CN110149246B - Shared internet access detection method and system, electronic equipment and storage medium - Google Patents
Shared internet access detection method and system, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN110149246B CN110149246B CN201910452773.6A CN201910452773A CN110149246B CN 110149246 B CN110149246 B CN 110149246B CN 201910452773 A CN201910452773 A CN 201910452773A CN 110149246 B CN110149246 B CN 110149246B
- Authority
- CN
- China
- Prior art keywords
- terminal
- weight
- request
- determining
- http
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/06—Generation of reports
- H04L43/065—Generation of reports related to network devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/16—Threshold monitoring
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application discloses a method and a system for detecting shared internet surfing, an electronic device and a computer readable storage medium, wherein the method comprises the following steps: acquiring an http request; acquiring a request weight corresponding to the http request and a terminal type of the target terminal, and determining a terminal weight of the target terminal by using the request weight; judging whether the weight of the terminal is greater than a preset threshold value or not; if yes, the target terminal is judged to be a valid terminal; and counting the terminal types and the terminal quantity of all effective terminals. According to the method and the device, the type of the target terminal can be obtained after the http request is obtained by presetting the corresponding weight, and the terminal weight of the target terminal is determined by using the request weight corresponding to the http request, so that whether the terminal is effective or not is judged according to the comparison result of the terminal weight and the preset threshold value, misjudgment caused by the nonstandard and non-uniform information or the influence of the number of terminals is avoided, the type and the number of the terminals of the effective terminal are finally obtained, and shared internet access detection is realized.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and a system for detecting a shared internet access, an electronic device, and a computer-readable storage medium.
Background
With the development of science and technology, various terminals can be wirelessly accessed to network shared resources, which brings great convenience to daily life of users, but brings some potential safety hazards. Some enterprises have strict requirements on internet security in order to prevent disclosure, and require control over the number and types of terminals accessed.
At present, the following methods are mainly used for detecting the shared internet access:
TCP protocol analysis method (TTL value detection, IPID, TCP window size): TTL value detection, namely judging whether a sharing behavior exists or not by counting protocol characteristic values, wherein the initial TTLs of different systems are different and can be modified on a terminal, so that the effect on identifying the number of the sharing terminals is very limited; the IPID value of the same terminal is continuously changed, but the IPID values are based on flow, so that the differentiation and the statistics are very difficult, and erroneous judgment and missed judgment are easily caused; the size of the TCP window has certain system correlation, similar to TTL value detection.
The User-agent detection method comprises the following steps: the method identifies the system or the specific type of the terminal based on the system or model information contained in the UA, so as to roughly count the number of the shared terminals. The method has the defects that the UA is easy to misjudge due to non-standardization, and when terminals with the same system and model are shared, the UA-based method cannot be identified, so that misjudgment is serious.
Flash cookie detection method (LSO): the method executes a flash script based on a flash plug-in, and plants a flash cookie value (LSO) on a terminal user PC (personal computer), so that the Local Shared Object (LSO) is shared among browsers. The method has the defects that the position of the LSO is not fixed, and a plurality of planting catalogues exist on a PC of a terminal user, so that the LSO object set and provided by the same PC is not unique, and misjudgment is easily caused.
The terminal time detection method comprises the following steps: the method is based on the clock difference of the computer terminal, and the number of the internal network sharing PCs is counted. The method has the defects that the time interval of the computer is not large, some software installed on the computer has the function of synchronizing time, so that the method is easy to misjudge, and the detection effect of the method is worse and worse along with the increase of the number of shared computers.
Therefore, how to solve the problem of easy misjudgment in the shared internet access detection is a major concern for those skilled in the art.
Disclosure of Invention
The application aims to provide a shared internet access detection method and system, an electronic device and a computer readable storage medium, so as to reduce the misjudgment rate of terminal detection.
In order to achieve the above object, the present application provides a shared internet access detection method, including:
acquiring an http request;
acquiring a request weight corresponding to the http request and a terminal type of a target terminal, and determining a terminal weight of the target terminal by using the request weight;
judging whether the terminal weight is greater than a preset threshold value or not;
if yes, the target terminal is judged to be a valid terminal;
and counting the terminal types and the terminal quantity of all effective terminals.
Optionally, the obtaining a request weight corresponding to the http request and a terminal type of a target terminal, and determining a terminal weight of the target terminal by using the request weight includes:
determining an application program to which the http request belongs, and acquiring a preset extraction rule of the application program;
determining the terminal type of the target terminal by using the preset extraction rule, and determining a rule weight of the preset extraction rule;
and determining the rule weight as the request weight, and accumulating all the request weights to obtain the terminal weight.
Optionally, the determining the application program to which the http request belongs includes:
capturing an http data packet in the http request to an application layer;
judging whether the http data packet needs to be recombined or not by utilizing the application layer;
if so, after the http data packet is recombined, performing data extraction on the recombined http data packet to determine an application program initiating the http request;
and if not, directly extracting data of the http data packet, and determining an application program to which the http request belongs.
Optionally, after obtaining the request weight corresponding to the http request and the terminal type of the target terminal, the method further includes:
storing the terminal type, the application program and the corresponding request weight into a first preset list;
and if the http request sent by the application program in the first preset list is not received within a preset time range, deleting the application program.
Optionally, after the deleting the application program, the method further includes:
and reserving the request weight corresponding to the application program so as to extract the request weight and perform accumulation calculation after receiving the http request sent by the application program next time.
Optionally, the obtaining a request weight corresponding to the http request and a terminal type of a target terminal, and determining a terminal weight of the target terminal by using the request weight includes:
acquiring a preset weight of the http request and a corresponding terminal type of the target terminal, and determining the total number of the http requests;
and determining the request weight by using the preset weight and the total number, and accumulating all the request weights to obtain the terminal weight.
Optionally, before determining the target terminal as a valid terminal, the method further includes:
obtaining the UA type corresponding to the http request, and determining the type number of the UA type;
judging whether the number of the types is larger than the number of preset types or not;
and if so, judging the target terminal as a valid terminal.
Optionally, after obtaining the UA type corresponding to the http request, the method further includes:
and storing the terminal type and the UA type into a second preset list.
Optionally, after the target terminal is determined as a valid terminal, the method further includes:
and sending an update instruction to a driving layer so that the driving layer updates the information of the target terminal in a terminal list corresponding to the current user.
In order to achieve the above object, the present application provides a shared internet access detection system, including:
the request acquisition module is used for acquiring an http request;
the weight determination module is used for acquiring a request weight corresponding to the http request and the terminal type of the target terminal, and determining a terminal weight of the target terminal by using the request weight;
the weight judgment module is used for judging whether the weight of the terminal is greater than a preset threshold value or not;
the first judging module is used for judging the effectiveness of the target terminal, and if the terminal weight is greater than the preset threshold, the target terminal is judged to be an effective terminal;
and the terminal counting module is used for counting the terminal types and the terminal quantity of all effective terminals.
Optionally, the weight determining module includes:
the rule obtaining submodule is used for determining an application program to which the http request belongs and obtaining a preset extraction rule of the application program;
the weight determination submodule is used for determining the terminal type of the target terminal by using the preset extraction rule and determining the rule weight of the preset extraction rule;
and the weight accumulation submodule is used for determining the rule weight as the request weight, and accumulating all the request weights to obtain the terminal weight.
Optionally, the rule obtaining sub-module includes:
the data packet capturing unit is used for capturing an http data packet in the http request to an application layer;
the recombination judging unit is used for judging whether the http data packet needs to be recombined or not by utilizing the application layer;
the first extraction unit is used for waiting for the completion of the recombination of the http data packet when the http data packet needs to be recombined, extracting data of the recombined http data packet and determining an application program for initiating the http request;
and the second extraction unit is used for directly extracting data of the http data packet and determining the application program to which the http request belongs when the http data packet does not need to be recombined.
Optionally, the method further includes:
the storage module is used for storing the terminal type, the application program and the corresponding request weight into a first preset list after acquiring the request weight corresponding to the http request and the terminal type of the target terminal;
and the deleting module is used for deleting the application program after the http request sent by the application program in the first preset list is not received within a preset time range.
Optionally, the weight determining module includes:
the first determining submodule is used for acquiring a preset weight of the http request and a terminal type corresponding to the target terminal, and determining the total number of the http requests;
and the second determining submodule is used for determining the request weight by utilizing the preset weight and the total number, and accumulating all the request weights to obtain the terminal weight.
Optionally, the method further includes:
the second obtaining module is used for obtaining the UA types corresponding to the http request and determining the type number of the UA types before the target terminal is judged as the valid terminal;
the type number judging module is used for judging whether the number of the types is larger than the number of the preset types or not;
and the second judging module is used for judging whether the target terminal is effective or not, and judging the target terminal as an effective terminal if the number of the types is greater than the preset number of the types.
Optionally, the method further includes:
and the updating module is used for sending an updating instruction to the driving layer so that the driving layer updates the information of the target terminal in the terminal list corresponding to the current user.
To achieve the above object, the present application provides an electronic device including:
a memory for storing a computer program;
and the processor is used for realizing any one of the shared internet access detection methods when executing the computer program.
To achieve the above object, the present application provides a computer-readable storage medium, which stores a computer program, and when the computer program is executed by a processor, the computer program implements any one of the foregoing methods for detecting shared internet access.
According to the scheme, the shared internet access detection method provided by the application comprises the following steps: acquiring an http request; acquiring a request weight corresponding to the http request and a terminal type of a target terminal, and determining a terminal weight of the target terminal by using the request weight; judging whether the terminal weight is greater than a preset threshold value or not; if yes, the target terminal is judged to be a valid terminal; and counting the terminal types and the terminal quantity of all effective terminals. According to the method and the device, the type of the target terminal can be obtained after the http request is obtained by presetting the corresponding weight, and the terminal weight of the target terminal is determined by using the request weight corresponding to the http request, so that whether the terminal is effective or not is judged according to the comparison result of the terminal weight and the preset threshold value, misjudgment caused by the influence of information nonstandard and non-uniform or the number of terminals is avoided, the type and the number of terminals of the effective terminal are finally obtained, shared internet access detection is realized, and the misjudgment rate of terminal detection is reduced.
The application also discloses a shared internet access detection system, an electronic device and a computer readable storage medium, which can also achieve the technical effects.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a shared internet access detection method disclosed in an embodiment of the present application;
fig. 2 is a flowchart of another shared internet access detection method disclosed in the embodiment of the present application;
fig. 3 is a flowchart of another shared internet access detection method disclosed in the embodiment of the present application;
fig. 4 is a flowchart of another shared internet access detection method disclosed in the embodiment of the present application;
fig. 5 is a flowchart of another shared internet access detection method disclosed in the embodiment of the present application;
fig. 6 is a flowchart of another shared internet access detection method disclosed in the embodiment of the present application;
fig. 7 is a flowchart of another shared internet access detection method disclosed in the embodiment of the present application
Fig. 8 is a flowchart of a specific shared internet access detection method disclosed in an embodiment of the present application;
fig. 9 is a schematic diagram illustrating an implementation of a shared internet access detection function in a specific example disclosed in an embodiment of the present application;
fig. 10 is a structural diagram of a shared internet access detection system disclosed in an embodiment of the present application;
fig. 11 is a block diagram of an electronic device disclosed in an embodiment of the present application;
fig. 12 is a block diagram of another electronic device disclosed in the embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In the prior art, the following methods are mainly used for detecting the shared internet access: a TCP protocol analysis method, a User-agent detection method, a Flash cookie detection method, and a terminal time detection method. However, the above method is prone to false positives and false negatives.
