CN110011977B - Website security defense method - Google Patents
Website security defense method Download PDFInfo
- Publication number
- CN110011977B CN110011977B CN201910172602.8A CN201910172602A CN110011977B CN 110011977 B CN110011977 B CN 110011977B CN 201910172602 A CN201910172602 A CN 201910172602A CN 110011977 B CN110011977 B CN 110011977B
- Authority
- CN
- China
- Prior art keywords
- access
- address
- website
- preset time
- time period
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
The invention discloses a website security defense method, which comprises the following steps: acquiring the number of website access requests in a preset time period corresponding to each region; comparing the access request with a set standard regional intranet station access request threshold value, and determining the over-value rate of the website access request; extracting an IP address corresponding to the website logged in an area with the excess value rate larger than the set standard excess value rate; acquiring an access threshold of a website IP address; judging whether the real-time access times of all IP addresses in the area with the over-value rate larger than the set standard over-value rate are larger than the access threshold of the IP address of the website; and carrying out current limiting processing on the IP address of which the actual access times of the IP address is greater than the access threshold of the IP address of the website, and otherwise, counting the access time and the access number of the IP address in the prediction time period, and recording and storing. The invention limits the access times of the IP address, reduces the access threshold value, further reduces the access times of the IP address, avoids the website from being broken, and improves the defense capability of the website.
Description
Technical Field
The invention belongs to the technical field of website defense, and relates to a website security defense method.
Background
Some malicious attackers often generate legal requests of the website by means of the server, so that the website is continuously accessed to consume the performance of the website server, the website is attacked, the website server is paralyzed, and normal users cannot use the website server.
Because the access request initiated by the attacker to the website is the same as the access request of the normal user, when the website server receives the access request sent by the attacker, the access request of the attacker or the access request of the normal user cannot be distinguished, and the access request of the attacker cannot be limited, in order to improve the anti-attack capability of the website and improve the use effect of the normal user, a website security defense method is designed, so that the security and the defense capability of the website are greatly improved.
Disclosure of Invention
The invention aims to provide a website security defense method, which is characterized in that the access request number of websites in a preset time period in an area is compared with a set website access request threshold value to determine the over-rate of a website, the access times of all IP addresses in the area with the over-rate greater than the standard over-rate are extracted, whether the access times of the IP addresses exceed the access threshold value or not is judged, and the access times of the IP addresses exceeding the access threshold value are limited, so that the problems in the prior art are solved.
The purpose of the invention can be realized by the following technical scheme:
a website security defense method comprises the following steps:
s1, acquiring the number of requests for website access within a preset time period corresponding to each region;
s2, comparing the number of access requests of each Intranet station in the region with a set standard Intranet station access request threshold value, and determining the over-rate of the access requests of the Intranet station in the region;
s3, extracting the IP address corresponding to the website in the area with the over-rate larger than the set standard over-rate;
s4, acquiring an access threshold of the IP address for logging in the website, wherein the access threshold of the IP address is the maximum number of times of access of each IP address;
s5, judging whether the real-time access times of all IP addresses in the area with the over-rate larger than the set standard over-rate are larger than the access threshold of the IP address of the website, if so, executing a step S6, otherwise, executing a step S7;
s6, limiting the current of the IP address with the actual access times of the IP address larger than the access threshold of the IP address of the website;
and S7, performing unlimited flow processing on the IP address of which the actual access frequency of the IP address is less than the access threshold value of the IP address of the website, counting the access time and the access number of the IP address in the prediction time period, and recording and storing the access time and the access number.
Furthermore, the over-rate ζ is expressed as a ratio of the number of intranet station access requests in the intranet region to exceed a set standard intranet station access request threshold value,w represents the number of access requests of the website, W0Denoted as a standard intra-area network station access request threshold.
Further, the current limiting process includes the following steps:
h1, sequentially acquiring the access times of the IP addresses in the n preset time periods before the preset time period when the actual access times of the IP addresses are larger than the access threshold of the IP addresses of the website;
h2, sequencing the access times of the IP addresses in each preset time period according to a preset time period sequencing sequence of access, wherein the access times are respectively 1,2, 1, i, n, n and n are expressed as the access times of the IP addresses in the nth preset time period, the access times in the first n preset time periods form an access number set A (a1, a2, a, ai, a, an), ai is expressed as the access times of the IP addresses in the ith preset time period, and the access times in the nth preset time period are the access numbers in the preset time period exceeding the access threshold of the IP addresses;
h3, sequentially comparing the access times of the IP addresses in the previous n preset time periods with the access times of the IP addresses in the next preset time period to obtain a comparison access number set delta A (delta a1, delta a2,..,. delta ai,..,. delta a (n-1)), wherein delta ai is expressed as the difference between the access number of the IP addresses in the i +1 th preset time period and the access number of the IP addresses in the i th preset time period;
h4, counting the access mutation coefficient according to the comparison access number set, if the access mutation coefficient is smaller than the set access mutation coefficient threshold, allowing the IP address to continue accessing, otherwise, extracting the 1/2 access threshold of the IP address as a new access threshold.
Further, the formula for accessing the mutation coefficient is as followsPhi is expressed as an access mutation coefficient, Δ ai is expressed as a difference value between the access number of the IP address in the (i + 1) th preset time period and the access number of the IP address in the ith preset time period, and n is expressed as the extracted nth preset time period.
The invention has the beneficial effects that:
according to the website security defense method provided by the invention, the number of website access requests in a preset time period in an area is compared with a set website access request threshold value, the excess rate of a website is determined, the access times of all IP addresses in the area with the excess rate greater than the standard excess rate are extracted, whether the access times of the IP addresses exceed the access threshold value is judged, the access times of the IP addresses exceeding the access threshold value are limited, the access threshold value is reduced, the access times of the IP addresses are further reduced, the website is prevented from being broken, and the defense capability of the website is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic diagram of a website security defense method according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, a method for defending against website security includes the following steps:
s1, acquiring the number of requests for website access within a preset time period corresponding to each region;
s2, comparing the number of access requests of each Intranet station in the region with the set standard Intranet station access request threshold value, determining the over-rate of the access requests of the Intranet station in the region, wherein the over-rate is represented as the ratio of the number of the access requests of the Intranet station in the region to the access request threshold value of the standard Intranet station in the region,w represents the number of access requests of the website, W0The access request threshold value is expressed as a standard intra-area network station access request threshold value, so that the corresponding excess rate of each area can be counted conveniently, and the relation between the number of the access request of each intra-area network station and the standard intra-area network station access request threshold value can be reflected intuitively;
s3, extracting the IP address corresponding to the website in the area with the over-rate larger than the set standard over-rate;
s4, acquiring an access threshold of the IP address for logging in the website, wherein the access threshold of the IP address is the maximum number of times of access of each IP address;
s5, judging whether the real-time access times of all IP addresses in the area with the over-rate larger than the set standard over-rate are larger than the access threshold of the IP address of the website, if so, executing a step S6, otherwise, executing a step S7;
s6, limiting the current of the IP address with the actual access times of the IP address larger than the access threshold of the IP address of the website;
the current limiting process comprises the following steps:
h1, sequentially acquiring the access times of the IP addresses in the n preset time periods before the preset time period when the actual access times of the IP addresses are larger than the access threshold of the IP addresses of the website;
h2, sequencing the access times of the IP addresses in each preset time period according to a preset time period sequencing sequence of access, wherein the access times are respectively 1,2, 1, i, n, n and n are expressed as the access times of the IP addresses in the nth preset time period, the access times in the first n preset time periods form an access number set A (a1, a2, a, ai, a, an), ai is expressed as the access times of the IP addresses in the ith preset time period, and the access times in the nth preset time period are the access numbers in the preset time period exceeding the access threshold of the IP addresses;
h3, sequentially comparing the access times of the IP addresses in the previous n preset time periods with the access times of the IP addresses in the next preset time period to obtain a comparison access number set delta A (delta a1, delta a2,..,. delta ai,..,. delta a (n-1)), wherein delta ai is expressed as the difference between the access number of the IP addresses in the i +1 th preset time period and the access number of the IP addresses in the i th preset time period;
h4, counting access mutation coefficients according to the comparison access number setPhi is expressed as an access mutation coefficient, if the access mutation coefficient is smaller than a set access mutation coefficient threshold value, the IP address is allowed to continue to be accessed, otherwise, the 1/2 access threshold value of the IP address is extracted as a new access threshold value, and the super-mutation coefficient is subjected to current limiting treatmentThe access request which passes the new access threshold is ignored to forbid the IP address to continue accessing, so that the access times of the IP address which exceeds the set access threshold can be effectively limited, the access times of the IP address are reduced, the website is prevented from being broken, the security defense of the website is realized, and the website defense capability is improved.
And S7, performing unlimited flow processing on the IP address of which the actual access frequency of the IP address is less than the access threshold value of the IP address of the website, counting the access time and the access number of the IP address in the prediction time period, and recording and storing the access time and the access number.
According to the website security defense method provided by the invention, the number of website access requests in a preset time period in an area is compared with a set website access request threshold value, the excess rate of a website is determined, the access times of all IP addresses in the area with the excess rate greater than the standard excess rate are extracted, whether the access times of the IP addresses exceed the access threshold value is judged, the access times of the IP addresses exceeding the access threshold value are limited, the access threshold value is reduced, the access times of the IP addresses are further reduced, the website is prevented from being broken, and the defense capability of the website is improved.
The foregoing is merely exemplary and illustrative of the principles of the present invention and various modifications, additions and substitutions of the specific embodiments described herein may be made by those skilled in the art without departing from the principles of the present invention or exceeding the scope of the claims set forth herein.
Claims (2)
1. A website security defense method is characterized in that: the method comprises the following steps:
s1, acquiring the number of requests for website access within a preset time period corresponding to each region;
s2, comparing the number of access requests of each Intranet station in the region with a set standard Intranet station access request threshold value, and determining the over-rate of the access requests of the Intranet station in the region;
s3, extracting the IP address corresponding to the website in the area with the over-rate larger than the set standard over-rate;
s4, acquiring an access threshold of the IP address for logging in the website, wherein the access threshold of the IP address is the maximum number of times of access of each IP address;
s5, judging whether the real-time access times of all IP addresses in the area with the over-rate larger than the set standard over-rate are larger than the access threshold of the IP address of the website, if so, executing a step S6, otherwise, executing a step S7;
s6, limiting the current of the IP address with the actual access times of the IP address larger than the access threshold of the IP address of the website;
s7, performing unlimited flow processing on the IP address of which the actual access times are less than the access threshold of the IP address of the website, counting the access time and the access number of the IP address in the prediction time period, and recording and storing the access time and the access number;
the current limiting process comprises the following steps:
h1, sequentially acquiring the access times of the IP addresses in the n preset time periods before the preset time period when the actual access times of the IP addresses are larger than the access threshold of the IP addresses of the website;
h2, sequencing the access times of the IP addresses in each preset time period according to a preset time period sequencing sequence of access, wherein the access times in the previous n preset time periods form an access number set A (a1, a2, a.. a., ai, a.. an, an) which is expressed as the access times of the IP addresses in the ith preset time period, and the access times in the nth preset time period are the access numbers in the preset time period exceeding the access threshold of the IP addresses;
h3, sequentially comparing the access times of the IP addresses in the previous n preset time periods with the access times of the IP addresses in the next preset time period to obtain a comparison access number set delta A (delta a1, delta a2,..,. delta ai,..,. delta a (n-1)), wherein delta ai is expressed as the difference between the access number of the IP addresses in the i +1 th preset time period and the access number of the IP addresses in the i th preset time period;
h4, counting access mutation coefficients according to the comparison access number set, if the access mutation coefficients are smaller than a set access mutation coefficient threshold, allowing the IP address to continue to access, otherwise, extracting a 1/2 access threshold of the IP address as a new access threshold;
the calculation formula of the access mutation coefficient isPhi is expressed as an access mutation coefficient, Δ ai is expressed as a difference value between the access number of the IP address in the (i + 1) th preset time period and the access number of the IP address in the ith preset time period, and n is expressed as the extracted nth preset time period.
2. The method of claim 1, wherein: the over-rate ζ is expressed as a ratio of the number of access requests of the intranet station in the area to the access request threshold value of the standard intranet station in the area,w represents the number of access requests of the website, W0Denoted as a standard intra-area network station access request threshold.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910172602.8A CN110011977B (en) | 2019-03-07 | 2019-03-07 | Website security defense method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910172602.8A CN110011977B (en) | 2019-03-07 | 2019-03-07 | Website security defense method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110011977A CN110011977A (en) | 2019-07-12 |
CN110011977B true CN110011977B (en) | 2021-07-27 |
Family
ID=67166552
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910172602.8A Active CN110011977B (en) | 2019-03-07 | 2019-03-07 | Website security defense method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110011977B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110413416B (en) * | 2019-07-31 | 2022-05-17 | 中国工商银行股份有限公司 | Current limiting method and device for distributed server |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104462445A (en) * | 2014-12-15 | 2015-03-25 | 北京国双科技有限公司 | Webpage access data processing method and webpage access data processing device |
CN105187396A (en) * | 2015-08-11 | 2015-12-23 | 小米科技有限责任公司 | Method and device for identifying web crawler |
CN107528815A (en) * | 2016-06-22 | 2017-12-29 | 腾讯科技(深圳)有限公司 | A kind of method and server of protection net site attack |
CN108777805A (en) * | 2018-05-17 | 2018-11-09 | 北京奇艺世纪科技有限公司 | A kind of detection method, device, control server and the system of unauthorized access request |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
AU2014244137B2 (en) * | 2013-03-14 | 2018-12-06 | Threater, Inc. | Internet protocol threat prevention |
-
2019
- 2019-03-07 CN CN201910172602.8A patent/CN110011977B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104462445A (en) * | 2014-12-15 | 2015-03-25 | 北京国双科技有限公司 | Webpage access data processing method and webpage access data processing device |
CN105187396A (en) * | 2015-08-11 | 2015-12-23 | 小米科技有限责任公司 | Method and device for identifying web crawler |
CN107528815A (en) * | 2016-06-22 | 2017-12-29 | 腾讯科技(深圳)有限公司 | A kind of method and server of protection net site attack |
CN108777805A (en) * | 2018-05-17 | 2018-11-09 | 北京奇艺世纪科技有限公司 | A kind of detection method, device, control server and the system of unauthorized access request |
Also Published As
Publication number | Publication date |
---|---|
CN110011977A (en) | 2019-07-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
AU2017268608B2 (en) | Method, device, server and storage medium of detecting DoS/DDoS attack | |
CN104113519B (en) | Network attack detecting method and its device | |
CN110166454B (en) | Mixed feature selection intrusion detection method based on adaptive genetic algorithm | |
US20210099484A1 (en) | Phishing website detection | |
CN110830445B (en) | Method and device for identifying abnormal access object | |
CN104994117A (en) | Malicious domain name detection method and system based on DNS (Domain Name Server) resolution data | |
CN103929440A (en) | Web page tamper prevention device based on web server cache matching and method thereof | |
JP2019523584A (en) | Network attack prevention system and method | |
Nwana et al. | A latent social approach to youtube popularity prediction | |
CN113556343B (en) | DDoS attack defense method and device based on browser fingerprint identification | |
CN105721410B (en) | Method and device for acquiring network security condition | |
CN106254394B (en) | A kind of recording method and device of attack traffic | |
CN110011977B (en) | Website security defense method | |
CN114640504B (en) | CC attack protection method, device, equipment and storage medium | |
CN108259473A (en) | Web server scan protection method | |
CN115460153B (en) | Dynamic adjustment method and device for token bucket capacity, storage medium and electronic device | |
CN110519266B (en) | Cc attack detection method based on statistical method | |
CN114363091B (en) | Method and system for realizing unified login of platform application based on APISIX | |
CN108134774B (en) | Privacy protection method and device based on content privacy and user security grading | |
CN112839005B (en) | DNS domain name abnormal access monitoring method and device | |
CN112491869A (en) | Application layer DDOS attack detection and protection method and system based on IP credit | |
CN115296855B (en) | User behavior baseline generation method and related device | |
CN114050922B (en) | Network flow anomaly detection method based on space-time IP address image | |
Wang et al. | A novel approach for countering application layer DDoS attacks | |
CN112543199B (en) | IP abnormal flow detection method, system, computer equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |