CN109995889B

CN109995889B - Method and device for updating mapping relation table, gateway equipment and storage medium

Info

Publication number: CN109995889B
Application number: CN201810001554.1A
Authority: CN
Inventors: 魏彬; 董嘉
Original assignee: China Mobile Communications Group Co Ltd; China Mobile Communications Ltd Research Institute
Current assignee: China Mobile Communications Group Co Ltd; China Mobile Communications Ltd Research Institute
Priority date: 2018-01-02
Filing date: 2018-01-02
Publication date: 2022-02-25
Anticipated expiration: 2038-01-02
Also published as: CN109995889A

Abstract

The invention discloses a method and a device for updating a mapping relation table, gateway equipment and a storage medium, wherein the method comprises the following steps: receiving a service access request carrying a first URL, and determining a first IP address corresponding to the first URL according to the first URL, wherein the service access request is an HTTP request or a first DNS query request; judging whether a first mapping relation between the first URL and the first IP address exists or not according to a pre-stored mapping relation table between the URL and the IP address; if so, updating the storage time point of the first mapping relation in the mapping relation table according to the time point of receiving the service access request. According to the invention, the storage time point of the first mapping relation between the first URL and the first IP address is updated, and the failure time point of the mapping relation is dynamically updated, so that the risk of fraud and misjudgment is reduced, and the situation of mischarge is avoided.

Description

Method and device for updating mapping relation table, gateway equipment and storage medium

Technical Field

The present invention relates to the field of core network technologies, and in particular, to a method and an apparatus for updating a mapping table, a gateway device, and a storage medium.

Background

The content charging refers to comprehensively analyzing flow data and data content generated in the process of using a Service by a user, identifying various charging elements in the data content, and charging according to an analysis result, wherein the charging elements comprise one or more of an access mode, a Service type, flow, duration, an event, QOS (Quality of Service) and the like, and the event comprises a click event and the like. In a content charging system, a GGSN (Gateway GPRS Support Node) and a PGW (PDN Gateway) are used as traffic-based traffic statistics nodes to count data traffic of different services and distinguish uplink traffic and downlink traffic in different traffic statistics processes.

The GGSN and the PGW may perform service analysis of different protocol layers on a GTP (GPRS tunneling protocol) based service data stream flowing through the GGSN and the PGW according to a service filtering charging rule pre-configured in the GGSN and the PGW, where the different protocol layers include three to seven layers of a network seven-layer protocol, and implement differentiation of data services by configuring a service analysis layer, thereby implementing content charging. On the basis of service analysis and differentiation, the GGSN and the PGW match service data packets according to content charging rules pre-configured in the GGSN and the PGW so as to achieve the purpose of traffic differentiation, and record corresponding differentiated traffic information in a call list aiming at different services.

The content charging rules configured on the GGSN and the PGW include: the case where only three-layer or four-layer attributes are arranged, only seven-layer attributes are arranged, and three-layer or four-layer attributes and seven-layer attributes are arranged. For free services and pay-by-wire services, there is a risk of fraud if only seven-layer attributes, such as seven-layer URLs (Uniform Resource locators), are provided as content charging rules. Specifically, a fraudulent user sends a fraudulent message carrying seven layers of URL indications to provide free services for an operator, such as accessing an online business hall www.10086.com of a mobile operator, but an IP (Internet Protocol) address carried by three layers of URL indications is a forged malicious proxy server, such as an IP address corresponding to a free service provided by a non-operator, the malicious proxy server obtains a domain name that the fraudulent user really wants to access according to a predetermined resolution logic, the service corresponding to the domain name is a charging service, and forwards the message to the IP address corresponding to the domain name, so that the operator identifies the service as a free service and does not perform traffic charging. The operator may thus be misappropriated for a large amount of traffic, causing a huge economic loss.

In order to prevent the content charging fraud, in the existing identification scheme of the content charging fraud, the GGSN and the PGW in the operator content charging system start a DNS Sniffer (Sniffer) function for a content charging rule that does not include three-layer attributes: that is, the GGSN and the PGW previously store the URL Domain Name and the corresponding IP address in the local content charging rule by analyzing the IP address corresponding to the URL Domain Name in the DNS (Domain Name System) query and the DNS response, where the content charging rule includes a mapping relation table of seven-layer URLs and corresponding real IP addresses, so as to complete the learning process of the DNS Sniffer. For the service data flow passing through the GGSN and the PGW, if the GGSN and the PGW match the URL domain name to be accessed which meets the seven-layer URL rule, the GGSN and the PGW need to match the IP address actually used by the URL domain name to be accessed with the real IP address of the URL domain name to be accessed in the mapping relation table, if inconsistency is found, it is considered that the service data flow has a possibility of content charging fraud, and in order to avoid economic loss of an operator, the IP address actually used in the service data flow should be taken as a service identification and charging basis.

As shown in fig. 1, an SAEGW (System Architecture Evolution GateWay) starts a DNS Sniffer function for a content charging rule with only seven layers of URLs, for example, the seven layers of URLs are www.sina.com, a trusted DNS server address for DNS Sniffer learning is configured, such as a chinese mobile CMNET DNS server address, a UE (User Equipment) initiates an Attach Request, an MME (Mobility Management Entity) initiates a Create Request after receiving the Attach Request, and returns a Create response after receiving the Attach Request, and sends an address of the DNS server for the UE to use in a PCO field of the Create response, and sends the address of the DNS server for the UE to use in the Attach field according to the Create response.

When the UE does not locally have a cache of an IP address corresponding to a URL address, a DNS query request is initiated according to a DNS server address carried by a PCO field of a received Attach Accept, the DNS query request is carried with a domain name www.sina.com which is requested to be analyzed in the DNS query request, the SAEGW forwards the DNS query request to the DNS server for analysis, after the DNS server is analyzed, DNS response is sent, if the SAEGW judges that the DNS server is a trusty DNS server and the domain name www.sina.com carried in the DNS response is a domain name which needs to be learned, the IP address carried in the DNS response is determined to be a real IP address corresponding to www.sina.com, the SAEGW records the real IP address corresponding to www.sina.com in a relation mapping table, the DNS response message is forwarded to the DNS response message, and the DNS response message is determined to the real IP address carried by the HTTP response message and the TCP message, belonging to normal sina access, non-fraud traffic data is classified into sina SID (Service ID, Service identifier) and HTTP request is forwarded to sina server, the sina server returns HTTP response message to UE aiming at HTTP request, and the UE receives HTTP response message to complete access.

However, due to the fact that the IP address of the service platform is updated irregularly, in order to ensure the accuracy of the mapping relationship between the URL and the IP address stored in the gateway device, the gateway device should also age the acquired IP address periodically, and the forms of aging periodically by IP address, aging periodically by IP address corresponding to URL, aging periodically by all URLs and mapping relationships corresponding to IP addresses simultaneously and periodically, and the like, for example, the time for which the mapping relationship is invalid is stored in the SAEGW, and when the time for storing the IP address in a certain mapping relationship reaches the time for becoming invalid, that is, when the mapping relationship is considered to reach the time point for becoming invalid, the IP address included in the mapping relationship is invalid, which is equivalent to aging the IP address periodically.

During the blank window period of the DNS Sniffer function, that is, during the period from the time when the mapping relation is invalid to the time when the mapping relation table of the URL and the IP address is learnt again, the gateway device such as the SAEGW stores the mapping relation between the URL and the IP address that is invalid, and the DNS Sniffer fraud prevention function cannot function. If the gateway device records the data messages of the URL of the access free service and the URL of the payment service as free in the blank window period of the DNS Sniffer function, the fraud risk still exists, the fraud risk occurs in the message of a fraud user and carries seven layers of free URLs, the three layers of IP addresses which need to be paid are actually accessed, the fraud probability of the cold service in the existing fraud risk is higher, and the fraud probability of the hot service is low.

If the PGW records the data messages for accessing the free service URL and the uniform payment service URL as charging in the vacant window period of the DNS Sniffer function, due to the existence of a terminal browser DNS cache mechanism, a normal user cannot send a DNS request when accessing the free website again before the cache is not expired, the HTTP message directly carries the URL of the website and a three-layer IP address corresponding to the URL cached by the browser, the free flow can be misjudged as charging flow, the mischarge is caused, the misjudgment probability of hot service in the misjudgment risk is higher at the moment, and the misjudgment probability of cold service is low.

Disclosure of Invention

The invention provides a method and a device for updating a mapping relation table, gateway equipment and a storage medium, which are used for solving the problems of high risk of fraud and high risk of misjudgment in the prior art.

The invention provides a method for updating a mapping relation table, which is applied to gateway equipment and comprises the following steps:

receiving a service access request carrying a first Uniform Resource Locator (URL), and determining a first IP address corresponding to the first URL according to the first URL, wherein the service access request is a hypertext transfer protocol (HTTP) request or a first Domain Name System (DNS) query request;

judging whether a first mapping relation between the first URL and the first IP address exists in a pre-stored mapping relation table of the URL and the IP address;

if so, updating the storage time point of the first mapping relation in the mapping relation table according to the time point of receiving the service access request.

Further, if there is a first mapping relationship between the first URL and the first IP address, before the time point when the first mapping relationship is updated in the mapping relationship table according to the time point when the service access request is received, the method further includes:

judging whether the service type of the first URL is hot service or not according to the service type corresponding to the pre-stored URL;

if yes, the subsequent steps are carried out.

Further, if the service type of the first URL is a hot service, before the time point when the first mapping relationship is updated in the mapping relationship table according to the time point when the service access request is received, the method further includes:

judging whether the service access request is a first DNS query request;

if yes, the subsequent steps are carried out.

Further, if there is no first mapping relationship between the first URL and the first IP address, the method further includes:

judging whether a second mapping relation containing a first URL exists in the mapping relation table or not;

if so, judging whether the service access request is a first DNS query request, and the first DNS server sending the first IP address is a server in a trusted server list stored by the gateway equipment;

if so, updating the IP address contained in the second mapping relation according to the first IP address, and updating the storage time point of the second mapping relation in the mapping relation table according to the time point of receiving the service access request.

Further, if there is no second mapping relation containing the first URL in the mapping relation table, the method further includes:

judging whether the service access request is a first DNS query request, and judging whether a first DNS server sending the first IP address is a server in a trusted server list stored by the gateway equipment;

if any one of the URLs is not the cold service, judging whether the service type of the first URL is the cold service or not according to the service type corresponding to the pre-stored URL; if so, sending a second DNS query request carrying the first URL to a second DNS server; intercepting a DNS response sent by the second DNS server, taking an IP address carried in the DNS response as a third IP address, and storing a third mapping relation between the first URL and the third IP address in the mapping relation table; and recording the storing time point of the third mapping relation in the mapping relation table according to the time point of storing the third mapping relation.

Further, if the service access request is a first DNS query request, and the first DNS server that sends the first IP address is a server located in a trusted server list maintained by the gateway device, the method further includes:

saving a fourth mapping relation between the first URL and the first IP address in the mapping relation table; and recording the storing time point of the fourth mapping relation in the mapping relation table according to the time point of storing the fourth mapping relation.

Further, pre-saving the service type corresponding to the URL includes:

scanning the mapping relation table according to a pre-stored second URL within a set first time length and according to a set time interval, counting the first times that the mapping relation containing the second URL is not scanned within the first time length, judging whether the first times reaches a set first time threshold, if so, determining and storing the service type corresponding to the second URL as a cold service, and if not, determining and storing the service type corresponding to the second URL as a hot service; or

According to a second pre-stored URL, in a set second time length, counting a second number of times of receiving an HTTP request carrying the second URL; and judging whether the second time reaches a set second time threshold, if so, determining and storing the service type corresponding to the second URL as a hot service, and if not, determining and storing the service type corresponding to the second URL as a cold service.

The invention provides a mapping relation table updating device, which is applied to gateway equipment and comprises:

the system comprises a receiving module, a sending module and a receiving module, wherein the receiving module is used for receiving a service access request carrying a first Uniform Resource Locator (URL), and determining a first IP address corresponding to the first URL according to the first URL, and the service access request is a hypertext transfer protocol (HTTP) request or a first Domain Name System (DNS) query request;

the judging module is used for judging whether a first mapping relation between the first URL and the first IP address exists in a pre-stored mapping relation table between the URL and the IP address;

and the updating module is used for updating the storage time point of the first mapping relation in the mapping relation table according to the time point of receiving the service access request when the judging module determines that the first mapping relation between the first URL and the first IP address exists.

The invention provides a gateway device, comprising a memory, a processor and a transceiver;

the processor is used for reading the program in the memory and executing the following processes: controlling the transceiver to receive a service access request carrying a first Uniform Resource Locator (URL), and determining a first IP address corresponding to the first URL according to the first URL, wherein the service access request is a hypertext transfer protocol (HTTP) request or a first Domain Name System (DNS) query request; judging whether a first mapping relation between the first URL and the first IP address exists in a pre-stored mapping relation table of the URL and the IP address; if so, updating the storage time point of the first mapping relation in the mapping relation table according to the time point of receiving the service access request.

Further, the processor is further configured to, if a first mapping relationship exists between the first URL and the first IP address, determine whether a service type of the first URL is a hot service according to a service type corresponding to a pre-stored URL; if so, updating the storage time point of the first mapping relation in the mapping relation table according to the time point of receiving the service access request.

Further, the processor is further configured to determine whether the service access request is a first DNS query request if the service type of the first URL is a hot service; if so, updating the storage time point of the first mapping relation in the mapping relation table according to the time point of receiving the service access request.

Further, the processor is further configured to determine whether a second mapping relationship including the first URL exists in the mapping relationship table if the first mapping relationship between the first URL and the first IP address does not exist; if so, judging whether the service access request is a first DNS query request, and the first DNS server sending the first IP address is a server in a trusted server list stored by the gateway equipment; if so, updating the IP address contained in the second mapping relation according to the first IP address, and updating the storage time point of the second mapping relation in the mapping relation table according to the time point of receiving the service access request.

Further, the processor is further configured to, if a second mapping relation including the first URL does not exist in the mapping relation table, determine whether the service access request is a first DNS query request, and determine whether a first DNS server that sends the first IP address is a server located in a trusted server list stored by the gateway device; if any one of the URLs is not the cold service, judging whether the service type of the first URL is the cold service or not according to the service type corresponding to the pre-stored URL; if so, sending a second DNS query request carrying the first URL to a second DNS server; intercepting a DNS response sent by the second DNS server, taking an IP address carried in the DNS response as a third IP address, and storing a third mapping relation between the first URL and the third IP address in the mapping relation table; and recording the storing time point of the third mapping relation in the mapping relation table according to the time point of storing the third mapping relation.

Further, the processor is further configured to, if the service access request is a first DNS query request, and the first DNS server that sends the first IP address is a server located in a trusted server list that is stored by the gateway device, store a fourth mapping relationship between the first URL and the first IP address in the mapping relationship table; and recording the storing time point of the fourth mapping relation in the mapping relation table according to the time point of storing the fourth mapping relation.

Further, the processor is further configured to scan the mapping relationship table according to a second URL stored in advance within a set first time length and according to a set time interval, count a first number of times that a mapping relationship including the second URL is not scanned within the first time length, determine whether the first number of times reaches a set first number threshold, if so, determine and store a service type corresponding to the second URL as a cold service, and if not, determine and store a service type corresponding to the second URL as a hot service; or according to a second pre-stored URL, in a set second time length, counting a second number of times of receiving the HTTP request carrying the second URL; and judging whether the second time reaches a set second time threshold, if so, determining and storing the service type corresponding to the second URL as a hot service, and if not, determining and storing the service type corresponding to the second URL as a cold service.

The present invention provides a gateway device, including: the system comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory complete mutual communication through the communication bus;

the memory has stored therein a computer program which, when executed by the processor, causes the processor to perform the steps of any of the methods described above.

The present invention provides a computer readable storage medium storing a computer program executable by a gateway device, the program, when run on the gateway device, causing the gateway device to perform the steps of any of the methods described above.

The invention provides a method and a device for updating a mapping relation table, gateway equipment and a storage medium, wherein the method comprises the following steps: receiving a service access request carrying a first URL, and determining a first IP address corresponding to the first URL according to the first URL, wherein the service access request is an HTTP request or a first DNS query request; judging whether a first mapping relation between the first URL and the first IP address exists or not according to a pre-stored mapping relation table between the URL and the IP address; if so, updating the storage time point of the first mapping relation in the mapping relation table according to the time point of receiving the service access request. In the invention, in a pre-stored mapping relation table, when a first mapping relation of a first URL carried in a service access request and a first IP address corresponding to the determined first URL exists, a storage time point of the first mapping relation of the first URL and the first IP address is updated, and a failure time point of the mapping relation is dynamically updated, so that the risk of fraud and misjudgment is reduced, unnecessary IP address aging operation is reduced because the failure time point of the mapping relation is updated, and the occurrence of a mischarge scene is avoided.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.

FIG. 1 is a schematic diagram illustrating a process of updating a mapping table provided in the prior art;

fig. 2 is a schematic diagram illustrating an updating process of a mapping table according to embodiment 1 of the present invention;

fig. 3 is a schematic diagram illustrating an updating process of a mapping table according to embodiment 4 of the present invention;

fig. 4 is a schematic structural diagram of a gateway device according to embodiment 7 of the present invention;

fig. 5 is a schematic structural diagram of a gateway device according to embodiment 8 of the present invention;

fig. 6 is a schematic diagram of an apparatus for updating a mapping relation table according to an embodiment of the present invention.

Detailed Description

In order to reduce the risk of fraud and misjudgment, the embodiment of the invention provides an updating method and device of a mapping relation table, gateway equipment and a storage medium.

In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Example 1:

fig. 2 is a schematic diagram of an updating process of a mapping relation table according to an embodiment of the present invention, where the process includes the following steps:

s201: receiving a service access request carrying a first URL, and determining a first IP address corresponding to the first URL according to the first URL, wherein the service access request is an HTTP request or a first DNS query request.

The method for updating the mapping relation table provided by the embodiment of the invention is applied to gateway equipment, and the gateway equipment can be GGSN, PGW, GGSN/PGW, SAEGW and the like. The gateway device with the DNS Sniffer function is started, the gateway device with the DNS Sniffer function can identify whether the service accessed by the service access request is a free service, perform flow charging for the service access request accessing the non-free service, and not perform charging for the service access request accessing the free service. The free services include services in which the operator is exempted from the flow charging and the service of the operator is customized for the customer.

When the user has access requirements, the user uses the UE to send a service access request to a target server through gateway equipment. And if the service access request is an HTTP request, the target server of the service access request sent by the user is a target server to be accessed, and if the service access request is a first DNS query request, the target server of the service request sent by the user is a first DNS server.

The service access request carries a first URL, and after the gateway device intercepts the service access request, the gateway device can acquire the first URL carried in the service access request and determine a first IP address corresponding to the first URL according to the first URL.

Specifically, if the service access request is an HTTP request, the service access request also carries IP address information, so that the gateway device can directly determine the first IP address corresponding to the first URL according to the IP address information carried in the service access request. If the service access request is a first DNS query request, and the service access request does not carry IP address information, the gateway device may intercept a first DNS response returned by the first DNS server for the first DNS query request, and determine an IP address carried in the first DNS response as a first IP address corresponding to the first URL.

S202: judging whether a first mapping relation between the first URL and the first IP address exists in a pre-stored mapping relation table of the URL and the IP address; if so, proceed to S203.

The gateway device pre-stores a mapping relation table of the URL and the IP address.

The gateway device determines whether a first mapping relationship between the first URL and the first IP address exists in a pre-stored mapping relationship table, and if the first mapping relationship exists in the mapping relationship table, S203 is performed.

S203: and updating the storage time point of the first mapping relation in the mapping relation table according to the time point of receiving the service access request.

If the first mapping relationship between the first URL and the first IP address exists in the mapping relationship table, it indicates that the first mapping relationship between the first URL and the first IP address is learned before, and in order to extend the failure time point of the mapping relationship, the storage time point of the first mapping relationship in the mapping relationship table may be updated according to the time point of receiving the service access request, that is, the storage time point of the first mapping relationship between the first URL and the second IP address is updated.

The time point may be a specific time such as 12 months, 12 days, 10 hours, 37 minutes and 01 seconds in 2017, or may be a time stamp such as 1513046221.

On the premise that the failure duration is not changed, the storage time point of the mapping relation is updated, which is equivalent to prolonging the time point of the failure of the mapping relation, so that the misjudgment risk caused by the fact that the failed mapping relations are recorded as charging when the mapping relation fails is avoided, and the fraud risk caused by the fact that the failed mapping relations are recorded as free when the mapping relation fails is also avoided.

If the service access request is an HTTP access request, the HTTP access request can be further determined to be a non-charging fraud request.

When determining that the first mapping relationship between the first URL and the first IP address does not exist, the gateway device may not update the mapping relationship table, may make a further determination, and determines whether to update the mapping relationship table according to a result of the further determination.

In the embodiment of the invention, in the pre-stored mapping relation table, when the first mapping relation of the first URL carried in the service access request and the first IP address corresponding to the determined first URL exists, the storage time point of the first mapping relation of the first URL and the first IP address is updated, and the failure time point of the mapping relation is dynamically updated, so that the risk of fraud and misjudgment is reduced, and unnecessary IP address aging operation is reduced because the failure time point of the mapping relation is updated, so that the occurrence of a mischarge scene is avoided.

Example 2:

in order to further reduce the risk of misjudgment, on the basis of the foregoing embodiment, in an embodiment of the present invention, if a first mapping relationship between the first URL and the first IP address exists, before the time point when the first mapping relationship is updated in the mapping relationship table according to the time point when the service access request is received, the method further includes:

if yes, the subsequent steps are carried out.

In the embodiment of the present invention, when the first mapping relationship between the first URL and the first IP address exists, the storage time point is updated for any service type, but the access frequency of the general user to the hot service is higher, so that the number of service access requests for accessing the hot service received by the gateway device is also larger, and therefore, when the service type of the first URL is the hot service, the storage time point of the first mapping relationship between the first URL and the first IP address is updated, which avoids misjudgment caused by the failure of the hot service, and further reduces misjudgment risk.

The gateway device pre-stores the URL and the service type corresponding to the URL, where the service type includes a hot service and a cold service, and therefore the gateway device can determine whether the first URL is a hot service according to the first URL carried in the service access request. The administrator can predetermine the service type corresponding to the URL according to the frequency of the access of the IP address corresponding to the URL, and if the frequency of the access of the IP address corresponding to a certain URL is high, the service type corresponding to the URL can be determined as a hot service, otherwise, the service type corresponding to the URL is determined as a cold service, or the administrator predetermines the service type corresponding to the URL according to the own requirements.

Because the number of the service access requests of the user for the hot service is large, if the failed mapping relations are all recorded as charging, a large number of the service access requests for the free hot service can be judged as charging flow by mistake, so that the use experience of the user is influenced and complaints are caused, the storing time point of the mapping relation between the URL of the hot service and the IP address is updated in time, the failure time point of the mapping relation can be dynamically updated, and therefore if the service type corresponding to the first URL is determined to be the hot service, the storing time point of the first mapping relation between the first URL and the first IP address is updated according to the time point of the received service access request, and misjudgment caused by the failure of the hot service can be avoided.

When the gateway device determines that the service type of the first URL is a hot service, the gateway device may update the storage time point of the first mapping relationship in the mapping relationship table regardless of whether the service access request is an HTTP request or a DNS query request. Of course, in order to reduce the burden of the gateway device, the gateway device may update the storing time point of the first mapping relationship when the service access request is a DNS query request, and not update the storing time point of the first mapping relationship when the service access request is an HTTP request.

Specifically, if the service type of the first URL is a hot service, before the time point when the first mapping relationship is updated in the mapping relationship table according to the time point when the service access request is received, the method further includes:

judging whether the service access request is a first DNS query request;

if yes, the subsequent steps are carried out.

Because the local setting of the DNS cache duration in the UE of the user is such that the DNS query request is initiated only after the DNS in the UE fails, the HTTP request for the hot service is much larger than the first DNS query request for the hot service of the user, and if the gateway device updates the storage time point of the first mapping relationship between the first URL and the first IP address according to the time point at which the HTTP request is received, the load of the gateway device is increased because a large number of service access requests exist in the hot service, and therefore, preferably, when the service access request received by the gateway device is an HTTP request, the storage time point of the mapping relationship is not updated.

When the service access request received by the gateway device is a first DNS query request, the storage time point of the first mapping relation between the first URL and the first IP address is updated according to the time point of the first DNS query request, so that the load of the gateway device can be reduced while the failure time point of the first mapping relation is dynamically updated.

The failure duration in the DNS Sniffer function is generally unchanged, the gateway device updates the storage time point of the first mapping relationship corresponding to the first URL of the hot service, and dynamically updates the failure time point of the first mapping relationship, which may also be understood as applying a DNS Sniffer dynamic aging mechanism to the hot service.

The gateway device records the storage time point of the mapping relation in the mapping relation table, and the failure time point of the mapping relation can be determined according to the storage time point and the failure time length set in the gateway device, so that the storage time point of the updated mapping relation can be regarded as the failure time point of the mapping relation is prolonged on the premise that the failure time length is not changed. After learning a first IP address corresponding to a first URL for the first time, the gateway device stores a first mapping relationship between the first URL and the first IP address in a mapping relationship table, and stores a storage time point of the first mapping relationship, taking a service access request as a first DNS query request as an example, if a subsequent user initiates the first DNS query request, the gateway device intercepts a first DNS response returned by a DNS server in response to the first DNS query request, and if it is determined that the first URL and the IP address carried in the first DNS response are the mapping relationship stored in the mapping relationship table, the gateway device updates the storage time point of the first mapping relationship between the first URL and the first IP address, that is, the storage time point is equivalent to an expiration time point at which the first mapping relationship is updated. Therefore, if the URL corresponding to a certain service has service access all the time, the IP address corresponding to the URL is stored at the time point and is continuously updated, so that misjudgment caused by failure of the hot service is avoided, and the corresponding risk of complaint of the user is greatly reduced.

Because the user can initiate the DNS query request after the DNS in the UE fails, on the premise that the DNS cache time of the UE of the user does not exceed the failure time in the gateway equipment, the gateway equipment updates the corresponding mapping relation only for the received DNS query request, can ensure that the DNS query request is received before the mapping relation fails, realizes the updating of the storage time point of the corresponding mapping relation, and further reduces the misjudgment risk.

In the embodiment of the invention, when the service type of the first URL is the hot service, the storage time point of the first mapping relation between the first URL and the first IP address is updated, so that the misjudgment caused by the failure of the hot service is avoided, and the misjudgment risk is further reduced.

Example 3:

in order to further update the failure time point of the mapping relationship, on the basis of the foregoing embodiments, in an embodiment of the present invention, if there is no first mapping relationship between the first URL and the first IP address, the method further includes:

When the first mapping relation between the first URL and the first IP address does not exist in the mapping relation table, the mapping relation table may be updated according to the first URL in the service access request and the determined first IP address, so as to further update the failure time point of the mapping relation.

When the gateway device determines that the first mapping relationship between the first URL and the first IP address does not exist in the mapping relationship table, the gateway device further needs to determine whether the mapping relationship table includes a second mapping relationship corresponding to the first URL in order to further determine how to update the mapping relationship table.

If the mapping relation table contains the second mapping relation of the first URL, the IP address corresponding to the first URL in the second mapping relation table is not the first IP address. If this occurs, it may be that the IP address corresponding to the first URL in the destination server has sent a change, or that the first IP address is not the real IP address corresponding to the first URL.

When the gateway device updates the second mapping relationship including the first URL, in order to ensure accuracy of updating the second mapping relationship, a trusted server list is stored in the gateway device, where the trusted server list may be an IP address of a DNS server stored in the list. If the gateway device judges that the service access request is a first DNS query request, determining a first DNS server sending a first IP address, and determining whether the first DNS server is a server located in a trusted server list stored by the gateway device, specifically, the gateway device may judge whether the IP address of the first DNS server exists in the trusted server list, if so, determining that the first DNS server is a server located in the trusted server list, and if not, determining that the first DNS server is not a server located in the trusted server list.

If the gateway device determines that the service access request is a first DNS query request and the first DNS server that sends the first IP address is located in the trusted server list, it may be considered that the IP address corresponding to the first URL of the destination server is changed, and in order to further reduce the risk of fraud, the IP address included in the second mapping relationship table needs to be updated in time according to the changed IP address.

And the gateway equipment updates the IP address contained in the second mapping relation according to the changed first IP address in the destination server, and updates the storage time point of the second mapping relation in the mapping relation table according to the time point of receiving the service access request in order to further update the failure time point of the mapping relation.

If the gateway device determines that the service access request is not the first DNS query request and/or the first DNS server sending the first IP address is not located in the trusted server list, the gateway device does not update the second mapping relation.

Further, if the service access request is not the first DNS query request, that is, the service access request is an HTTP request, it indicates that the first URL and the first IP address carried in the HTTP request are different from the IP address contained in the stored second mapping relationship of the first URL, so that to further reduce the economic loss of the operator, it may be further determined that the HTTP request is a content charging fraud request.

In the embodiment of the present invention, when the first mapping relationship between the first URL and the first IP address does not exist in the mapping relationship table, the mapping relationship table may be updated according to the first URL in the service access request and the determined first IP address, so that the failure time point of the mapping relationship is further updated.

Example 4:

in order to further reduce the risk of fraud, on the basis of the foregoing embodiments, in an embodiment of the present invention, if a second mapping relation including the first URL does not exist in the mapping relation table, the method further includes:

The user has low service demand for the cold service, and the gateway device has a small number of service accesses for receiving the cold service, so that the time for learning the IP address corresponding to the URL by the cold service is long, and if invalid mapping relations are marked as free, the content charging fraud request carrying the URL of the cold service can be misjudged as free flow, so that the risk of fraud is increased, and therefore, the gateway device can simulate the user to actively initiate a DNS query request to a DNS server and intercept DNS response to learn the IP address for the cold service.

The gateway device stores a trusted server list, which may be the IP address of the DNS server that is trusted. If the mapping relation table does not have a second mapping relation containing the first URL, the gateway device judges that the service access request is a first DNS query request, and judges whether a first DNS server sending the first IP address is a server located in a trusted server list.

If the gateway device determines that the service access request is a first DNS query request, a first DNS server sending the first IP address is determined, and whether the first DNS server is a server located in a trusted server list is determined. If the gateway device determines that the service access request is not the first DNS query request, then a determination may not be made whether the subsequent first DNS server is a server that is in the trusted server list.

If any one of the two is not the same, that is, the gateway device determines that the service access request is not the first DNS query request, and/or the first DNS server is a server that is not located in the trusted server list, the gateway device may simulate the user to actively learn the IP address corresponding to the first URL.

Because the service requirement of the user on the hot service is higher, the service requirement on the cold service is lower, the number of service visits of the gateway equipment for receiving the cold service is small, and the time for the cold service to learn the IP address corresponding to the URL is longer, the gateway equipment can only initiate active learning aiming at the URL of which the service type is the cold service.

The gateway device pre-stores the URL and the service type corresponding to the URL, so that the gateway device can determine whether the first URL is a cold service.

If the service type corresponding to the first URL is a cold service, the gateway device initiates active learning, and the gateway device simulates a user to actively initiate a second DNS query request carrying the first URL to a second DNS service, which can be understood as a process in which the gateway device initiates active learning on the mapping relationship table. The second DNS server is a server trusted by the gateway device, i.e. the second DNS server is a server located in a list of trusted servers maintained by the gateway device, for example, the second DNS server may be an operator DNS server.

After receiving the second DNS query request of the first URL, the DNS server carries out DNS analysis on the second DNS query request, determines the IP address corresponding to the first URL, carries the IP address corresponding to the first URL in a DNS response, and returns the DNS response to the gateway equipment aiming at the second DNS query request.

The process of analyzing the DNS query request by the DNS server and determining the IP address corresponding to the URL belongs to the prior art, and is not described in detail in the embodiment of the present invention.

And the gateway equipment intercepts the DNS response and takes the IP address corresponding to the first URL carried in the DNS response as a third IP address. And after determining the third mapping relation between the first URL and the third IP address, the gateway equipment stores the third mapping relation between the first URL and the third IP address in the mapping relation table. In order to further update the failure time point of the third mapping relation corresponding to the first URL, the gateway device records the time point of storing the third mapping relation after storing the third mapping relation between the first URL and the third IP address in the mapping relation table, and records the time point of storing the third mapping relation in the mapping relation table.

The following describes an embodiment of the present invention with a specific embodiment, as shown in fig. 3, where the gateway device is a PGW, and when the PGW detects that the service includes a free service URL: www.10086.com, that is, the IP address corresponding to www.10086.com has failed, the PGW simulates a user to actively initiate a DNS query request to the DNS server, and carries a URL requesting resolution in the DNS query request, that is, www.10086.com, after the DNS query request is resolved by the DNS server, the mapping relationship between www.10086.com and the IP address is carried in a DNS response and returned to the gateway device, and the gateway device records the correspondence between www.10086.com and the corresponding IP address according to the DNS response.

In the embodiment of the invention, aiming at the invalid cold door service, the gateway equipment simulates the user to actively send DNS query to the DNS server, intercepts the DNS response to learn the IP address, and further updates the invalid time point of the mapping relation, thereby further reducing the risk of being cheated.

Example 5:

on the basis of the foregoing embodiments, in an embodiment of the present invention, if the service access request is a first DNS query request, and a first DNS server that sends the first IP address is a server located in a trusted server list stored in the gateway device, the method further includes:

If the mapping relation table does not have a second mapping relation containing the first URL, the gateway device judges whether the service access request is a first DNS query request, and judges whether a first DNS server sending the first IP address is located in a trusted server list stored by the gateway device.

If the gateway device determines that the service access request is a first DNS query request and the first DNS server that sends the first IP address is located in the trusted server list, the gateway device may directly store a fourth mapping relationship between the first URL and the first IP address in the mapping relationship table in order to reduce data interaction during updating the mapping relationship table and further update a failure time point of the mapping relationship. In order to further update the failure time point of the mapping relationship, the gateway device stores the storage time point of the fourth mapping relationship in the mapping relationship table according to the time point of the fourth mapping relationship.

In the embodiment of the invention, when the service access request is the first DNS query request and the first DNS server is credible, the mapping relation between the first URL and the first IP address is directly stored, so that the updating speed of the mapping relation table is improved.

Example 6:

on the basis of the foregoing embodiments, in the embodiments of the present invention, pre-saving the service type corresponding to the URL includes:

The gateway device prestores the service types corresponding to the URLs, and can perform operation of correspondingly updating the failure time points of the mapping relation aiming at the services of different service types, thereby reducing the risks of fraud and misjudgment.

The gateway device pre-stores a second URL, and the second URL is usually a free service.

The gateway device may determine the service type corresponding to the second URL according to the second URL, and store the service type corresponding to the second URL. The gateway device determining the service type corresponding to the second URL mainly includes:

the first method comprises the following steps: and scanning the mapping relation table for the gateway equipment within a set first time length according to a time set interval, counting the first times of the mapping relation containing the second URL which is not scanned, and determining the service type corresponding to the second URL according to the first times.

The gateway device is preset with a set time interval, the set time interval can be 5 minutes or 30 minutes, and the gateway device scans the mapping relation table according to the set time interval within a set first time length. The first length of time is stored in the gateway device, and may be, for example, 1 hour, 12 hours, or 1 day.

The gateway device stores a first time threshold, which may be 2 times, 5 times, 10 times, or the like. The gateway device counts a first number of times that the mapping relation including the second URL is not scanned within a first time period. After the gateway device counts the first time, whether the first time reaches a set first time threshold is judged, if yes, it is indicated that no user initiates a DNS query request of a second URL within a first time length, so that a mapping relation including the second URL is not stored in the mapping relation table, and it can be considered that the service access demand of the user for the second URL is low, and therefore the service type of the second URL is considered to be a cold service, and if not, it can be considered to be a hot service.

And the second method comprises the following steps: and the gateway equipment counts a second time of receiving the HTTP request carrying the second URL within a set second time length, and determines the service type corresponding to the second URL according to the second time.

And in the gateway equipment, counting a second number of times of the received HTTP requests carrying the second URL within a second time length. The second time length is stored in the gateway device, and may be 1 hour, 12 hours, or 1 day, and the second time length may be the same as or different from the first time length.

The gateway device stores a second time threshold, which may be 2 times, 5 times, 10 times, etc., and the second time threshold may be the same as or different from the first time threshold, and usually the second time threshold is different from the first time threshold. After the second time is counted by the gateway device, whether the second time reaches a set second time threshold is judged, if yes, the number of service access requests for the second URL in the second time length is large, the service access requirement of the user on the second URL is high, the service type of the second URL can be considered as a hot service, and if not, the number of service access requests for the second URL in the second time length is small, the service access requirement of the user on the second URL is low, and the service type of the second URL can be considered as a cold service.

In the embodiment of the invention, the gateway equipment prestores the service type corresponding to the URL, and can perform failure time point operation for correspondingly updating the mapping relation aiming at the services of different service types, thereby reducing the risk of fraud and misjudgment.

Example 7:

on the basis of the foregoing embodiments, an embodiment of the present invention further provides a gateway device, as shown in fig. 4, including: a processor 401, a memory 402, and a transceiver 403;

the processor 401 is configured to execute the program in the read memory 402, and perform the following processes: controlling the transceiver 403 to receive a service access request carrying a first URL, and determining a first IP address corresponding to the first URL according to the first URL, where the service access request is an HTTP request or a first DNS query request; judging whether a first mapping relation between the first URL and the first IP address exists in a pre-stored mapping relation table of the URL and the IP address; if so, updating the storage time point of the first mapping relation in the mapping relation table according to the time point of receiving the service access request.

Based on the same inventive concept, the embodiment of the present invention further provides a gateway device, and since the principle of the gateway device for solving the problem is similar to the method for updating the mapping relation table, the implementation of the gateway device may refer to the implementation of the method, and repeated details are omitted.

In FIG. 4, the bus architecture may include any number of interconnected buses and bridges, with one or more processors, represented by processor 401, and various circuits, represented by memory 402, being linked together. The bus architecture may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. The transceiver 403 may be a number of elements including a transmitter and a receiver providing a means for communicating with various other apparatus over a transmission medium. The processor 401 is responsible for managing the bus architecture and general processing, and the memory 402 may store data used by the processor 401 in performing operations.

Alternatively, the processor 401 may be a CPU (central processing unit), an ASIC (Application Specific Integrated Circuit), an FPGA (Field Programmable Gate Array), or a CPLD (Complex Programmable Logic Device).

The processor 401 is further configured to, if a first mapping relationship exists between the first URL and the first IP address, determine whether a service type of the first URL is a hot service according to a service type corresponding to a pre-stored URL; if so, updating the storage time point of the first mapping relation in the mapping relation table according to the time point of receiving the service access request.

The processor 401 is further configured to determine whether the service access request is a first DNS query request if the service type of the first URL is a hot service; if so, updating the storage time point of the first mapping relation in the mapping relation table according to the time point of receiving the service access request.

The processor 401 is further configured to determine whether a second mapping relationship including the first URL exists in the mapping relationship table if the first mapping relationship between the first URL and the first IP address does not exist; if so, judging whether the service access request is a first DNS query request, and the first DNS server sending the first IP address is a server in a trusted server list stored by the gateway equipment; if so, updating the IP address contained in the second mapping relation according to the first IP address, and updating the storage time point of the second mapping relation in the mapping relation table according to the time point of receiving the service access request.

The processor 401 is further configured to determine whether the service access request is a first DNS query request and determine whether a first DNS server that sends the first IP address is a server in a trusted server list stored in the gateway device if a second mapping relationship that includes the first URL does not exist in the mapping relationship table; if any one of the URLs is not the cold service, judging whether the service type of the first URL is the cold service or not according to the service type corresponding to the pre-stored URL; if so, sending a second DNS query request carrying the first URL to a second DNS server; intercepting a DNS response sent by the second DNS server, taking an IP address carried in the DNS response as a third IP address, and storing a third mapping relation between the first URL and the third IP address in the mapping relation table; and recording the storing time point of the third mapping relation in the mapping relation table according to the time point of storing the third mapping relation.

The processor 401 is further configured to, if the service access request is a first DNS query request, and the first DNS server that sends the first IP address is a server located in a trusted server list stored in the gateway device, store a fourth mapping relationship between the first URL and the first IP address in the mapping relationship table; and recording the storing time point of the fourth mapping relation in the mapping relation table according to the time point of storing the fourth mapping relation.

The processor 401 is further configured to scan the mapping relationship table according to a second URL stored in advance within a set first time length and according to a set time interval, count a first number of times that a mapping relationship including the second URL is not scanned within the first time length, determine whether the first number of times reaches a set first number threshold, if so, determine and store a service type corresponding to the second URL as a cold service, and if not, determine and store a service type corresponding to the second URL as a hot service; or according to a second pre-stored URL, in a set second time length, counting a second number of times of receiving the HTTP request carrying the second URL; and judging whether the second time reaches a set second time threshold, if so, determining and storing the service type corresponding to the second URL as a hot service, and if not, determining and storing the service type corresponding to the second URL as a cold service.

In the embodiment of the invention, in the pre-stored mapping relation table, when the first mapping relation of the first URL carried in the service access request and the first IP address corresponding to the determined first URL exists, the storage time point of the first mapping relation of the first URL and the first IP address is updated, the storage time length of the mapping relation is dynamically updated, so that the risk of fraud and misjudgment is reduced, the storage time length of the mapping relation is updated, unnecessary IP address aging operation is reduced, and the occurrence of a mischarge scene is avoided.

Example 8:

on the basis of the foregoing embodiments, an embodiment of the present invention further provides a gateway device, as shown in fig. 5, including: the system comprises a processor 501, a communication interface 502, a memory 503 and a communication bus 504, wherein the processor 501, the communication interface 502 and the memory 503 are communicated with each other through the communication bus 504;

the memory 503 has stored therein a computer program which, when executed by the processor 501, causes the processor 501 to perform the steps of:

receiving a service access request carrying a first URL, and determining a first IP address corresponding to the first URL according to the first URL, wherein the service access request is an HTTP request or a first DNS query request;

The gateway device provided by the embodiment of the invention can be gateway devices such as GGSN, PGW, GGSN/PGW, SAEGW and the like.

The communication bus mentioned in the above gateway device may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.

The communication interface 502 is used for communication between the above-described gateway device and other devices.

The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Alternatively, the memory may be at least one memory device located remotely from the processor.

The Processor may be a general-purpose Processor, including a central processing unit, a Network Processor (NP), and the like; but may also be a Digital instruction processor (DSP), an application specific integrated circuit, a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or the like.

In the embodiment of the invention, when the processor executes the program stored in the memory, the first mapping relation between the first URL carried in the service access request and the first IP address corresponding to the determined first URL is updated in the pre-stored mapping relation table, the storage time point of the first mapping relation between the first URL and the first IP address is updated, and the failure time point of the mapping relation is dynamically updated, so that the risk of fraud and misjudgment is reduced, unnecessary IP address aging operation is reduced because the failure time point of the mapping relation is updated for a long time, and the occurrence of a mischarge scene is avoided.

Example 9:

on the basis of the foregoing embodiments, an embodiment of the present invention further provides a computer storage readable storage medium, in which a computer program executable by a gateway device is stored, and when the program runs on the gateway device, the gateway device is caused to execute the following steps:

The computer readable storage medium may be any available media or data storage device that can be accessed by a processor in the gateway device, including, but not limited to, magnetic memory such as floppy disks, hard disks, magnetic tape, magneto-optical disks (MOs), etc., optical memory such as CDs, DVDs, BDs, HVDs, etc., and semiconductor memory such as ROMs, EPROMs, EEPROMs, non-volatile memory (NAND FLASH), Solid State Disks (SSDs), etc.

In the computer-readable storage medium provided in the embodiment of the present invention, a computer program is stored, and when the computer program is executed by a processor, the computer program implements that in a pre-stored mapping relationship table, when a first mapping relationship between a first URL carried in a service access request and a first IP address corresponding to the determined first URL exists, a storing time point of the first mapping relationship between the first URL and the first IP address is updated, and a failure time point of the mapping relationship is dynamically updated, so that a risk of being fraudged and a risk of misjudgment are reduced, and because the failure time point of the mapping relationship is updated, unnecessary IP address aging operations are also reduced, thereby avoiding a mischarge scenario.

Fig. 6 is a schematic diagram of an updating apparatus for a mapping relationship table according to an embodiment of the present invention, which is applied to a gateway device, and the apparatus includes:

a receiving module 61, configured to receive a service access request carrying a first uniform resource locator URL, and determine a first IP address corresponding to the first URL according to the first URL, where the service access request is a hypertext transfer protocol HTTP request or a first domain name system DNS query request;

the judging module 62 is configured to judge whether a first mapping relationship between the first URL and the first IP address exists in a pre-stored mapping relationship table between URLs and IP addresses;

an updating module 63, configured to update a storing time point of the first mapping relationship in the mapping relationship table according to the time point of receiving the service access request when the determining module 62 determines that the first mapping relationship between the first URL and the first IP address exists.

The updating module is further configured to, when the determining module determines that the first mapping relationship between the first URL and the first IP address exists, determine whether the service type of the first URL is a hot service according to a service type corresponding to a pre-stored URL; if so, updating the storage time point of the first mapping relation in the mapping relation table according to the time point of receiving the service access request.

The updating module is further configured to determine whether the service access request is a first DNS query request when it is determined that the service type of the first URL is a hot service; if so, updating the storage time point of the first mapping relation in the mapping relation table according to the time point of receiving the service access request.

The updating module is further configured to determine whether a second mapping relation including the first URL exists in the mapping relation table when the determining module determines that the first mapping relation between the first URL and the first IP address does not exist; if so, judging whether the service access request is a first DNS query request, and the first DNS server sending the first IP address is a server in a trusted server list stored by the gateway equipment; if so, updating the IP address contained in the second mapping relation according to the first IP address, and updating the storage time point of the second mapping relation in the mapping relation table according to the time point of receiving the service access request.

The updating module is further configured to, when it is determined that a second mapping relation including the first URL does not exist in the mapping relation table, determine whether the service access request is a first DNS query request, and determine whether a first DNS server that sends the first IP address is a server located in a trusted server list stored by the gateway device; if any one of the URLs is not the cold service, judging whether the service type of the first URL is the cold service or not according to the service type corresponding to the pre-stored URL; if so, sending a second DNS query request carrying the first URL to a second DNS server; intercepting a DNS response sent by the second DNS server, taking an IP address carried in the DNS response as a third IP address, and storing a third mapping relation between the first URL and the third IP address in the mapping relation table; and recording the storing time point of the third mapping relation in the mapping relation table according to the time point of storing the third mapping relation.

The updating module is further configured to, when it is determined that the service access request is a first DNS query request and the first DNS server that sends the first IP address is a server located in a trusted server list stored by the gateway device, store a fourth mapping relationship between the first URL and the first IP address in the mapping relationship table; and recording the storing time point of the fourth mapping relation in the mapping relation table according to the time point of storing the fourth mapping relation.

The device further comprises:

the storage module is used for scanning the mapping relation table according to a second URL which is stored in advance within a set first time length and according to a set time interval, counting the first times that the mapping relation containing the second URL is not scanned within the first time length, judging whether the first times reaches a set first time threshold value, if so, determining and storing the service type corresponding to the second URL as a cold service, and if not, determining and storing the service type corresponding to the second URL as a hot service; or according to a second pre-stored URL, in a set second time length, counting a second number of times of receiving the HTTP request carrying the second URL; and judging whether the second time reaches a set second time threshold, if so, determining and storing the service type corresponding to the second URL as a hot service, and if not, determining and storing the service type corresponding to the second URL as a cold service.

For the system/apparatus embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference may be made to some descriptions of the method embodiments for relevant points.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application.

It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims

1. A method for updating a mapping relation table is applied to a gateway device, and comprises the following steps:

if so, updating the storage time point of the first mapping relation in the mapping relation table according to the time point of receiving the service access request;

if there is no first mapping relationship between the first URL and the first IP address, the method further comprises:

2. The method of claim 1, wherein if there is a first mapping relationship between the first URL and the first IP address, before the storing time point at which the first mapping relationship is updated in the mapping relationship table according to the time point at which the service access request is received, the method further comprises:

3. The method of claim 2, wherein if the service type of the first URL is a hot service, before the storing time point of the first mapping relation is updated in the mapping relation table according to the time point of receiving the service access request, the method further comprises:

judging whether the service access request is a first DNS query request;

4. The method of claim 1, wherein if a second mapping does not exist in the mapping table that contains the first URL, the method further comprises:

5. The method of claim 4, wherein if the service access request is a first DNS query request and the first DNS server that sent the first IP address is a server located in a list of trusted servers maintained by the gateway device, the method further comprises:

6. The method of claim 2 or 4, wherein pre-saving the service type corresponding to the URL comprises:

7. An apparatus for updating a mapping relation table, applied to a gateway device, the apparatus comprising:

an updating module, configured to update a storage time point of the first mapping relationship in the mapping relationship table according to a time point when the determining module determines that the first mapping relationship between the first URL and the first IP address exists, according to the time point when the service access request is received;

8. A gateway device comprising a memory, a processor, and a transceiver;

the processor is used for reading the program in the memory and executing the following processes: controlling the transceiver to receive a service access request carrying a first Uniform Resource Locator (URL), and determining a first IP address corresponding to the first URL according to the first URL, wherein the service access request is a hypertext transfer protocol (HTTP) request or a first Domain Name System (DNS) query request; judging whether a first mapping relation between the first URL and the first IP address exists in a pre-stored mapping relation table of the URL and the IP address; if so, updating the storage time point of the first mapping relation in the mapping relation table according to the time point of receiving the service access request;

the processor is further configured to determine whether a second mapping relation including the first URL exists in the mapping relation table if the first mapping relation between the first URL and the first IP address does not exist; if so, judging whether the service access request is a first DNS query request, and the first DNS server sending the first IP address is a server in a trusted server list stored by the gateway equipment; if so, updating the IP address contained in the second mapping relation according to the first IP address, and updating the storage time point of the second mapping relation in the mapping relation table according to the time point of receiving the service access request.

9. The gateway device according to claim 8, wherein the processor is further configured to, if there is a first mapping relationship between the first URL and the first IP address, determine whether a service type of the first URL is a hot service according to a service type corresponding to a pre-stored URL; if so, updating the storage time point of the first mapping relation in the mapping relation table according to the time point of receiving the service access request.

10. The gateway device of claim 9, wherein the processor is further configured to determine whether the service access request is a first DNS query request if the service type of the first URL is a hot service; if so, updating the storage time point of the first mapping relation in the mapping relation table according to the time point of receiving the service access request.

11. The gateway device of claim 8, wherein the processor is further configured to determine whether the service access request is a first DNS query request and determine whether a first DNS server that sends the first IP address is a server in a trusted server list maintained by the gateway device if a second mapping relationship containing the first URL does not exist in the mapping relationship table; if any one of the URLs is not the cold service, judging whether the service type of the first URL is the cold service or not according to the service type corresponding to the pre-stored URL; if so, sending a second DNS query request carrying the first URL to a second DNS server; intercepting a DNS response sent by the second DNS server, taking an IP address carried in the DNS response as a third IP address, and storing a third mapping relation between the first URL and the third IP address in the mapping relation table; and recording the storing time point of the third mapping relation in the mapping relation table according to the time point of storing the third mapping relation.

12. The gateway device of claim 11, wherein the processor is further configured to store a fourth mapping relationship between the first URL and the first IP address in the mapping relationship table if the service access request is a first DNS query request and the first DNS server that sent the first IP address is a server in a trusted server list stored by the gateway device; and recording the storing time point of the fourth mapping relation in the mapping relation table according to the time point of storing the fourth mapping relation.

13. The gateway device according to claim 9 or 11, wherein the processor is further configured to scan the mapping relationship table according to a second URL stored in advance within a set first time duration and at a set time interval, count a first number of times that a mapping relationship including the second URL is not scanned within the first time duration, determine whether the first number reaches a set first number threshold, if so, determine and store a service type corresponding to the second URL as a cold service, and if not, determine and store a service type corresponding to the second URL as a hot service; or according to a second pre-stored URL, in a set second time length, counting a second number of times of receiving the HTTP request carrying the second URL; and judging whether the second time reaches a set second time threshold, if so, determining and storing the service type corresponding to the second URL as a hot service, and if not, determining and storing the service type corresponding to the second URL as a cold service.

14. A gateway device, comprising: the system comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory complete mutual communication through the communication bus;

the memory has stored therein a computer program which, when executed by the processor, causes the processor to carry out the steps of the method of any one of claims 1 to 6.

15. A computer-readable storage medium, characterized in that it stores a computer program executable by a gateway device, which program, when run on the gateway device, causes the gateway device to perform the steps of the method of any one of claims 1 to 6.