CN109413081B - Web service scheduling method and scheduling system - Google Patents

Web service scheduling method and scheduling system Download PDF

Info

Publication number
CN109413081B
CN109413081B CN201811338517.6A CN201811338517A CN109413081B CN 109413081 B CN109413081 B CN 109413081B CN 201811338517 A CN201811338517 A CN 201811338517A CN 109413081 B CN109413081 B CN 109413081B
Authority
CN
China
Prior art keywords
computer network
web service
network device
service
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811338517.6A
Other languages
Chinese (zh)
Other versions
CN109413081A (en
Inventor
韩首魁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Angshi Information Technology Co ltd
Original Assignee
Zhengzhou Angshi Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Angshi Information Technology Co ltd filed Critical Zhengzhou Angshi Information Technology Co ltd
Priority to CN201811338517.6A priority Critical patent/CN109413081B/en
Publication of CN109413081A publication Critical patent/CN109413081A/en
Application granted granted Critical
Publication of CN109413081B publication Critical patent/CN109413081B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources

Abstract

The application provides a Web service scheduling method, which is applied to a computer network, wherein the computer network comprises computer network device nodes and a dynamic IP module, and the computer network device nodes randomly agent Web services in other computer network device nodes; the method comprises the following steps: when the computer network device node detects that the Web service IP address providing Web service is attacked, sending service attacked alarm information to a dynamic IP module; and the dynamic IP module closes the Web service IP address providing the Web service according to the service attacked alarm information, and schedules the Web service IP addresses in other computer network device nodes which are proxied by the computer network device nodes to provide the Web service for the outside. The technical scheme brings great difficulty for an attacker to grope a network structure, can prevent the attacker from attacking the whole computer network by attacking the known Web service IP address of the attacker, and can improve the network security to a great extent.

Description

Web service scheduling method and scheduling system
Technical Field
The present application relates to the field of computer network technologies, and in particular, to a method and a system for scheduling Web services.
Background
Currently, a commonly used computer network system operates on a static template and service application configuration, the IP address and port of a system service are fixed and unique, and the system composition is stable. After the computer network system which is stable like this is put into practical application, an attacker can observe and research the computer network system in a long enough time, and after the attacker thoroughly researches the computer network system, the attacker can accurately attack the computer network system. Therefore, the stable computer network system has the disadvantage of being easily attacked by attackers, and cannot meet the requirement of users on the security of the system.
Disclosure of Invention
Based on the defects and shortcomings of the prior art, the Web service scheduling method and the Web service scheduling system are provided, so that the safe scheduling of the Web service of the computer network can be realized, and an attacker is prevented from attacking the computer network.
A Web service scheduling method is applied to a computer network, the computer network comprises computer network device nodes and a dynamic IP module, and the computer network device nodes randomly agent Web services in other computer network device nodes; the method comprises the following steps:
when the computer network device node detects that the Web service IP address providing Web service is attacked, sending service attacked alarm information to a dynamic IP module;
and the dynamic IP module closes the Web service IP address providing the Web service according to the service attacked alarm information, and schedules the Web service IP addresses in other computer network device nodes which are proxied by the computer network device nodes to provide the Web service for the outside.
Optionally, the randomly proxying Web services in other computer network device nodes by the computer network device node includes:
the proxy service module in the computer network device node randomly registers Web services in other computer network device nodes to the service address center module;
correspondingly, the dynamic IP module schedules the Web service IP addresses in other computer network device nodes that the computer network device node is proxying to provide the Web service to the outside, including:
and the dynamic IP module schedules other currently recorded Web service IP addresses in a service address center module in the computer network device node to provide Web services for the outside.
Optionally, the method further includes:
and carrying out defense protection processing on the attacked Web service IP address, and adding the processed Web service IP address into a service address center module in the computer network device node.
A Web service scheduling system, comprising:
computer network device nodes, dynamic IP modules;
wherein the computer network device nodes are used to provide Web services and to randomly proxy Web services in other computer network device nodes in the computer network;
and the dynamic IP module is used for scheduling the Web service IP addresses in other computer network device nodes which are proxied by the computer network device node to provide the Web service to the outside when the Web service IP address of the Web service provided by the computer network device node is attacked.
Optionally, the computer network device node includes:
the service address center module is used for recording Web service information, wherein the service address center module is used for recording an IP address of Web service;
the proxy service module is used for registering Web services in the Web service module in the computer network device node which is proxy by the computer network device node to the service address center module;
the Web service module is used for providing Web services;
and the scheduling service module is used for scheduling the Web service in the Web service module.
Optionally, when the dynamic IP module schedules the Web service IP address in another computer network device node that is acting by the computer network device node to provide the Web service to the outside, the dynamic IP module is specifically configured to:
and scheduling the Web service IP address recorded in the service address center module in the computer network device node to provide Web service for the outside.
Optionally, the computer network device node further includes:
and the log management module is used for respectively generating working logs of all modules of the device nodes.
Optionally, the Web service module includes at least one heterogeneous node, where the heterogeneous node includes a plurality of heterogeneous entities; wherein each of the plurality of heterogeneous entities provides equivalent Web services.
Optionally, the service address center module records Web service information, and further records the following information:
the method comprises the steps of Web service name, Web service calling class, Web service calling method name, Web service calling method parameter type, Web service calling method return type, whether the Web service is started or not and whether the Web service processing data is stored or not.
The Web service scheduling method is applied to a computer network, the computer network comprises computer network device nodes and a dynamic IP module, and the computer network device nodes are set to randomly proxy Web services in other computer network device nodes, on the basis, when the computer network device nodes detect that the IP address of the Web service providing the Web service is attacked, service attacked alarm information is sent to the dynamic IP module; and the dynamic IP module closes the Web service IP address providing the Web service according to the service attacked alarm information, and schedules the Web service IP addresses in other computer network device nodes which are proxied by the computer network device nodes to provide the Web service for the outside. Because the Web service agent relation changes randomly and the dynamic IP module can schedule the Web service in time, great difficulty is brought to an attacker to grope a network structure, the attacker can be prevented from attacking the whole computer network by attacking the known IP address of the Web service, and the network security can be improved to a great extent.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a schematic diagram of a computer network architecture provided by an embodiment of the present application;
fig. 2 is a schematic flowchart of a Web service scheduling method according to an embodiment of the present application;
fig. 3 is a schematic flowchart of another Web service scheduling method provided in an embodiment of the present application;
fig. 4 is a schematic diagram of another computer network structure provided in the embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The embodiment of the application discloses a Web service scheduling method, which is applied to a computer network, and is shown in figure 1. The computer network shown in fig. 1 likewise constitutes a Web service scheduling system that schedules Web services in various computer network device nodes in the network.
Specifically, the computer network device node in the embodiment of the present application includes a Web service module, a scheduling service module, an agent service module, and a service address center module.
The Web service module is used for providing Web services, and the scheduling service module is used for scheduling the Web services in the Web service module.
The proxy service module is used for proxying Web services in other computer network device nodes in the computer network, in particular Web services in the Web service modules of other computer network device nodes. For example, as shown in fig. 1, the proxy service module in the upper left computer network appliance node proxies the Web service in the Web service module in the lower right computer network appliance node.
It should be noted that fig. 1 above only shows exemplary Web service proxy relationships among computer network device nodes in a computer network, and in an actual network, there may be more computer network device nodes, and Web service proxy relationships among the nodes may exist with reference to fig. 1. The embodiment of the present application does not limit the specific structure of the computer network to which the technical solution of the embodiment of the present application is applied, and based on the example of the computer network structure shown in fig. 1, when the technical solution of the embodiment of the present application is implemented to configure the Web service proxy relationship for each computer network device node in the computer network, theoretically, the more the number of the computer network device nodes participating in the Web service proxy is, the more the proxy relationship is, the more the difficulty of an attacker for exploring the network rules is, and the more secure the network is.
In particular, the Web service proxy proposed in the embodiment of the present application is random, that is, for a certain computer network device node, the Web service of the proxy changes randomly with time, and at different times, the Web service in different computer network device nodes may be proxied. On the basis, the Web service agent relation between each computer network device node of the whole computer network is randomly changed, so that for an attacker, the difficulty of exploring the structural rules of the computer network is further increased, and the network security is guaranteed.
The proxy service module registers the proxied Web service to the service address center module, and the service address center module is used for recording the Web service registered by the proxy service module, specifically recording an IP address, a Web service name, a Web service calling class, a Web service calling method name, a Web service calling method parameter type, a Web service calling method return type, whether the Web service is started, whether Web service processing data is stored, and the like of the Web service.
On the basis of the computer network structure shown in fig. 1 and as shown in fig. 2, a Web service scheduling method provided in an embodiment of the present application includes:
s201, a computer network device node detects whether a Web service IP address providing Web service is attacked or not;
specifically, the computer network device node detects whether the IP address of the Web service providing the Web service is attacked by an attacker in real time.
As shown in fig. 1, the Web service IP address providing the Web service may be a Web service port IP address exposed to the outside so as to provide the Web service to the outside in the Web service module of the computer network device node itself shown in the upper left corner of fig. 1.
In an exemplary implementation, the proxy service module in the node of the computer network device in the upper left corner shown in fig. 1 performs the detection process, i.e., detects whether the IP address of the Web service providing the Web service is attacked in real time.
If the computer network device node does not detect that the Web service IP address that is providing the Web service is being attacked, then a continuation detect is returned.
When the computer network device node detects that the Web service IP address providing the Web service is attacked, executing the step S202 and sending service attacked alarm information to the dynamic IP module;
specifically, when the node of the computer network device detects that the IP address of the Web service providing the Web service is attacked, service attack alarm information is immediately sent to the dynamic IP module so as to inform the dynamic IP module that the service is attacked and take countermeasures in time.
S203, the dynamic IP module closes the Web service IP address providing the Web service according to the service attacked alarm information, and schedules the Web service IP address in other computer network device nodes which are proxied by the computer network device nodes to provide the Web service for the outside.
Correspondingly, after receiving the service attack alarm information sent by the computer network device node, the dynamic IP module firstly determines the attacked Web service IP address and closes the Web service IP address which provides the Web service and is attacked.
Then, the dynamic IP module schedules Web services in other computer network device nodes proxied by the computer network device node according to a preset scheduling algorithm, and only exposes one service IP address port to provide the Web services to the outside.
It should be noted that, based on the characteristics of the embodiment of the present application that a node of a computer network device randomly proxies Web services in nodes of other computer network devices, the Web service that is being proxied by the node of the computer network device and is being scheduled by the dynamic IP module refers to the Web service in nodes of other computer network devices that is being proxied by the node of the computer network device at the time when the dynamic IP module schedules other Web services according to the received service attack alarm information.
For example, as shown in fig. 1, assuming that a computer network device node at the upper left corner finds that a Web service IP address providing a Web service externally by itself is attacked, a service attack alarm message is sent to the dynamic IP module, and after receiving the alarm message, the dynamic IP module closes the Web service IP address providing the Web service, and determines that the computer network device node currently proxies the Web service in the computer network device node at the lower right corner in fig. 1, so that the dynamic IP module schedules the Web service IP address of the computer network device node at the lower right corner proxied by the computer network device node at the upper left corner to provide the Web service externally.
An optional implementation manner of the foregoing scheduling process is, as shown in fig. 1, when the computer network device node at the upper left corner proxies the Web service in the computer network device node at the lower right corner, the proxy service module in the computer network device node at the upper left corner registers the proxied Web service in the computer network device node at the lower right corner to the service address center module in the computer network device node at the upper left corner.
On this basis, when the dynamic IP module schedules the Web service proxied by the upper left-hand computer network device node, the dynamic IP module directly schedules the Web service IP address recorded in the service address center module of the computer network device node shown in the upper left-hand corner of fig. 1 to provide the Web service to the outside.
That is to say, when the dynamic IP module in the embodiment of the present application schedules a Web service, one implementation manner is to directly schedule the Web service recorded in the service address center module of a node of the computer network device, so that the Web service IP address of the scheduled Web service provides the Web service to the outside.
As can be seen from the above description, the Web service scheduling method provided in the embodiment of the present application is applied to a computer network, where the computer network includes computer network device nodes and dynamic IP modules, and the computer network device nodes are set to randomly proxy Web services in other computer network device nodes, and on this basis, when the computer network device nodes detect that a Web service IP address providing the Web service is attacked, send service attack alarm information to the dynamic IP modules; and the dynamic IP module closes the Web service IP address providing the Web service according to the service attacked alarm information, and schedules the Web service IP addresses in other computer network device nodes which are proxied by the computer network device nodes to provide the Web service for the outside. Because the Web service agent relation changes randomly and the dynamic IP module can schedule the Web service in time, great difficulty is brought to an attacker to grope a network structure, the attacker can be prevented from attacking the whole computer network by attacking the known IP address of the Web service, and the network security can be improved to a great extent.
Optionally, referring to fig. 3, in another embodiment of the present application, the Web service scheduling method further includes:
s304, carrying out defense protection processing on the attacked Web service IP address, and adding the processed Web service IP address into a service address center module in the computer network device node.
Specifically, in the embodiment of the present application, after the dynamic IP module closes the attacked Web service IP address and schedules other Web service IP addresses to provide Web services to the outside, the closed, i.e., attacked, Web service IP address is further subjected to defense protection processing, that is, necessary protection measures are set for the IP address according to the attacked history, so that after the IP address is restored to normal, the dynamic IP module adds the processed Web service IP address to the service address center module of the computer network device node, so that the dynamic IP module can call the Web service IP address again.
Steps S301 to S303 in this embodiment respectively correspond to steps S201 to S203 in the method embodiment shown in fig. 2, and for specific content, please refer to the content of the method embodiment shown in fig. 2, which is not described herein again.
Another embodiment of the present application further discloses a Web service scheduling system, which is shown in fig. 1 and includes a computer network device node and a dynamic IP module.
The computer network device nodes are used for providing Web services, and randomly acting the Web services in other computer network device nodes in the computer network.
Specifically, referring to fig. 1, the top left computer network device node may provide Web services, and at the same time, the computer network device node may also proxy the Web services in the bottom right computer network device node shown in fig. 1.
In another embodiment of the present application, referring to fig. 4, it is specifically disclosed that the node of the computer network device in the Web service scheduling system specifically includes:
the service address center module is used for recording Web service information, wherein the service address center module is used for recording an IP address of Web service;
the proxy service module is used for registering Web services in the Web service module in the computer network device node which is proxy by the computer network device node to the service address center module;
the Web service module is used for providing Web services;
and the scheduling service module is used for scheduling the Web service in the Web service module.
Specifically, the Web service module is configured to provide a Web service. The Web service module comprises at least one heterogeneous node, wherein the heterogeneous node comprises a plurality of heterogeneous entities; wherein each of the plurality of heterogeneous entities provides equivalent Web services.
When the heterogeneous node receives the network service request, a plurality of online heterogeneous entities are selected from part of the online heterogeneous entities in a plurality of heterogeneous entities contained in the heterogeneous node to respond to the received service request, so that each service request corresponds to a plurality of responding heterogeneous entities.
The scheduling service module is used for scheduling the Web service in the Web service module, wherein the scheduling service module schedules the Web service according to information such as a scheduling task name, a scheduling task description, a scheduling polling period, a task execution time, whether a task is started or not, a task parameter time and the like.
The proxy service module is used for proxying Web services in other computer network device nodes in the computer network, specifically, Web services in the Web service modules of other computer network device nodes, and includes proxying protocols TCP, HTTP and SMTP. For example, as shown in fig. 1, the proxy service module in the upper left computer network appliance node proxies the Web service in the Web service module in the lower right computer network appliance node.
It should be noted that fig. 1 above only shows exemplary Web service proxy relationships among computer network device nodes in a computer network, and in an actual network, there may be more computer network device nodes, and Web service proxy relationships among the nodes may exist with reference to fig. 1. The embodiment of the present application does not limit the specific structure of the computer network to which the technical solution of the embodiment of the present application is applied, and based on the example of the computer network structure shown in fig. 1, when the technical solution of the embodiment of the present application is implemented to configure the Web service proxy relationship for each computer network device node in the computer network, theoretically, the more the number of the computer network device nodes participating in the Web service proxy is, the more the proxy relationship is, the more the difficulty of an attacker for exploring the network rules is, and the more secure the network is.
In particular, the Web service proxy proposed in the embodiment of the present application is random, that is, for a certain computer network device node, the Web service of the proxy changes randomly with time, and at different times, the Web service in different computer network device nodes may be proxied. On the basis, the Web service agent relation between each computer network device node of the whole computer network is randomly changed, so that for an attacker, the difficulty of exploring the structural rules of the computer network is further increased, and the network security is guaranteed.
The proxy service module registers the proxied Web service to the service address center module, and the service address center module is used for recording the Web service registered by the proxy service module, specifically recording an IP address, a Web service name, a Web service calling class, a Web service calling method name, a Web service calling method parameter type, a Web service calling method return type, whether the Web service is started, whether Web service processing data is stored, and the like of the Web service.
The dynamic IP module in the Web service scheduling system shown in fig. 1 is configured to schedule, when a Web service IP address of a Web service provided by the computer network device node is attacked, Web service IP addresses in other computer network device nodes that the computer network device node is proxying to provide the Web service to the outside.
Specifically, after receiving the service attack alarm information sent by the computer network device node, the dynamic IP module first determines an attacked Web service IP address and closes the attacked Web service IP address which provides the Web service.
Then, the dynamic IP module schedules Web services in other computer network device nodes proxied by the computer network device node according to a preset scheduling algorithm, and only exposes one service IP address port to provide the Web services to the outside.
It should be noted that, based on the characteristics of the embodiment of the present application that a node of a computer network device randomly proxies Web services in nodes of other computer network devices, the Web service that is being proxied by the node of the computer network device and is being scheduled by the dynamic IP module refers to the Web service in nodes of other computer network devices that is being proxied by the node of the computer network device at the time when the dynamic IP module schedules other Web services according to the received service attack alarm information.
For example, as shown in fig. 1, assuming that a computer network device node at the upper left corner finds that a Web service IP address providing a Web service externally by itself is attacked, a service attack alarm message is sent to the dynamic IP module, and after receiving the alarm message, the dynamic IP module closes the Web service IP address providing the Web service, and determines that the computer network device node currently proxies the Web service in the computer network device node at the lower right corner in fig. 1, so that the dynamic IP module schedules the Web service IP address of the computer network device node at the lower right corner proxied by the computer network device node at the upper left corner to provide the Web service externally.
An alternative implementation manner of the foregoing scheduling process is that, as shown in fig. 4, when the computer network device node at the upper left corner proxies the Web service in the computer network device node at the lower right corner, the proxy service module in the computer network device node at the upper left corner registers the proxied Web service in the computer network device node at the lower right corner to the service address center module in the computer network device node at the upper left corner.
On this basis, when the dynamic IP module schedules the Web service proxied by the upper left-hand computer network device node, the dynamic IP module directly schedules the Web service IP address recorded in the service address center module of the computer network device node shown in the upper left-hand corner of fig. 4 to provide the Web service to the outside.
That is to say, when the dynamic IP module in the embodiment of the present application schedules a Web service, one implementation manner is to directly schedule the Web service recorded in the service address center module of a node of the computer network device, so that the Web service IP address of the scheduled Web service provides the Web service to the outside.
Optionally, in another embodiment of the present application, it is further disclosed that the node of the computer network device in the Web service scheduling system further includes:
and the log management module is used for respectively generating working logs of all modules of the device nodes.
Specifically, the embodiment of the present application provides a log management module for a computer network device node of a Web service scheduling system, and is configured to log the work of each module of the device node. An optional implementation manner of recording is that the log management module sequentially performs log recording on the work of each module according to record items such as scheduled execution time, actual execution time, end time, considered node, and current task node execution information.
While, for purposes of simplicity of explanation, the foregoing method embodiments have been described as a series of acts or combination of acts, it will be appreciated by those skilled in the art that the present application is not limited by the order of acts or acts described, as some steps may occur in other orders or concurrently with other steps in accordance with the application. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required in this application.
It should be noted that, in the present specification, the embodiments are all described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other. For the device-like embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The steps in the method of the embodiments of the present application may be sequentially adjusted, combined, and deleted according to actual needs.
The modules and sub-modules in the device and the terminal in the embodiments of the application can be combined, divided and deleted according to actual needs.
In the several embodiments provided in the present application, it should be understood that the disclosed terminal, apparatus and method may be implemented in other manners. For example, the above-described terminal embodiments are merely illustrative, and for example, the division of a module or a sub-module is only one logical division, and there may be other divisions when the terminal is actually implemented, for example, a plurality of sub-modules or modules may be combined or integrated into another module, or some features may be omitted or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or modules, and may be in an electrical, mechanical or other form.
The modules or sub-modules described as separate parts may or may not be physically separate, and parts that are modules or sub-modules may or may not be physical modules or sub-modules, may be located in one place, or may be distributed over a plurality of network modules or sub-modules. Some or all of the modules or sub-modules can be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, each functional module or sub-module in the embodiments of the present application may be integrated into one processing module, or each module or sub-module may exist alone physically, or two or more modules or sub-modules may be integrated into one module. The integrated modules or sub-modules may be implemented in the form of hardware, or may be implemented in the form of software functional modules or sub-modules.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software unit executed by a processor, or in a combination of the two. The software cells may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (6)

1. A Web service scheduling method is characterized in that the method is applied to a computer network, the computer network comprises computer network device nodes and a dynamic IP module, and the computer network device nodes randomly proxy Web services in other computer network device nodes; the method comprises the following steps:
when the computer network device node detects that the Web service IP address providing Web service is attacked, sending service attacked alarm information to a dynamic IP module;
the dynamic IP module closes the Web service IP address of the Web service being provided according to the service attacked alarm information, and schedules the Web service IP addresses in other computer network device nodes which are proxied by the computer network device nodes to provide the Web service to the outside;
wherein the computer network device node randomly brokers Web services in other computer network device nodes, comprising:
the proxy service module in the computer network device node randomly registers Web services in other computer network device nodes to the service address center module;
correspondingly, the dynamic IP module schedules the Web service IP addresses in other computer network device nodes that the computer network device node is proxying to provide the Web service to the outside, including:
and the dynamic IP module schedules other currently recorded Web service IP addresses in a service address center module in the computer network device node to provide Web services for the outside.
2. The method of claim 1, further comprising:
and carrying out defense protection processing on the attacked Web service IP address, and adding the processed Web service IP address into a service address center module in the computer network device node.
3. A Web service scheduling system, comprising:
computer network device nodes, dynamic IP modules;
wherein the computer network device nodes are used to provide Web services and to randomly proxy Web services in other computer network device nodes in the computer network;
the dynamic IP module is used for scheduling Web service IP addresses in other computer network device nodes which are proxied by the computer network device node to provide Web services to the outside when the Web service IP addresses of the computer network device node providing the Web services are attacked;
the computer network device node comprising:
the service address center module is used for recording Web service information, wherein the service address center module is used for recording an IP address of Web service;
the proxy service module is used for randomly registering the Web service in the Web service module in the computer network device node which is being proxied by the computer network device node to the service address center module;
the Web service module is used for providing Web services;
the scheduling service module is used for scheduling the Web service in the Web service module;
the dynamic IP module is specifically configured to schedule a Web service IP address recorded in a service address center module in the node of the computer network device to provide a Web service to the outside.
4. The system of claim 3, wherein the computer network appliance node, further comprises:
and the log management module is used for respectively generating working logs of all modules of the device nodes.
5. The system of claim 3, wherein the Web services module comprises at least one heterogeneous node, the heterogeneous node comprising a plurality of heterogeneous entities; wherein each of the plurality of heterogeneous entities provides equivalent Web services.
6. The system of claim 3, wherein the service address center module records Web service information, further comprising recording the following information:
the method comprises the steps of Web service name, Web service calling class, Web service calling method name, Web service calling method parameter type, Web service calling method return type, whether the Web service is started or not and whether the Web service processing data is stored or not.
CN201811338517.6A 2018-11-12 2018-11-12 Web service scheduling method and scheduling system Active CN109413081B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811338517.6A CN109413081B (en) 2018-11-12 2018-11-12 Web service scheduling method and scheduling system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811338517.6A CN109413081B (en) 2018-11-12 2018-11-12 Web service scheduling method and scheduling system

Publications (2)

Publication Number Publication Date
CN109413081A CN109413081A (en) 2019-03-01
CN109413081B true CN109413081B (en) 2021-09-07

Family

ID=65472603

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811338517.6A Active CN109413081B (en) 2018-11-12 2018-11-12 Web service scheduling method and scheduling system

Country Status (1)

Country Link
CN (1) CN109413081B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101719842A (en) * 2009-11-20 2010-06-02 中国科学院软件研究所 Cloud computing environment-based distributed network security pre-warning method
CN102209100A (en) * 2011-03-15 2011-10-05 厦门亿力吉奥信息科技有限公司 Task scheduling cloud processing system and method
CN102624570A (en) * 2012-04-27 2012-08-01 杭州东信北邮信息技术有限公司 Monitoring system and method for detecting availability of web server
CN103023924A (en) * 2012-12-31 2013-04-03 网宿科技股份有限公司 Content distribution network based DDoS (distributed denial of service) attack protecting method and content distribution network based DDoS attack protecting system for cloud distribution platform
US9130994B1 (en) * 2011-03-09 2015-09-08 Symantec Corporation Techniques for avoiding dynamic domain name system (DNS) collisions
CN105915602A (en) * 2016-04-13 2016-08-31 华南理工大学 Community-detection-algorithm-based P2P network scheduling method and system
CN107750441A (en) * 2015-01-26 2018-03-02 卢森堡商创研腾智权信托有限公司 Safety actuality communication network and agreement

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016192804A1 (en) * 2015-06-04 2016-12-08 Telefonaktiebolaget Lm Ericsson (Publ) Controlling communication mode of a mobile terminal

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101719842A (en) * 2009-11-20 2010-06-02 中国科学院软件研究所 Cloud computing environment-based distributed network security pre-warning method
US9130994B1 (en) * 2011-03-09 2015-09-08 Symantec Corporation Techniques for avoiding dynamic domain name system (DNS) collisions
CN102209100A (en) * 2011-03-15 2011-10-05 厦门亿力吉奥信息科技有限公司 Task scheduling cloud processing system and method
CN102624570A (en) * 2012-04-27 2012-08-01 杭州东信北邮信息技术有限公司 Monitoring system and method for detecting availability of web server
CN103023924A (en) * 2012-12-31 2013-04-03 网宿科技股份有限公司 Content distribution network based DDoS (distributed denial of service) attack protecting method and content distribution network based DDoS attack protecting system for cloud distribution platform
CN107750441A (en) * 2015-01-26 2018-03-02 卢森堡商创研腾智权信托有限公司 Safety actuality communication network and agreement
CN105915602A (en) * 2016-04-13 2016-08-31 华南理工大学 Community-detection-algorithm-based P2P network scheduling method and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
《web服务器拟态防御原理验证系统测试与分析》;张铮等;《信息安全学报》;20170131;全文 *
《基于虚拟化技术构建动态Web服务系统的设计与实现》;祝永胜等;《信息工程大学学报》;20170228;全文 *

Also Published As

Publication number Publication date
CN109413081A (en) 2019-03-01

Similar Documents

Publication Publication Date Title
US10257674B2 (en) System and method for triggering on platform usage
US20140214938A1 (en) Identifying participants for collaboration in a threat exchange community
US9098459B2 (en) Activity filtering based on trust ratings of network
US20040199597A1 (en) Method and system for image verification to prevent messaging abuse
CN107040494B (en) User account abnormity prevention method and system
CN109698809B (en) Method and device for identifying abnormal login of account
CN105450619A (en) Method, device and system of protection of hostile attacks
US10659335B1 (en) Contextual analyses of network traffic
US20170279854A1 (en) Identifying data usage via active data
JP2018533803A (en) IP address acquisition method and apparatus
CN106487654A (en) The method of message cluster transmition
CN105490824A (en) Game server and mass message filtering method
CN104580108A (en) Information prompting method and system as well as server
CN104518949A (en) Method and system for message prompt
Pauley et al. Measuring and mitigating the risk of ip reuse on public clouds
CN112887105B (en) Conference security monitoring method and device, electronic equipment and storage medium
CN109413081B (en) Web service scheduling method and scheduling system
CN107770162A (en) The method and device of brush present is prevented in a kind of live platform
CN109257445B (en) Dynamic scheduling method and dynamic scheduling system for Web service
US7228331B2 (en) User oriented penalty count random rejection of electronic messages
CN111988473B (en) Voice communication call control method and device based on intelligent contract
CN111083173B (en) Dynamic defense method in network communication based on openflow protocol
US10581916B2 (en) System and method for identifying cyber-attacks
Eid et al. Secure double-layered defense against HTTP-DDoS attacks
CN112217770A (en) Security detection method and device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB03 Change of inventor or designer information
CB03 Change of inventor or designer information

Inventor after: Han Shoukui

Inventor before: Zhang Zheng

Inventor before: Wu Jiangxing

Inventor before: Wang Xiaomei

Inventor before: Han Shoukui

GR01 Patent grant
GR01 Patent grant