normally accesses user charges interface, and disabled user is in B catalogues The malicious process for starting same entitled process executes the user charges interface calling of batch, indistinguishable only by process name Regular traffic process and malicious process.
In the present embodiment, because network request and its corresponding progress information are clearly recorded, thus acquisition information is comprehensive, just In auditing orientation, the request malicious process such as sensitive data or the data that leak are found so as to track;In addition, it is wide to be applicable in scene It is general, not by limitations such as service type, application protocols.
In an alternative embodiment, in the audit progress, with random acquisition period tau, to the network request, And the corresponding progress information of the network request is acquired;
Wherein, the variation range of τ meets:1s≤τ<2·MSL;MSL is the message longest time-to-live.
In actual production, due to the difference of server OS configuration, TCP network requests are completed in every server The TIME_WAIT times afterwards are different, and TIME_WAIT is to need a kind of state safeguarded in TCP communication after connection closed, indicates clothes Device be engaged in the response for waiting for opposite end, the most MSL that the time cycle is 2 times, MSL are maximum segment service life (MSL, Maximum Segment Lifetime), be a TCP segment may exist with the maximum time in internet system, in different server Middle setting has differences;
In order to ensure record full dose TCP network requests, audit progress need with the period less than the TIME_WAIT times into Row acquisition, that is, be less than 2 times of MSL, for example, in certain server TIME_WAIT time be 20 seconds, that is, it is most short to represent a used time TCP requests be to be disconnected immediately into TIME_WAIT states after successful connection, there is audit line in systems in entire request The time of rope is 20 seconds, will not in acquisition and recording if the audit progress of the server is acquired with the period less than 20 seconds Omit the TCP requests of shortest time.
In addition, since in addition to TCP network requests, there is also UDP network requests in server, and because UDP networks are asked Connectionless characteristic is sought, audit acquisition is only done when network transmission carries out, corresponding network request and its right can just be recorded The progress information answered.In order to acquire full dose TCP network request information, while UDP network request information is acquired as far as possible, optional Embodiment in, introduce random delay cooperation carry out audit information period acquisition, as shown in Fig. 2, being as follows:
S11 obtains MSL configuration informations in operating system, calculates the corresponding TIME_WAIT times, and the TIME_WAIT times are 2 times of MSL;
S12, audit progress are initiated network request information collection and are recorded;
S13, after audit progress waits for a random delay τ, return to step S12 carries out the acquisition of next cycle, this The value of random delay τ is more than or equal to 1 second, is less than TIME_WAIT.
In this way, in an alternate embodiment of the invention, realize while carrying out audit acquisition for TCP networks and UDP networks, keep away Exempt from specific UDP network requests to acquire around audit, ensure that the validity to network request information collection.
In another optional embodiment, the audit letter that audit administration service device is sent is received in the audit progress Appoint rule, is described as follows:
After the work for completing record of the audit, you can it audits to the network request of sensitive servers, it is careful in order to improve Meter efficiency actively discovers abnormal network request, needs to increase the network request that the regular traffic on audit aim server uses Add trust, is as follows:
S21, audit administration service device are communicated with the audit progress on the destination server of trust to be added, and acquisition is gone Except the full dose after duplicate keys waits for that trust network solicited message (does not include the current time and process run time two in record of the audit );
The proper network that the network request of business normal use and component rely on is asked mark by S22 according to business structure To trust;
The trust rule manually adjusted is issued to the audit progress of destination server by S23, audit administration service device.
In another optional embodiment, collected network request and the audit are trusted into rule progress Match, matched network request is not recorded in the audit progress, specific the step of the trusting that add further includes:
S24 after destination server audit progress receives the trust rule that audit administration service device issues, will trust rule Configuration file is written, after subsequent acquisition network request information, is then no longer written with the network request packet that rule matches is trusted Network request audit log.
In another optional embodiment, the network request of rule is trusted for not matching the audit, according to service The progress information of network request compares between device, and the suggestion trusted or investigated is generated to the network request in the audit progress Processing mode is actively discovered and specifically included the step of reporting extremely:
S25, audit administration service device periodically obtain the collected newly-increased network request information of destination server, if any newly-increased It is not added with the network request of trust, audit administration service device can not add newly-increased according to the mode of advance ratio pair between multiserver Add the network request of trust to carry out suggestion trust and suggests the classification of investigation, such as:In production environment, examining for disaster tolerance Consider, realizes that the process of specific function can be deployed on multiple servers and form cluster, such as increased multiple servers same process newly Information is to the network request that is not added with trust of some port IP/, and the progress information for initiating network request exists and trusted Other network requests rule, it is usually because increasing network request caused by business change newly, audit administration service device then can be to fortune Dimension personnel suggest carrying out batch trust, raising O&M efficiency to these network requests.
In another optional embodiment, the network request of rule is trusted for not matching the audit, according to having believed The progress information for the network request appointed compares, and the suggestion trusted or investigated is generated to the network request in the audit progress Processing mode.It actively discovers and further includes specifically the step of reporting:
S26 trusts the network request of rule for not matching the audit, is believed according to the process for the network request trusted Breath compares, and the suggestion processing mode trusted or investigated is generated to the network request in the audit progress, for example, newly-increased Some process in server A to the specific ports IP/ the network request for being not added with trust, and the process on A servers from There are not trust rule, audit server then can carry out auditing orientation to this network request to operation maintenance personnel suggestion, investigation is It is no to have the access of malice sensitive data or leaking data problem.The operation that final addition is trusted is still by destination server O&M people Member carries out, and audit administration service device provides treatment advice raising operation maintenance personnel treatment effeciency by analyzing network request feature.
Trusted by adding, can substantially reduce network request audit log file size, effectively improve audit efficiency;It can Selection of land, the network request of rule is trusted for not meeting audit can accomplish to actively discover and provide specific suggestion processing side Formula forms effective monitoring, reduces leaking data risk.
It should be noted that in alternative embodiments above, the network request of rule is trusted for not matching the audit, It is not limited in being compared according to the progress information for the network request trusted, or is compared according to process between multiserver, The network request is handled alternatively by other alignments.
In another optional embodiment, as shown in figure 3, one kind for the embodiment of the present invention increases for network request The flow chart trusted and actively discovered, the embodiment include that the complete addition of above-mentioned S21~S26 Overall Steps is trusted and active It was found that method, wherein S25/S26 indicates that S25 or S26 steps, which may be selected, handles network request;Believed by adding The mode appointed and actively discover combination, realizes the dual function of raising and the effective monitoring of audit efficiency.
As shown in figure 4, a kind of structural schematic diagram of server for the embodiment of the present invention, the server include:
Module 301 is established, for establishing audit progress;
Logging modle 302, for recording network request and the network in the destination server by audit progress Ask corresponding progress information.
In an alternative embodiment, the server further includes acquisition module 303, in the audit progress In, with random acquisition period tau, the network request and the corresponding progress information of the network request are acquired;
Wherein, the variation range of τ meets:1s≤τ<2·MSL;MSL is the message longest time-to-live.
In the server of the embodiment of the present invention, receiving module 304, matching module 305 and processing module 306 can be according to realities Border business framework, whether selection is arranged.
Setting receiving module 304 may be selected in the server, receives what audit administration service device was sent for audit progress Rule is trusted in audit.
Setting matching module 305 may be selected in the server, for believing collected network request and the audit Rule is appointed to be matched.
Setting processing module 306 may be selected in the server, for for matched network request in matching module 305 It is not recorded in the audit progress;It is additionally operable to trust the network of rule for not matching the audit in matching module 305 Request is compared according to the progress information of network request between server, is generated and is believed to the network request in the audit progress The suggestion processing mode appointed or investigated;It is additionally operable to ask for not matching the network that rule is trusted in the audit in matching module 305 It asks, is compared according to the progress information for the network request trusted, the network request is generated in the audit progress and is trusted Or the suggestion processing mode of investigation.
In the embodiment of the present invention, based on it will be appreciated by those skilled in the art that each module in server shown in Fig. 2 Realize that function can refer to the aforementioned associated description for the recording method of network request and understand.In server shown in Fig. 2 The function of each module can be realized by running on the program on processor, can also be realized by specific logic circuit.
Continue to explain the structure for the server for realizing the embodiment of the present invention.
It is an optional structural schematic diagram of server 500 provided in an embodiment of the present invention referring to Fig. 5, it is shown in fig. 5 Server includes:At least one processor 510, at least one communication bus 520, user interface 530, at least one network interface 540 and memory 550.Various components in server 500 are coupled by communication bus 520.It is appreciated that communication is total Line 520 is for realizing the connection communication between these components.Communication bus 520 further includes power supply in addition to including data/address bus Bus, controlling bus and status signal bus in addition.But for the sake of clear explanation, in Figure 5 various buses are all designated as communicating Bus 520.
Wherein, user interface 530 may include display, keyboard, mouse, trace ball, click wheel, button, button, sense of touch Plate or touch screen etc..Network interface 540 may include that standard wireline interface and wireless interface can be WiFi interfaces.
It is appreciated that memory 550 can be high-speed RAM memory, can also be non-labile memory (Non- Volatile Memory), a for example, at least magnetic disk storage.Memory 550 can also be it is at least one geographically Storage system far from processor 510.
The recording method of network request provided in an embodiment of the present invention applied to server can be applied to processor 510 In, or realized by processor 510.Processor 510 may be a kind of IC chip, the processing capacity with signal.? During realization, the different operation being applied in the recording method of the network request of server can be by processor 510 The integrated logic circuit of hardware or the instruction of software form are completed.Above-mentioned processor 510 can be general processor, DSP Either other programmable logic device, discrete gate or transistor logic, discrete hardware components etc..Processor 510 can be with Realize or execute recording method, step and logic diagram that the embodiment of the present invention is applied to the network request of server.It is general Processor can be microprocessor or any conventional processor etc..It is applied to service in conjunction with what the embodiment of the present invention was provided The recording method of the network request of device can be embodied directly in hardware decoding processor and execute completion, or use decoding processor In hardware and software module combination execute completion.
As an example, software module can be located in storage medium, storage medium can be memory as shown in Figure 5 550, processor 510 reads the information in memory 550, is completed in conjunction with its hardware provided in an embodiment of the present invention applied to service The recording method of the network request of device.
In the exemplary embodiment, the embodiment of the present invention additionally provides a kind of readable storage medium storing program for executing, such as including executable The memory of program, above-mentioned executable program can be executed by processor, the step of to complete preceding method.Readable storage medium storing program for executing can To be the storages such as FRAM, ROM, PROM, EPROM, EEPROM, Flash Memory, magnetic surface storage, CD or CD-ROM Device;Can also be including one of above-mentioned memory or the various equipment arbitrarily combined, such as mobile phone, computer equipment, tablet Equipment, personal digital assistant, Medical Devices etc..
The embodiment of the present invention also describes a kind of computer readable storage medium, such as the storage including executable program Device, above-mentioned executable program can be executed by processor, when which is executed by processor, be executed:A kind of network request Recording method, including:Audit progress is established in destination server;It is recorded in the destination server by audit progress Network request and the corresponding progress information of the network request.
When the computer program is by processor, also execute:In the audit progress, with random acquisition period tau, to institute It states network request and the corresponding progress information of the network request is acquired;
Wherein, the variation range of τ meets:1s≤τ<2·MSL;MSL is the message longest time-to-live.
When the computer program is by processor, also execute:Audit administration service device hair is received in the audit progress Rule is trusted in the audit sent.
When the computer program is by processor, also execute:Collected network request and the audit are trusted and advised It is then matched, matched network request is not recorded in the audit progress.
When the computer program is by processor, also execute:The network request of rule is trusted for not matching the audit, It is compared according to the progress information of network request between server, the network request is generated in the audit progress and trusts or arranges The suggestion processing mode looked into.
When the computer program is by processor, also execute:The network request of rule is trusted for not matching the audit, It is compared according to the progress information for the network request trusted, the network request is generated in the audit progress and trusts or arranges The suggestion processing mode looked into.
It should be understood by those skilled in the art that, the embodiment of the present invention can be provided as method, system or computer program Product.Therefore, the shape of hardware embodiment, software implementation or embodiment combining software and hardware aspects can be used in the present invention Formula.Moreover, the present invention can be used can use storage in the computer that one or more wherein includes computer usable program code The form for the computer program product implemented on medium (including but not limited to magnetic disk storage and optical memory etc.).
The present invention be with reference to according to the method for the embodiment of the present invention, the flow of equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that can be realized by computer program instructions every first-class in flowchart and/or the block diagram The combination of flow and/or box in journey and/or box and flowchart and/or the block diagram.These computer programs can be provided Instruct the processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine so that the instruction executed by computer or the processor of other programmable data processing devices is generated for real The device for the function of being specified in present one flow of flow chart or one box of multiple flows and/or block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that instruction generation stored in the computer readable memory includes referring to Enable the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device so that count Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, in computer or The instruction executed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in a box or multiple boxes.
The foregoing is only a preferred embodiment of the present invention, is not intended to limit the scope of the present invention.

Claims (10)

1. a kind of recording method of network request, which is characterized in that the method includes:
Audit progress is established in destination server;
The network request and the corresponding progress information of the network request in the destination server are recorded by audit progress.
2. the recording method according to claim 1 based on network request, which is characterized in that the method further includes:
In the audit progress, with random acquisition period tau, to the network request and the corresponding process of the network request Information is acquired;
Wherein, the variation range of τ meets:1s≤τ<2·MSL;MSL is the message longest time-to-live.
3. the recording method according to claim 1 based on network request, which is characterized in that the method further includes:
The audit that audit administration service device is sent is received in the audit progress trusts rule.
4. the recording method according to claim 3 based on network request, which is characterized in that the method further includes:
Collected network request is trusted rule with the audit to match, for matched network request described It is not recorded in audit progress.
5. the recording method according to claim 3 based on network request, which is characterized in that the method further includes:
The network request that rule is trusted for not matching the audit, compares according to the progress information of network request between server, The suggestion processing mode trusted or investigated is generated to the network request in the audit progress.
6. the recording method according to claim 3 based on network request, which is characterized in that the method further includes:
The network request that rule is trusted for not matching the audit, compares according to the progress information for the network request trusted, The suggestion processing mode trusted or investigated is generated to the network request in the audit progress.
7. a kind of server, which is characterized in that the server includes:
Module is established, for establishing audit progress;
Logging modle, for recording network request and the network request pair in the destination server by audit progress The progress information answered.
8. server according to claim 7, which is characterized in that the server further includes acquisition module,
The acquisition module is used in the audit progress, with random acquisition period tau, to the network request and the net Network asks corresponding progress information to be acquired;
Wherein, the variation range of τ meets:1s≤τ<2·MSL;MSL is the message longest time-to-live.
9. server according to claim 7, which is characterized in that the server further includes receiving module,
The receiving module receives the audit that audit administration service device is sent for audit progress and trusts rule.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program quilt The recording method based on network request as described in any one of claim 1-6 is realized when processor executes.
CN201810381767.1A 2018-04-25 2018-04-25 Recording method, server and the computer readable storage medium of network request Pending CN108737387A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810381767.1A CN108737387A (en) 2018-04-25 2018-04-25 Recording method, server and the computer readable storage medium of network request

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810381767.1A CN108737387A (en) 2018-04-25 2018-04-25 Recording method, server and the computer readable storage medium of network request

Publications (1)

Publication Number Publication Date
CN108737387A true CN108737387A (en) 2018-11-02

Family

ID=63939281

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810381767.1A Pending CN108737387A (en) 2018-04-25 2018-04-25 Recording method, server and the computer readable storage medium of network request

Country Status (1)

Country Link
CN (1) CN108737387A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110278269A (en) * 2019-06-21 2019-09-24 广州小鹏汽车科技有限公司 A kind of user behavior recording method and device
CN110719282A (en) * 2019-10-10 2020-01-21 国网山东省电力公司信息通信公司 Authentication dual-active system based on unified authority

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242658A (en) * 2008-03-11 2008-08-13 金柘苗 Mobile information multi-layer network secure auditing system
CN103124293A (en) * 2012-12-31 2013-05-29 中国人民解放军理工大学 Cloud data safe auditing method based on multi-Agent
CN104063473A (en) * 2014-06-30 2014-09-24 江苏华大天益电力科技有限公司 Database auditing monitoring system and database auditing monitoring method
US20160301561A1 (en) * 2010-07-01 2016-10-13 Logrhythm, Inc. Log collection, structuring and processing
CN106156628A (en) * 2015-04-16 2016-11-23 阿里巴巴集团控股有限公司 A kind of user behavior analysis method and device
CN106599295A (en) * 2016-12-27 2017-04-26 四川中电启明星信息技术有限公司 Multi-track visual analyzing evidence-collecting method for user behaviors and system
CN107580005A (en) * 2017-11-01 2018-01-12 北京知道创宇信息技术有限公司 Website protection method, device, website safeguard and readable storage medium storing program for executing

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242658A (en) * 2008-03-11 2008-08-13 金柘苗 Mobile information multi-layer network secure auditing system
US20160301561A1 (en) * 2010-07-01 2016-10-13 Logrhythm, Inc. Log collection, structuring and processing
CN103124293A (en) * 2012-12-31 2013-05-29 中国人民解放军理工大学 Cloud data safe auditing method based on multi-Agent
CN104063473A (en) * 2014-06-30 2014-09-24 江苏华大天益电力科技有限公司 Database auditing monitoring system and database auditing monitoring method
CN106156628A (en) * 2015-04-16 2016-11-23 阿里巴巴集团控股有限公司 A kind of user behavior analysis method and device
CN106599295A (en) * 2016-12-27 2017-04-26 四川中电启明星信息技术有限公司 Multi-track visual analyzing evidence-collecting method for user behaviors and system
CN107580005A (en) * 2017-11-01 2018-01-12 北京知道创宇信息技术有限公司 Website protection method, device, website safeguard and readable storage medium storing program for executing

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110278269A (en) * 2019-06-21 2019-09-24 广州小鹏汽车科技有限公司 A kind of user behavior recording method and device
CN110719282A (en) * 2019-10-10 2020-01-21 国网山东省电力公司信息通信公司 Authentication dual-active system based on unified authority
CN110719282B (en) * 2019-10-10 2021-10-29 国网山东省电力公司信息通信公司 Authentication dual-active system based on unified authority

Similar Documents

Publication Publication Date Title
US11757650B2 (en) Distributed self sovereign identities for network function virtualization
US8584942B1 (en) Systems and methods for network inventory management utilizing mobile technology
CN106302346A (en) The safety certifying method of API Calls, device, system
CN109379247A (en) The method and device that the network delay of a kind of pair of application program is detected
US10637890B2 (en) Methods and systems for establishment of VPN security policy by SDN application
US10374946B2 (en) Centralized wireless network management system
CN107707557A (en) Anonymous access method, apparatus, the network equipment and readable storage medium storing program for executing
CN111404774B (en) Data monitoring method, device, equipment and storage medium
CN108737387A (en) Recording method, server and the computer readable storage medium of network request
US11734257B2 (en) Variation recognition between heterogeneous computer systems
US8966321B2 (en) Logical port and layer protocol test configuration resource manager
US11503442B2 (en) Methods of enabling flexible charging in M2M IoT service layer
CN113129002A (en) Data processing method and equipment
CN112787975B (en) Method, device and system for determining type of access device
US8687518B1 (en) Automatic address configuration in a network test system
US20130325974A1 (en) Statistics reporting in a network test system
US10866981B2 (en) Variance detection between heterogeneous computer systems
CN114390114A (en) Method, system, terminal and storage medium for scanning user data packet protocol port
CN113242205B (en) Network traffic classification control method, device, server and storage medium
West et al. dNextG: A Zero-Trust Decentralized Mobile Network User Plane
CN112134733B (en) Method and system for automatically testing load balance under UDP protocol
EP4334877A1 (en) Zero-knowledge service level agreement (sla) monitoring
CN110535690A (en) VPN device management method, device, electronic equipment
Khurri Evaluating IP security and mobility on lightweight hardware

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181102