Therefore, the embodiment of the application discloses a shared internet access detection method, which reduces the misjudgment rate of terminal detection.
Referring to fig. 1, a flowchart of a shared internet access detection method disclosed in an embodiment of the present application is shown in fig. 1, and includes:
s101: acquiring an http request;
s102: acquiring a request weight corresponding to the http request and a terminal type of a target terminal, and determining a terminal weight of the target terminal by using the request weight;
in this step, after the http request is obtained, a preset UA recognition engine may be used to recognize a request weight corresponding to the http request and a terminal type of a target terminal corresponding to the http request, and further determine a terminal weight of the target terminal after obtaining the request weight corresponding to each http request, for example, all the obtained request weights may be accumulated to obtain a terminal weight of the target terminal, and also some preset characteristic values in the request weights may be used to determine the terminal weight of the target terminal.
It should be noted that UA (user agent) refers to a string of special characters, and the string of characters often includes information related to the operating system and version of the client, the CPU type, the terminal type, the browser, and the like. The UA identification engine mentioned in this embodiment refers to an algorithm written specifically for the UA field of the http request, and a system structure established by the algorithm can identify the http request, thereby obtaining weight and terminal type information.
S103: judging whether the terminal weight is greater than a preset threshold value or not;
s104: if yes, the target terminal is judged to be a valid terminal;
and further, judging whether the terminal weight meets a preset threshold value, if the terminal weight is greater than the preset threshold value, indicating that the target terminal meets a preset condition, and judging the target terminal as an effective terminal.
S105: and counting the terminal types and the terminal quantity of all effective terminals.
It can be understood that sharing to surf the internet refers to accessing a network through proxy sharing among a plurality of terminals, for example, an intranet user may surf the internet by proxying a plurality of terminals through a router, or the intranet terminal shares WiFi to other terminals through a third-party tool, so as to achieve the purpose of sharing to surf the internet. The shared internet access detection means to determine the type and the number of terminals currently sharing the internet access. In the embodiment, each http request is identified, the valid terminals are finally determined, and the number and the corresponding types of the valid terminals are counted to obtain the shared internet access detection result.
According to the scheme, the shared internet access detection method provided by the application comprises the following steps: acquiring an http request; acquiring a request weight corresponding to the http request and a terminal type of a target terminal, and determining a terminal weight of the target terminal by using the request weight; judging whether the terminal weight is greater than a preset threshold value or not; if yes, the target terminal is judged to be a valid terminal; and counting the terminal types and the terminal quantity of all effective terminals. According to the method and the device, the type of the target terminal can be obtained after the http request is obtained by presetting the corresponding weight, and the weight corresponding to the http request is used for determining the terminal weight of the target terminal, so that whether the terminal is effective or not is judged according to the comparison result of the terminal weight and the preset threshold value, misjudgment caused by the influence of information nonstandard and non-uniform or the number of terminals is avoided, the type and the number of terminals of the effective terminal are finally obtained, shared internet access detection is realized, and the misjudgment rate of terminal detection is reduced.
In one embodiment, the UA identification engine determines the terminal weight using the application weight. Specifically, the method comprises the following steps:
referring to fig. 2, a flowchart of another shared internet access detection method provided in the embodiment of the present application is shown in fig. 2, and includes:
s201: acquiring an http request;
s202: determining an application program to which the http request belongs, and acquiring a preset extraction rule of the application program;
in specific implementation, after the http request is obtained, the UA recognition engine is used to recognize which application program the http request belongs to, that is, which application program the http request is originated from, and a preset extraction rule of the application program is obtained.
S203: determining the terminal type of the target terminal by using the preset extraction rule, and determining a rule weight of the preset extraction rule;
in this step, the extraction rule of each application program is preset with a corresponding rule weight, and the corresponding terminal model and rule weight can be extracted according to the preset extraction rule.
Specifically, in this embodiment, in order to quickly identify the terminal, the maximum weight value extracted from the multiple weight values is updated to the rule weight value corresponding to the current application program.
S204: determining the rule weight as the request weight, and accumulating all the request weights to obtain the terminal weight;
further, all rule weights can be directly accumulated, so that a final terminal weight is obtained. The accumulation process needs to be noticed that the rule weight corresponding to each application program can be accumulated only once, and in order to effectively prevent misjudgment, at least 2 to 3 application programs can identify one terminal.
S205: judging whether the terminal weight is greater than a preset threshold value or not;
s206: if yes, the target terminal is judged to be a valid terminal;
s207: and counting the terminal types and the terminal quantity of all effective terminals.
Compared with the previous embodiment, the embodiment further describes and optimizes the process of determining the application program to which the http request belongs. Specifically, the method comprises the following steps:
referring to fig. 3, a flowchart of another shared internet access detection method provided in the embodiment of the present application is shown in fig. 3, and includes:
s301: acquiring an http request;
s302: capturing an http data packet in the http request to an application layer;
in the step, when the http request passes through the AC device, packet capturing is performed on a get request and a post request in the http request, at most 5 packets are captured for each connection, and the http data packet is sent to the application layer in a zero copy mode. It can be understood that, in this step, the data packet is captured to the application layer in a zero copy manner and then processed, so that the processing is more efficient.
S303: judging whether the http data packet needs to be recombined or not by utilizing the application layer;
s304: if so, after the http data packet is recombined, performing data extraction on the recombined http data packet to determine an application program initiating the http request;
s305: if not, directly extracting data of the http data packet, and determining an application program to which the http request belongs;
it can be understood that after the application layer obtains the data packet, it is determined whether the data packet is a packetized data packet, if so, the data packet is firstly retained until the packet is output after the reassembly is completed, and the data extraction is performed on the reassembled data packet; if not, data extraction can be directly carried out on the http data packet, and finally the application program initiating the http request is determined.
Further, the above data extraction for the http data packet may specifically be: and extracting url, refer and user-agent fields of the recombined http data packet, and performing dfa analysis on the extracted fields to determine a corresponding application program.
S306: acquiring a preset extraction rule of the application program, determining the terminal type of the target terminal by using the preset extraction rule, and determining a rule weight of the preset extraction rule;
in this step, the preset rule table is queried by using the information of the application program, and the preset extraction rule corresponding to the current application program is obtained. And the preset rule table stores the extraction rule of each application program, and the terminal type and the weight corresponding to the http request can be obtained through the extraction rule.
S307: determining the rule weight as the request weight, and accumulating all the request weights to obtain the terminal weight;
s308: judging whether the terminal weight is greater than a preset threshold value or not;
s309: if yes, the target terminal is judged to be a valid terminal;
s310: and counting the terminal types and the terminal quantity of all effective terminals.
The embodiment of the application discloses another shared internet access detection method, and compared with the previous embodiment, the embodiment further explains and optimizes the technical scheme. Specifically, the method comprises the following steps:
referring to fig. 4, a flowchart of another shared internet access detection method provided in the embodiment of the present application is shown in fig. 4, and includes:
s401: acquiring an http request;
s402: determining an application program to which the http request belongs, a corresponding request weight and a terminal type of a target terminal, and storing the terminal type, the application program and the corresponding request weight into a first preset list;
s403: determining a terminal weight of the target terminal by using the request weight in the first preset list, and judging whether the terminal weight is greater than a preset threshold value;
s404: if yes, the target terminal is judged to be a valid terminal;
s405: and counting the terminal types and the terminal quantity of all effective terminals.
It can be understood that, in this embodiment, after the request weight corresponding to the http request and the terminal type of the target terminal are obtained, the obtained terminal type, the obtained application program and the obtained corresponding request weight are further stored in the first preset list, and then the final terminal weight is determined through the first preset list, and whether the target terminal is an effective terminal is determined based on the terminal weight and the preset threshold.
On the basis of the foregoing embodiment, as a preferred implementation manner, an embodiment of the present application discloses another shared internet access detection method, and compared with the foregoing embodiment, in this embodiment, in order to prevent misjudgment, a timeout mechanism is further set. Specifically, the method comprises the following steps:
referring to fig. 5, a flowchart of another shared internet access detection method provided in the embodiment of the present application is shown in fig. 5, and includes:
s501: acquiring an http request;
s502: determining an application program to which the http request belongs, a corresponding request weight and a terminal type of a target terminal, and storing the terminal type, the application program and the corresponding request weight into a first preset list;
s503: determining a terminal weight of the target terminal by using the request weight in the first preset list, and judging whether the terminal weight is greater than a preset threshold value;
s504: if yes, the target terminal is judged to be a valid terminal;
s505: counting the terminal types and the terminal quantity of all effective terminals;
s506: and if the http request sent by the application program in the first preset list is not received within a preset time range, deleting the application program.
It should be noted that, in this embodiment, a corresponding timeout mechanism is set, and if an http request sent by an application program in the first preset list is not received within a preset time range, the application program is deleted, and the weight is gradually decreased to 1 along with time, so as to prevent shared internet access detection misjudgment caused by ceaselessly accumulating misjudgment packets. The preset time range may be determined according to specific situations in the implementation process, and the present invention is not limited.
In addition, in this embodiment, after the application program is deleted, the request weight corresponding to the application program is still retained, so that the request weight can be extracted and accumulated after an http request sent by the application program is received again next time.
In another embodiment, for each http request, the UA recognition engine does not write extraction rules that set all applications, and since there are too many applications and complete coverage wastes a lot of time and material resources, for an application that does not set an extraction rule, the application will be considered as a special application. However, since the weight of the special application program is relatively low, it may be difficult to reach the preset threshold of the terminal weight, so that the embodiment of the present application provides another shared internet access detection method, which can determine the request weight and further determine the terminal weight by using the number of http requests and the preset weight, specifically:
referring to fig. 6, a flowchart of another shared internet access detection method provided in the embodiment of the present application is shown in fig. 6, and includes:
s601: acquiring an http request;
s602: acquiring a preset weight of the http request and the corresponding terminal type, and determining the total number of the http requests;
s603: determining the request weight by using the preset weight and the total number, and accumulating all the request weights to obtain the terminal weight;
s604: judging whether the terminal weight is greater than a preset threshold value or not;
s605: if yes, the target terminal is judged to be a valid terminal;
s606: and counting the terminal types and the terminal quantity of all the effective terminals.
In this embodiment, the same preset weight is set for each http request, after the http request is obtained, the request weight may be determined by determining the total number of http requests and the preset weight, and all the request weights are accumulated to obtain the terminal weight. For example, if the preset weight of the http request is 1, every time an http request is obtained, adding 1 to the request weight and then adding 1 to the terminal weight to finally obtain the terminal weight, and determining whether the terminal weight is greater than the preset threshold 100, thereby determining whether the terminal is valid.
The embodiment of the application discloses another shared internet detection method, and compared with the previous embodiment, the embodiment further explains and optimizes the technical scheme. Specifically, the method comprises the following steps:
referring to fig. 7, a flowchart of another shared internet access detection method provided in the embodiment of the present application is shown in fig. 7, and includes:
s701: acquiring an http request;
s702: acquiring a preset weight of the http request and the corresponding terminal type, and determining the total number of the http requests;
s703: determining the request weight by using the preset weight and the total number, and accumulating all the request weights to obtain the terminal weight;
s704: obtaining the UA type corresponding to the http request, and determining the type number of the UA type;
s705: judging whether the weight of the terminal is greater than a preset threshold value or not, and judging whether the number of the types is greater than the number of the preset types or not;
s706: if yes, the target terminal is judged to be a valid terminal;
s707: and counting the terminal types and the terminal quantity of all effective terminals.
In this embodiment, before the target terminal is determined as the valid terminal, the UA type corresponding to the http request is further obtained, and whether the number of types of the UA is greater than the number of preset types is further determined by determining whether the terminal weight is greater than or equal to the preset threshold, so that an effect of preventing erroneous determination can be achieved.
In addition, on the basis of the above embodiment, after the UA type corresponding to the http request is acquired, the terminal type and the UA type may be further stored in a second preset list.
Further, after the target terminal is determined as a valid terminal, the update instruction may be further issued to the driver layer, so that the driver layer updates information of the target terminal in the terminal list corresponding to the current user.
It should be noted that, in the above embodiments, when the terminal weight of the target terminal is further determined after the request weight corresponding to each http request is obtained, the solution provided in any of the above embodiments is a solution to be protected by the present application, and with the help of the present technical solution, a person skilled in the art may determine the terminal weight of the target terminal by using the request weight in other ways without creative labor, and the method is also within the scope protected by the present disclosure.
Referring to fig. 8, a flowchart of a specific shared internet access detection method provided in an embodiment of the present application is shown in fig. 8, and includes:
firstly, when an HTTP request passes through an AC device, driving to capture a get request and a post request of HTTP, capturing 5 packets at most for each connection, and sending the packets to an application layer in a zero copy mode;
further, judging whether the http data packet needs to be recombined or not, if so, firstly reserving the http data packet until the http data packet is output after the recombination is finished, extracting data of the recombined http data packet, extracting url, refer and user-agent fields of the http, performing dfa analysis according to the extracted fields, and judging the app to which the current http request belongs;
it can be understood that, by the obtained app information, a rule table of the app regular expression can be obtained through query, and the terminal type and weight information can be obtained through the rule table;
it should be noted that, in this embodiment, the user structure is updated according to the terminal type and the weight information, and each user maintains three structures, model-app information, model-ua information, and model-tree information, where the model-app information is information that needs to be maintained when the rule weight of the application program is used to determine the terminal weight in the foregoing embodiment; the model-ua information and the model-tree information are information which needs to be maintained correspondingly when the terminal weight is determined by using the preset weight of the http request in the embodiment, and finally the terminal weight is obtained, and whether the terminal weight reaches a specified value is judged;
further, after the terminal is judged to be valid according to the terminal weight, the terminal list currently owned by the user is updated by using the driving layer, and the sharing prevention module is notified to update the sharing information of the user.
Fig. 9 is a schematic diagram illustrating an implementation of a shared internet access detection function in a specific example provided in an embodiment of the present application, and as shown in fig. 9, shows a use position of the shared internet access detection function in a network, when an http request reaches an AC device through a router, each http data packet in the http request is processed by the AC device, so as to obtain a plurality of pieces of terminal information corresponding to each data packet.
As can be seen from the above, the shared internet access detection method provided in the embodiment of the present application is not limited by the number of terminals, theoretically, can satisfy the requirement of identifying a large number of terminals, and can be applied to detection control of the number of terminals and the type of terminals in a large-scale shared internet access scene.
In the following, a shared internet access detection system provided by an embodiment of the present application is introduced, and a shared internet access detection system described below and a shared internet access detection method described above may refer to each other.
Referring to fig. 10, a structure diagram of a shared internet access detection system provided in an embodiment of the present application is shown in fig. 10, and includes:
a request obtaining module 100, configured to obtain an http request;
a weight determination module 200, configured to obtain a request weight corresponding to the http request and a terminal type of a target terminal, and determine a terminal weight of the target terminal by using the request weight;
a weight judgment module 300, configured to judge whether the terminal weight is greater than a preset threshold;
a first determining module 400, configured to determine whether the target terminal is valid, and if the terminal weight is greater than the preset threshold, determine that the target terminal is a valid terminal;
and a terminal counting module 500, configured to count the terminal types and the number of terminals of all valid terminals.
On the basis of the foregoing embodiment, as a preferable mode, the weight determining module in the shared internet access detection system includes:
the rule obtaining submodule is used for determining an application program to which the http request belongs and obtaining a preset extraction rule of the application program;
the weight determination submodule is used for determining the terminal type of the target terminal by using the preset extraction rule and determining the rule weight of the preset extraction rule;
and the weight accumulation submodule is used for determining the rule weight as the request weight and accumulating all the request weights to obtain the terminal weight.
On the basis of the foregoing embodiment, as a preferable mode, the rule obtaining sub-module in the shared internet access detection system includes:
the data packet capturing unit is used for capturing an http data packet in the http request to an application layer;
the recombination judging unit is used for judging whether the http data packet needs to be recombined or not by utilizing the application layer;
the first extraction unit is used for waiting for the completion of the recombination of the http data packet when the http data packet needs to be recombined, extracting data of the recombined http data packet and determining an application program for initiating the http request;
and the second extraction unit is used for directly extracting data of the http data packet and determining the application program to which the http request belongs when the http data packet does not need to be recombined.
On the basis of the foregoing embodiment, as a preferable mode, the shared internet access detection system may further include:
the storage module is used for storing the terminal type, the application program and the corresponding request weight into a first preset list after acquiring the request weight corresponding to the http request and the terminal type of the target terminal;
and the deleting module is used for deleting the application program after the http request sent by the application program in the first preset list is not received within a preset time range.
On the basis of the foregoing embodiment, as a preferable mode, the weight determining module in the shared internet access detection system includes:
the first determining submodule is used for acquiring a preset weight of the http request and a terminal type corresponding to the target terminal, and determining the total number of the http requests;
and the second determining submodule is used for determining the request weight by utilizing the preset weight and the total number, and accumulating all the request weights to obtain the terminal weight.
On the basis of the foregoing embodiment, as a preferable mode, the shared internet access detection system may further include:
the second obtaining module is used for obtaining the UA types corresponding to the http request and determining the type number of the UA types before the target terminal is judged as the valid terminal;
the type number judging module is used for judging whether the number of the types is larger than the number of the preset types or not;
and the second judging module is used for judging whether the target terminal is effective or not, and judging the target terminal as an effective terminal if the number of the types is greater than the preset number of the types.
On the basis of the foregoing embodiment, as a preferable mode, the shared internet access detection system may further include:
and the updating module is used for sending an updating instruction to the driving layer so that the driving layer updates the information of the target terminal in the terminal list corresponding to the current user.
The present application further provides an electronic device, referring to fig. 11, a structure diagram of an electronic device provided in an embodiment of the present application is shown in fig. 11, and includes:
a memory 11 for storing a computer program;
the processor 12 is configured to implement any one of the foregoing methods for detecting shared internet access when executing the computer program.
Specifically, the memory 11 includes a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and computer-readable instructions, and the internal memory provides an environment for the operating system and the computer-readable instructions in the non-volatile storage medium to run. The processor 12, which in some embodiments may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor or other data Processing chip, provides computing and control capabilities for the electronic device, and when executing the computer program stored in the memory 11, the following steps may be implemented:
acquiring an http request; acquiring a request weight corresponding to the http request and a terminal type of a target terminal, and determining a terminal weight of the target terminal by using the request weight; judging whether the terminal weight is greater than a preset threshold value or not; if yes, the target terminal is judged to be a valid terminal; and counting the terminal types and the terminal quantity of all effective terminals.
Preferably, when the processor 12 executes the computer subprogram stored in the memory 11, the following steps can be implemented: determining an application program to which the http request belongs, and acquiring a preset extraction rule of the application program; determining the terminal type of the target terminal by using the preset extraction rule, and determining a rule weight of the preset extraction rule; and determining the rule weight as the request weight, and accumulating all the request weights to obtain the terminal weight.
Preferably, when the processor 12 executes the computer subprogram stored in the memory 11, the following steps can be implemented: capturing an http data packet in the http request to an application layer; judging whether the http data packet needs to be recombined or not by utilizing the application layer; if so, after the http data packet is recombined, performing data extraction on the recombined http data packet to determine an application program initiating the http request; and if not, directly extracting data of the http data packet, and determining an application program to which the http request belongs.
Preferably, when the processor 12 executes the computer subprogram stored in the memory 11, the following steps can be implemented: storing the terminal type, the application program and the corresponding request weight into a first preset list; and if the http request sent by the application program in the first preset list is not received within a preset time range, deleting the application program.
Preferably, when the processor 12 executes the computer subprogram stored in the memory 11, the following steps can be implemented: and after the application program is deleted, the request weight corresponding to the application program is reserved so that the request weight is extracted and accumulated after an http request sent by the application program is received next time.
Preferably, when the processor 12 executes the computer subprogram stored in the memory 11, the following steps can be implemented: acquiring a preset weight of the http request and a terminal type corresponding to the target terminal, and determining the total number of the http requests; and determining the request weight by using the preset weight and the total number, and accumulating all the request weights to obtain the terminal weight.
Preferably, when the processor 12 executes the computer subprogram stored in the memory 11, the following steps can be implemented: obtaining the UA type corresponding to the http request, and determining the type number of the UA type; judging whether the number of the types is larger than the number of preset types or not; and if so, judging the target terminal as a valid terminal.
Preferably, when the processor 12 executes the computer subprogram stored in the memory 11, the following steps can be implemented: and storing the terminal type and the UA type into a second preset list.
Preferably, when the processor 12 executes the computer subprogram stored in the memory 11, the following steps can be implemented: and sending an update instruction to a driving layer so that the driving layer updates the information of the target terminal in a terminal list corresponding to the current user.
On the basis of the above embodiment, as a preferred implementation, referring to fig. 12, the electronic device further includes:
and the input interface 13 is connected with the processor 12 and is used for acquiring computer programs, parameters and instructions imported from the outside, and storing the computer programs, parameters and instructions into the memory 11 under the control of the processor 12. The input interface 13 may be connected to an input device for receiving parameters or instructions manually input by a user. The input device may be a touch layer covered on a display screen, or a button, a track ball or a touch pad arranged on a terminal shell, or a keyboard, a touch pad or a mouse, etc.
A display unit 14, connected to the processor 12, for displaying data processed by the processor 12 and for displaying a visual user interface. The display unit 14 may be an LED display, a liquid crystal display, a touch-controlled liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, and the like.
And the network port 15 is connected with the processor 12 and is used for performing communication connection with each external terminal device. The communication technology adopted by the communication connection can be a wired communication technology or a wireless communication technology, such as a mobile high definition link (MHL) technology, a Universal Serial Bus (USB), a High Definition Multimedia Interface (HDMI), a wireless fidelity (WiFi), a bluetooth communication technology, a low power consumption bluetooth communication technology, an ieee802.11 s-based communication technology, and the like.
Fig. 12 shows only an electronic device with components 11-15, and those skilled in the art will appreciate that the structure shown in fig. 12 does not constitute a limitation of the electronic device, and may include fewer or more components than those shown, or some components may be combined, or a different arrangement of components.
The present application also provides a computer-readable storage medium, which may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk. The storage medium stores a computer program, and the computer program realizes any one of the above-mentioned shared internet access detection methods when executed by a processor.
According to the method and the device, the type of the target terminal can be obtained after the http request is obtained by presetting the corresponding weight, and the terminal weight of the target terminal is determined by using the request weight corresponding to the http request, so that whether the terminal is effective or not is judged according to the comparison result of the terminal weight and the preset threshold value, misjudgment caused by the influence of information nonstandard and non-uniform or the number of terminals is avoided, the type and the number of terminals of the effective terminal are finally obtained, shared internet access detection is realized, and the misjudgment rate of terminal detection is reduced.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the system disclosed by the embodiment, the description is relatively simple because the system corresponds to the method disclosed by the embodiment, and the relevant points can be referred to the method part for description. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (18)
1. A shared internet access detection method is characterized by comprising the following steps:
acquiring an http request;
acquiring a request weight corresponding to the http request and a terminal type of a target terminal, and determining a terminal weight of the target terminal by using the request weight;
judging whether the terminal weight is greater than a preset threshold value or not;
if yes, the target terminal is judged to be a valid terminal;
and counting the terminal types and the terminal quantity of all effective terminals.
2. The method according to claim 1, wherein the obtaining of the request weight corresponding to the http request and the terminal type of the target terminal and determining the terminal weight of the target terminal using the request weight comprises:
determining an application program to which the http request belongs, and acquiring a preset extraction rule of the application program;
determining the terminal type of the target terminal by using the preset extraction rule, and determining a rule weight of the preset extraction rule; the rule weight is corresponding to different application programs, and the number of the application programs corresponding to the rule weight is not less than two;
and determining the rule weight as the request weight, and accumulating all the request weights to obtain the terminal weight.
3. The method according to claim 2, wherein the determining the application program to which the http request belongs includes:
capturing an http data packet in the http request to an application layer;
judging whether the http data packet needs to be recombined or not by utilizing the application layer;
if so, after the http data packet is recombined, performing data extraction on the recombined http data packet to determine an application program initiating the http request;
and if not, directly extracting data of the http data packet, and determining an application program to which the http request belongs.
4. The method according to claim 2, further comprising, after obtaining the request weight corresponding to the http request and the terminal type of the target terminal:
storing the terminal type, the application program and the corresponding request weight into a first preset list;
and if the http request sent by the application program in the first preset list is not received within a preset time range, deleting the application program.
5. The method according to claim 4, further comprising, after deleting the application program:
and reserving the request weight corresponding to the application program so as to extract the request weight and perform accumulation calculation after receiving the http request sent by the application program next time.
6. The method according to claim 1, wherein the obtaining of the request weight corresponding to the http request and the terminal type of the target terminal and determining the terminal weight of the target terminal using the request weight comprises:
acquiring a preset weight of the http request and a terminal type corresponding to the target terminal, and determining the total number of the http requests;
and determining the request weight according to the preset weight and the total number by using an accumulation mode, and accumulating all the request weights to obtain the terminal weight.
7. The method according to claim 6, wherein after determining that the terminal weight is greater than the preset threshold, before determining the target terminal as the valid terminal, the method further comprises:
obtaining the UA type corresponding to the http request, and determining the type number of the UA type;
judging whether the number of the types is larger than the number of preset types or not;
and if so, judging the target terminal as a valid terminal.
8. The method according to claim 6, further comprising, after obtaining the UA type corresponding to the http request:
and storing the terminal type and the UA type into a second preset list.
9. The method according to any one of claims 1 to 8, further comprising, after determining the target terminal as a valid terminal:
and sending an update instruction to a driving layer so that the driving layer updates the information of the target terminal in a terminal list corresponding to the current user.
10. A shared internet access detection system is characterized by comprising:
the request acquisition module is used for acquiring an http request;
the weight determination module is used for acquiring a request weight corresponding to the http request and the terminal type of the target terminal, and determining a terminal weight of the target terminal by using the request weight;
the weight judgment module is used for judging whether the weight of the terminal is greater than a preset threshold value or not;
the first judging module is used for judging whether the target terminal is effective or not, and if the terminal weight is greater than the preset threshold, the target terminal is judged to be an effective terminal;
and the terminal counting module is used for counting the terminal types and the terminal quantity of all effective terminals.
11. The system of claim 10, wherein the weight determining module comprises:
the rule obtaining submodule is used for determining an application program to which the http request belongs and obtaining a preset extraction rule of the application program;
the weight determination submodule is used for determining the terminal type of the target terminal by using the preset extraction rule and determining the rule weight of the preset extraction rule; the rule weight is corresponding to different application programs, and the number of the application programs corresponding to the rule weight is not less than two;
and the weight accumulation submodule is used for determining the rule weight as the request weight, and accumulating all the request weights to obtain the terminal weight.
12. The system of claim 11, wherein the rule obtaining sub-module comprises:
the data packet capturing unit is used for capturing an http data packet in the http request to an application layer;
the recombination judging unit is used for judging whether the http data packet needs to be recombined or not by utilizing the application layer;
the first extraction unit is used for waiting for the completion of the recombination of the http data packet when the http data packet needs to be recombined, extracting data of the recombined http data packet and determining an application program for initiating the http request;
and the second extraction unit is used for directly extracting data of the http data packet and determining the application program to which the http request belongs when the http data packet does not need to be recombined.
13. The system of claim 11, further comprising:
the storage module is used for storing the terminal type, the application program and the corresponding request weight into a first preset list after acquiring the request weight corresponding to the http request and the terminal type of the target terminal;
and the deleting module is used for deleting the application program after the http request sent by the application program in the first preset list is not received within a preset time range.
14. The system of claim 10, wherein the weight determining module comprises:
the first determining submodule is used for acquiring a preset weight of the http request and a terminal type corresponding to the target terminal, and determining the total number of the http requests;
and the second determining submodule is used for determining the request weight according to the preset weight and the total number in an accumulation mode, and accumulating all the request weights to obtain the terminal weight.
15. The system of claim 14, further comprising:
the second obtaining module is used for obtaining the UA type corresponding to the http request and determining the type number of the UA type after judging that the obtained terminal weight is larger than the preset threshold value and before judging the target terminal as an effective terminal;
the type number judging module is used for judging whether the number of the types is larger than the number of the preset types or not;
and the second judging module is used for judging whether the target terminal is effective or not, and judging the target terminal as an effective terminal if the number of the types is greater than the preset number of the types.
16. The system according to any one of claims 10 to 15, further comprising:
and the updating module is used for sending an updating instruction to the driving layer so that the driving layer updates the information of the target terminal in the terminal list corresponding to the current user.
17. An electronic device, comprising:
a memory for storing a computer program;
a processor, configured to implement the method of detecting shared internet surfing as claimed in any one of claims 1 to 9 when executing the computer program.
18. A computer-readable storage medium, having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the method of shared internet detection as claimed in any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910452773.6A CN110149246B (en) | 2019-05-28 | 2019-05-28 | Shared internet access detection method and system, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910452773.6A CN110149246B (en) | 2019-05-28 | 2019-05-28 | Shared internet access detection method and system, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110149246A CN110149246A (en) | 2019-08-20 |
| CN110149246B true CN110149246B (en) | 2021-06-04 |
Family
ID=67593607
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910452773.6A Active CN110149246B (en) | 2019-05-28 | 2019-05-28 | Shared internet access detection method and system, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110149246B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115243248B (en) * | 2021-04-21 | 2023-09-01 | 中国移动通信集团湖南有限公司 | Method and device for identifying traffic sharing type of terminal and electronic equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006036500A2 (en) * | 2004-09-10 | 2006-04-06 | Tekelec | Methods, systems, and computer program products for dynamically adjusting load sharing distributions in response to changes in network conditions |
| CN102025567A (en) * | 2010-12-13 | 2011-04-20 | 成都市华为赛门铁克科技有限公司 | Sharing access detection method and related device |
| CN105813114A (en) * | 2016-03-07 | 2016-07-27 | 北京星网锐捷网络技术有限公司 | Method and device for confirming sharing host access |
| CN107086928A (en) * | 2017-04-11 | 2017-08-22 | 深信服科技股份有限公司 | The detection method and device of the shared network terminal |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103347030B (en) * | 2013-07-23 | 2016-04-06 | 熔点网讯(北京)科技有限公司 | A kind of network shares method |
| CN106992955A (en) * | 2016-01-20 | 2017-07-28 | 深圳市中电智慧信息安全技术有限公司 | APT fire walls |
-
2019
- 2019-05-28 CN CN201910452773.6A patent/CN110149246B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006036500A2 (en) * | 2004-09-10 | 2006-04-06 | Tekelec | Methods, systems, and computer program products for dynamically adjusting load sharing distributions in response to changes in network conditions |
| CN102025567A (en) * | 2010-12-13 | 2011-04-20 | 成都市华为赛门铁克科技有限公司 | Sharing access detection method and related device |
| CN105813114A (en) * | 2016-03-07 | 2016-07-27 | 北京星网锐捷网络技术有限公司 | Method and device for confirming sharing host access |
| CN107086928A (en) * | 2017-04-11 | 2017-08-22 | 深信服科技股份有限公司 | The detection method and device of the shared network terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110149246A (en) | 2019-08-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20160241589A1 (en) | Method and apparatus for identifying malicious website | |
| CN109768992B (en) | Webpage malicious scanning processing method and device, terminal device and readable storage medium | |
| CN106294219B (en) | Equipment identification and data processing method, device and system | |
| US10015253B2 (en) | System and method for preemptive request processing | |
| CN110611667B (en) | Dynamic position privacy protection method and device in edge computing environment | |
| TWI549017B (en) | Method and related apparatus for confirmation processing and system thereof | |
| CN102891891A (en) | Method and system for cross-device file transmission | |
| CN105468707A (en) | Cache-based data processing method and device | |
| WO2019061988A1 (en) | Wireless device-based positioning apparatus, method, and computer-readable storage medium | |
| WO2018040104A1 (en) | Method and device for sending search requests | |
| WO2015035897A1 (en) | Search methods, servers, and systems | |
| CN107426136B (en) | Network attack identification method and device | |
| WO2014180154A1 (en) | A method and apparatus for data communication | |
| CN103345498A (en) | Webpage loading method, device and system based on transit server | |
| CN110149246B (en) | Shared internet access detection method and system, electronic equipment and storage medium | |
| CN109688099B (en) | Server-side database collision identification method, device, equipment and readable storage medium | |
| CN103067465B (en) | Sharing files method and system | |
| WO2017193626A1 (en) | Threat detection method and apparatus, and network system | |
| WO2017096812A1 (en) | Webpage displaying method, mobile terminal, intelligent terminal, computer program, and storage medium | |
| CN108388616B (en) | Data collection device, method, system and computer readable storage medium | |
| WO2019085337A1 (en) | Positioning method based on signal data screening, electronic device and storage medium | |
| CN108319624B (en) | Data loading method and device | |
| CN108062459B (en) | Method and device for preventing page information from being captured | |
| WO2018233141A1 (en) | Data communication processing terminal and method and computer readable storage medium | |
| CN109450853B (en) | Malicious website determination method and device, terminal and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |