CN110177102A - Anti-attack method, electronic equipment, system and medium based on fringe node - Google Patents
Anti-attack method, electronic equipment, system and medium based on fringe node Download PDFInfo
- Publication number
- CN110177102A CN110177102A CN201910453146.4A CN201910453146A CN110177102A CN 110177102 A CN110177102 A CN 110177102A CN 201910453146 A CN201910453146 A CN 201910453146A CN 110177102 A CN110177102 A CN 110177102A
- Authority
- CN
- China
- Prior art keywords
- node
- transmitted
- fringe node
- application program
- fringe
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/107—Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
Abstract
The invention discloses a kind of anti-attack method based on fringe node, electronic equipment, system and media, which comprises obtains the nodal information of each fringe node;Node to be transmitted is determined according to the nodal information of each fringe node;Node to be transmitted described in encrypted transmission is to configuring interface document;When receiving the connection request that application program is sent by the configuration interface document, the application program is authenticated;When the application program passes through authentication, connection is established for the application program and the node to be transmitted.The present invention can prevent the attack of network based on fringe node, and while defence, due to there is the participation of each fringe node, effectively reduce cost.
Description
Technical field
The present invention relates to Internet technical fields, more particularly to the anti-attack method based on fringe node, electronic equipment, are
System and medium.
Background technique
With increasingly developed, the network attack increasingly day-to-day of internet, and face more and more common and high-incidence net
Network attack becomes current many cloud security factories using the defence that a large amount of node carries out flow 1:1 in the prior art scheme
The selection of quotient.
But above-mentioned defense mechanism usually requires that virtually continuous Internet protocol address, attacker beat in a computer room
How many flows, user then defend how many flow, and cost is sufficiently expensive.
Summary of the invention
The main purpose of the present invention is to provide anti-attack method, electronic equipment, system and medium based on fringe node,
It is intended to prevent the attack of network based on fringe node, and while defence, due to there is the participation of each fringe node, effectively drops
Low cost.
To achieve the above object, the present invention provides a kind of anti-attack method based on fringe node, which comprises
Obtain the nodal information of each fringe node;
Node to be transmitted is determined according to the nodal information of each fringe node;
Node to be transmitted described in encrypted transmission is to configuring interface document;
When receive application program by it is described configuration interface document send connection request when, to the application program into
Row authentication;
When the application program passes through authentication, connection is established for the application program and the node to be transmitted.
Preferably, when the nodal information of each fringe node can not be got, the method also includes:
Using distributed hash table algorithm probe node as the node to be transmitted.
Preferably, the nodal information according to each fringe node determines that node to be transmitted includes:
Internet Service Provider, number of network connections and the load of each fringe node are determined from the nodal information;
Obtain the first weight of the Internet Service Provider, the second weight of the number of network connections and described
The third weight of load;
According to the Internet Service Provider, the number of network connections, the load and first weight, institute
The second weight, the third weight are stated, the scoring of each fringe node is calculated;
By the scoring of each fringe node according to being ranked up from high to low;
The node of default position before coming is obtained as the node to be transmitted.
Preferably, node to be transmitted described in the encrypted transmission to configuration interface document includes:
The node to be transmitted is encrypted using RSA cryptographic algorithms;
By encrypted node-node transmission to be transmitted to the configuration interface document.
Preferably, after establishing connection with the node to be transmitted for the application program, when by Denial of Service attack
When, the method also includes:
The time-out of shaking hands of transmission control protocol is adjusted, until detecting completion of shaking hands;And/or
Transparent transmission is carried out using proxy server technology.
Preferably, described when being attacked by CC after establishing connection with the node to be transmitted for the application program
Method further include:
Control enters 302 access states;And/or
Corresponding visitation frequency is configured for each Internet protocol address, when the access frequency for having the first Internet protocol address
It is secondary when being more than or equal to corresponding first threshold, within a preset time, intercept the access of first Internet protocol address;
And/or
When the request header for detecting the second Internet protocol address is illegal, with intercepting second Internet protocol
The access of location;And/or
When having detected third Internet protocol address by attacking at a slow speed, the third Internet protocol address is intercepted
Access.
To achieve the above object, the present invention further provides a kind of electronic equipment, the electronic equipment includes:
Memory stores at least one instruction;And
Processor executes the instruction stored in the memory to realize the anti-attack method based on fringe node.
Preferably, the electronic equipment is the node of component content distribution network or block chain network.
To achieve the above object, the present invention further provides a kind of the attack protection system based on fringe node, the system
Include:
Acquiring unit, for obtaining the nodal information of each fringe node;
Determination unit, for determining node to be transmitted according to the nodal information of each fringe node;
Transmission unit, for node to be transmitted described in encrypted transmission to configuring interface document;
Authenticating unit, for when receive application program by it is described configuration interface document send connection request when, it is right
The application program is authenticated;
Connection unit, for when the application program passes through authentication, being the application program and the node to be transmitted
Establish connection.
Preferably, the system also includes:
Probe unit, for being calculated using distributed hashtable when the nodal information of each fringe node can not be got
Method probe node is as the node to be transmitted.
Preferably, the determination unit is specifically used for:
Internet Service Provider, number of network connections and the load of each fringe node are determined from the nodal information;
Obtain the first weight of the Internet Service Provider, the second weight of the number of network connections and described
The third weight of load;
According to the Internet Service Provider, the number of network connections, the load and first weight, institute
The second weight, the third weight are stated, the scoring of each fringe node is calculated;
By the scoring of each fringe node according to being ranked up from high to low;
The node of default position before coming is obtained as the node to be transmitted.
Preferably, the transmission unit is specifically used for:
The node to be transmitted is encrypted using RSA cryptographic algorithms;
By encrypted node-node transmission to be transmitted to the configuration interface document.
Preferably, the system also includes:
Adjustment unit, for being taken when by refusal after establishing connection with the node to be transmitted for the application program
When business attack, the time-out of shaking hands of transmission control protocol is adjusted, until detecting completion of shaking hands;And/or
Transparent transmission unit, for carrying out transparent transmission using proxy server technology.
Preferably, the system also includes:
Control unit, for being attacked when by CC after establishing connection with the node to be transmitted for the application program
When, control enters 302 access states;And/or
Interception unit, for configuring corresponding visitation frequency for each Internet protocol address, when there is the first internet protocol
When discussing the visitation frequency of address more than or equal to corresponding first threshold, within a preset time, first internet is intercepted
The access of protocol address;And/or
The interception unit is also used to when the request header for detecting the second Internet protocol address is illegal, is intercepted
The access of second Internet protocol address;And/or
The interception unit is also used to when having detected third Internet protocol address by attacking at a slow speed, intercepts institute
State the access of third Internet protocol address.
To achieve the above object, the present invention further provides a kind of computer program products, including computer instruction, when it
When running on computers, computer is allowed to execute the anti-attack method based on fringe node.
In conclusion the present invention can obtain the nodal information of each fringe node, and according to the section of each fringe node
Point information determines node to be transmitted, and node to be transmitted described in further encrypted transmission is to configuring interface document, when receiving application
When the connection request that program is sent by the configuration interface document, the application program is authenticated, applies journey when described
When sequence passes through authentication, connection is established for the application program and the node to be transmitted, to prevent network based on fringe node
Attack, and defence while, due to there is the participation of each fringe node, effectively reduce cost.
Detailed description of the invention
Fig. 1 is the flow diagram of one embodiment of the invention;
Fig. 2 is the schematic diagram of internal structure for the electronic equipment that one embodiment of the invention discloses;
Fig. 3 is that the present invention is based on the functional block diagrams of the attack protection system of fringe node;
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Main element symbol description
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that described herein, specific examples are only used to explain the present invention, not
For limiting the present invention.Based on the embodiments of the present invention, those of ordinary skill in the art are not before making creative work
Every other embodiment obtained is put, shall fall within the protection scope of the present invention.
The description and claims of this application and term " first ", " second ", " third ", " in above-mentioned attached drawing
The (if present)s such as four " are to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should manage
The data that solution uses in this way are interchangeable under appropriate circumstances, so that the embodiments described herein can be in addition to illustrating herein
Or the sequence other than the content of description is implemented.In addition, term " includes " and " having " and their any deformation, it is intended that
Cover it is non-exclusive include, for example, containing the process, method, system, product or equipment of a series of steps or units need not limit
In step or unit those of is clearly listed, but may include be not clearly listed or for these process, methods, produce
The other step or units of product or equipment inherently.
It should be noted that the description for being related to " first ", " second " etc. in the present invention is used for description purposes only, and cannot
It is interpreted as its relative importance of indication or suggestion or implicitly indicates the quantity of indicated technical characteristic.Define as a result, " the
One ", the feature of " second " can explicitly or implicitly include at least one of the features.In addition, the skill between each embodiment
Art scheme can be combined with each other, but must be based on can be realized by those of ordinary skill in the art, when technical solution
Will be understood that the combination of this technical solution is not present in conjunction with there is conflicting or cannot achieve when, also not the present invention claims
Protection scope within.
The present invention provides a kind of anti-attack method based on fringe node.
Referring to Fig.1, Fig. 1 is the flow diagram of one embodiment of the invention.According to different requirements, in the flow diagram
The sequence of step can change, and certain steps can be omitted.
The anti-attack method based on fringe node is applied in one or more electronic equipment, the electronic equipment
It is that one kind can be according to the instruction for being previously set or storing, the automatic equipment for carrying out numerical value calculating and/or information processing, the electricity
The hardware of sub- equipment includes but is not limited to microprocessor, specific integrated circuit (Application Specific Integrated
Circuit, ASIC), programmable gate array (Field-Programmable Gate Array, FPGA), digital processing unit
(Digital Signal Processor, DSP), embedded device etc..
The electronic equipment can be any electronic product that human-computer interaction can be carried out with user, for example, personal meter
Calculation machine, tablet computer, smart phone, personal digital assistant (Personal Digital Assistant, PDA), game machine, friendship
Mutual formula Web TV (Internet Protocol Television, IPTV), intellectual wearable device etc..
The electronic equipment can also include the network equipment and/or user equipment.Wherein, the network equipment includes, but
It is not limited to single network server, the server group of multiple network servers composition or based on cloud computing (Cloud
Computing the cloud being made of a large amount of hosts or network server).
Network locating for the electronic equipment include but is not limited to internet, wide area network, Metropolitan Area Network (MAN), local area network, it is virtual specially
With network (Virtual Private Network, VPN) etc..
In one embodiment, this method comprises:
S10 obtains the nodal information of each fringe node.
In at least one embodiment of the present invention, the fringe node includes various user nodes, and since user saves
The diversity of point, therefore, the fringe node also has different performances.
Such as: the fringe node can be the node by Intelligent hardware (such as: playing objective cloud) connection network, can also be with
It is using the node of the routing device connection network of any manufacturer, the present invention does not limit herein.
In at least one embodiment of the present invention, the nodal information includes, but are not limited to following one or more
Combination:
Internet Service Provider (Internet Service Provider, ISP), number of network connections, and load.
It at least one embodiment of the present invention, may include an overall control center in network system, by described total
Control center arranges the nodal information of each fringe node.
Further, the fringe node may include distribution node and defence node.Wherein, the distribution node is main
For distribution node etc., and the defence node is then mainly used for being on the defensive to various network attacks.
Further, the nodal information of each fringe node is obtained from the overall control center by the distribution node.
In at least one embodiment of the present invention, described when the nodal information of each fringe node can not be got
Method further include:
The electronic equipment uses distributed hash table algorithm (Distributed Hash Table, DHT) probe node
As the node to be transmitted.
, can be in the distribution node due to lost contacts whole by attack by above embodiment, i.e., the described electronics is set
When the standby nodal information that can not get each fringe node, detected using distributed hash table algorithm decentralization,
And random probing is to interim, available node, when under attack, still not influence to operate normally.
S11 determines node to be transmitted according to the nodal information of each fringe node.
In at least one embodiment of the present invention, the node to be transmitted may include multiple (such as: 5-10), so as to
After a node is attacked, there are also other nodes can be used, and then avoids causing the normal use of network due to attack
It influences.
In at least one embodiment of the present invention, the electronic equipment is determined according to the nodal information of each fringe node
Node to be transmitted includes:
The electronic equipment determines that the Internet Service Provider of each fringe node, network connect from the nodal information
Number and load are connect, and obtains the first weight of the Internet Service Provider, the second weight of the number of network connections, and
The third weight of the load, the electronic equipment is according to the Internet Service Provider, number of network connections, described negative
Load and first weight, second weight, the third weight, calculate the scoring of each fringe node, and will be each
According to being ranked up from high to low, the electronic equipment is obtained described in the node conduct for coming preceding default position for the scoring of fringe node
Node to be transmitted.
It is understood that the electronic equipment will preferentially select have identical fortune when determining the node to be transmitted
The node of quotient is sought, also, the fewer the number of network connections the better, the lower the load then the better.
Further, based on different business demands, the demand to bandwidth etc. is also different, therefore, first power
Weight, second weight and the third weight also will be different, i.e., described first weight, second weight and third power
Weight can be configured according to actual needs, and the present invention does not limit herein.
By above embodiment, the electronic equipment can get optimal section to be transmitted for different situations
Point, and then node is forwarded in right amount, and determine nearest and optimal transmission path, accelerate connection.
S12, node to be transmitted described in encrypted transmission is to configuring interface document.
In at least one embodiment of the present invention, the configuration interface document may include SDK (Software
Development Kit, Software Development Kit), the SDK can be integrated into application program, for user's networking.
In at least one embodiment of the present invention, node to be transmitted described in the electronic equipment encrypted transmission to configuration connects
Mouthful document includes:
The electronic equipment encrypts the node to be transmitted using RSA cryptographic algorithms, and by encrypted node to be transmitted
It is transmitted to the configuration interface document.
Wherein, the RSA cryptographic algorithms are a kind of rivest, shamir, adelmans, have safe and efficient characteristic.
It is understood that since the node to be transmitted cannot expose in a network, in order to avoid by hacker attack, because
This, the electronic equipment encrypts the node to be transmitted using RSA cryptographic algorithms, to realize safe transmission.
Specifically, the electronic equipment can be using RSA cryptographic algorithms to the IP (Internet of the node to be transmitted
Protocol Address, Internet protocol address) it is encrypted.
Further, after encryption, in order to reduce development cost, the electronic equipment can also be by the node to be transmitted
It is mounted under same or same group of domain name, the present invention does not limit.
S13 applies journey to described when receiving the connection request that application program is sent by the configuration interface document
Sequence is authenticated.
In at least one embodiment of the present invention, the electronic equipment is after encrypting the node to be transmitted,
A key will be generated.
Further, the electronic equipment verifies the key of the application program, to realize the mirror to the application program
Power.
In at least one embodiment of the present invention, in order to further increase the safety of transmission, the electronic equipment is also
Shell adding processing can be carried out to the key and further protect the node to be transmitted to hide the node to be transmitted.
S14 establishes connection when the application program passes through authentication for the application program and the node to be transmitted.
In at least one embodiment of the present invention, connection is being established for the application program and the node to be transmitted
Afterwards, when by Denial of Service attack (SYN Flood), the method also includes:
(1) electronic equipment adjusts transmission control protocol (Transmission Control Protocol, TCP)
Shake hands overtime (TimeOut), until detecting completion of shaking hands.
Specifically, the TimeOut of the electronic equipment adjustment TCP three-way handshake, until detecting that TCP three-way handshake is complete
At to bear semi-connection state.
(2) electronic equipment carries out transparent transmission using proxy server technology (Proxy Server).
Specifically, the electronic equipment uses proxy server technology, is transferred to user's in the data for needing user
Meanwhile guaranteeing that the IP of real server is not exposed, and then effectively increase the safety of server.
In at least one embodiment of the present invention, connection is being established for the application program and the node to be transmitted
Afterwards, when attacking (ChallengeCollapsar) by CC, the method also includes:
(1) the electronic equipment control enters 302 access states.
Specifically, the electronic equipment control attacker jumps in preconfigured server, to protect really clothes
Business device, and then effectively avoid unauthorized access.
(2) electronic equipment is that each Internet protocol address configures corresponding visitation frequency, when there is the first internet
When the visitation frequency of protocol address is more than or equal to corresponding first threshold, within a preset time, the electronic equipment is intercepted
The access of first Internet protocol address.
Wherein, the preset time can be custom-configured, such as 20 minutes.
By above embodiment, different visitation frequencies is formulated for different clients, to carry out specific aim to user
Protection.
(3) when the request header (Header) for detecting the second Internet protocol address is illegal, the electronic equipment
Intercept the access of second Internet protocol address.
Specifically, when detecting in the request header there is no key-value pair (Key-Value), the electronic equipment is intercepted
The access of second Internet protocol address, to avoid unauthorized access.
(4) when having detected third Internet protocol address by attacking at a slow speed, the electronic equipment intercepts described the
The access of three Internet protocol addresses.
Wherein, described the case where attack refers in a long time, receives only several characters at a slow speed.
By above embodiment, harm caused by attacking at a slow speed can be effectively prevent.
In conclusion the present invention can obtain the nodal information of each fringe node, and according to the section of each fringe node
Point information determines node to be transmitted, and node to be transmitted described in further encrypted transmission is to configuring interface document, when receiving application
When the connection request that program is sent by the configuration interface document, the application program is authenticated, applies journey when described
When sequence passes through authentication, connection is established for the application program and the node to be transmitted, to prevent network based on fringe node
Attack, and defence while, due to there is the participation of each fringe node, effectively reduce cost.
Referring to fig. 2, in the present embodiment, the electronic equipment 1 be it is a kind of can according to the instruction for being previously set or storing,
The automatic equipment for carrying out numerical value calculating and/or information processing, hardware includes but is not limited to microprocessor, specific integrated circuit
(Application Specific Integrated Circuit, ASIC), programmable gate array (Field-
Programmable Gate Array, FPGA), it is digital processing unit (Digital Signal Processor, DSP), embedded
Equipment etc..
The electronic equipment 1, which can also be but not limited to any one, to pass through keyboard, mouse, remote controler, touching with user
The modes such as template or voice-operated device carry out the electronic product of human-computer interaction, for example, personal computer (Personal Computer,
PC), tablet computer, smart phone, personal digital assistant (Personal Digital Assistant, PDA), game machine, friendship
Mutual formula Web TV (Internet Protocol Television, IPTV), intellectual wearable device, palm PC, just
The calculating such as computer, intelligent router, mine machine, network storage equipment terminal device, desktop PC, cloud server are taken to set
It is standby etc..
Network locating for the electronic equipment 1 include but is not limited to internet, wide area network, Metropolitan Area Network (MAN), local area network, it is virtual specially
With network (Virtual Private Network, VPN) etc..
The electronic equipment 1 can be the node of component content distribution network or block chain network.
The electronic equipment 1 may include memory 12, processor 13 and bus, can also include being stored in the storage
In device 12 and the computer program that can be run on the processor 13, such as the attack protection program based on fringe node.
It will be understood by those skilled in the art that the schematic diagram is only the example of electronic equipment 1, not structure paired electrons
The restriction of equipment 1 may include perhaps combining certain components or different components, example than illustrating more or fewer components
Such as described electronic equipment 1 can also include input-output equipment, network access equipment.
Wherein, memory 12 include at least a type of readable storage medium storing program for executing, the readable storage medium storing program for executing include flash memory,
Mobile hard disk, multimedia card, card-type memory (for example, SD or DX memory etc.), magnetic storage, disk, CD etc..Storage
Device 12 can be the internal storage unit of electronic equipment 1, such as the mobile hard disk of the electronic equipment 1 in some embodiments.It deposits
What reservoir 12 was also possible to be equipped on the External memory equipment of electronic equipment 1, such as electronic equipment 1 in further embodiments inserts
Formula mobile hard disk, intelligent memory card (Smart Media Card, SMC) are connect, secure digital (Secure Digital, SD) blocks,
Flash card (Flash Card) etc..Further, memory 12 can also both include the internal storage unit of electronic equipment 1 or wrap
Include External memory equipment.Memory 12 can be not only used for the application software and Various types of data that storage is installed on electronic equipment 1, example
Such as code of the attack protection program based on fringe node, can be also used for temporarily storing and has exported or will export
Data.
Processor 13 can be in some embodiments a central processing unit (Central Processing Unit,
CPU), controller, microcontroller, microprocessor or other data processing chips, the program for being stored in run memory 12
Code or processing data, such as execute the attack protection program etc. based on fringe node.
The processor 13 executes the operating system of the electronic equipment 1 and the types of applications program of installation.The place
Reason device 13 executes the application program to realize the step in above-mentioned each anti-attack method embodiment based on fringe node, example
Step S10, S11, S12, S13, S14 as shown in Figure 1.
Alternatively, the processor 13 realizes each module in above-mentioned each Installation practice/mono- when executing the computer program
The function of member, such as: obtain the nodal information of each fringe node;It is determined according to the nodal information of each fringe node to be transmitted
Node;Node to be transmitted described in encrypted transmission is to configuring interface document;Pass through the configuration interface text when receiving application program
When the connection request that shelves are sent, the application program is authenticated;It is the application when the application program passes through authentication
Program and the node to be transmitted establish connection.
The bus can be Peripheral Component Interconnect standard (peripheral component interconnect, abbreviation
PCI) bus or expanding the industrial standard structure (extended industry standard architecture, abbreviation EISA)
Bus etc..The bus can be divided into address bus, data/address bus, control bus etc..For convenient for indicating, only with an arrow in Fig. 2
Head indicates, it is not intended that an only bus or a type of bus.
Illustratively, the computer program can be divided into one or more module/units, one or more
A module/unit is stored in the memory 12, and is executed by the processor 13, to complete the present invention.It is one
Or multiple module/units can be the series of computation machine program instruction section that can complete specific function, the instruction segment is for retouching
State implementation procedure of the computer program in the electronic equipment 1.It is obtained for example, the computer program can be divided into
Take unit 110, determination unit 111, transmission unit 112, authenticating unit 113, connection unit 114, probe unit 115, adjustment single
Member 116, control unit 117, interception unit 118 and transparent transmission unit 119.
Further, electronic equipment can also include network interface, network interface optionally may include wireline interface and/
Or wireless interface (such as WI-FI interface, blue tooth interface), commonly used in being built between the electronic equipment 1 and other electronic equipments
Vertical communication connection.
Optionally, the electronic equipment 1 can also include user interface, user interface may include display (Display),
Input unit such as keyboard (Keyboard), optional user interface can also include standard wireline interface and wireless interface.It can
Selection of land, in some embodiments, display can be light-emitting diode display, liquid crystal display, touch-control liquid crystal display and OLED
(Organic Light-Emitting Diode, Organic Light Emitting Diode) touches device etc..Wherein, display can also be appropriate
Referred to as display screen or display unit, for showing the information handled in the electronic device 1 and for showing visual user
Interface.
If the integrated module/unit of the electronic equipment 1 is realized in the form of SFU software functional unit and as independent
Product when selling or using, can store in a computer readable storage medium.Based on this understanding, the present invention is real
All or part of the process in existing above-described embodiment method, can also instruct relevant hardware come complete by computer program
At the computer program can be stored in a computer readable storage medium, which is being executed by processor
When, it can be achieved that the step of above-mentioned each embodiment of the method.
Wherein, the computer program includes computer program code, and the computer program code can be source code
Form, object identification code form, executable file or certain intermediate forms etc..The computer-readable medium may include: can
Carry any entity or device, recording medium, USB flash disk, mobile hard disk, magnetic disk, CD, computer of the computer program code
Memory, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access
Memory), electric carrier signal, telecommunication signal and software distribution medium etc..It should be noted that the computer-readable medium
The content for including can carry out increase and decrease appropriate according to the requirement made laws in jurisdiction with patent practice, such as in certain departments
Method administrative area does not include electric carrier signal and telecommunication signal according to legislation and patent practice, computer-readable medium.
Fig. 2 is illustrated only with component 12-13, and the electronic equipment 1 of the attack protection program based on fringe node, ability
Field technique personnel it is understood that Fig. 2 shows structure do not constitute the restriction to the electronic equipment 1, may include ratio
It illustrates less perhaps more components and perhaps combines certain components or different component layouts.
In conjunction with Fig. 1, it is a kind of based on edge section to realize that the memory 12 in the electronic equipment 1 stores multiple instruction
The multiple instruction can be performed to realize in the anti-attack method of point, the processor 13: obtaining the node of each fringe node
Information;Node to be transmitted is determined according to the nodal information of each fringe node;Node to be transmitted described in encrypted transmission to configuration connects
Mouth document;When receive application program by it is described configuration interface document send connection request when, to the application program into
Row authentication;When the application program passes through authentication, connection is established for the application program and the node to be transmitted.
Preferred embodiment according to the present invention, the processor 13 also execute multiple instruction and include:
Using distributed hash table algorithm probe node as the node to be transmitted.
Preferred embodiment according to the present invention, the processor 13 also execute multiple instruction and include:
Internet Service Provider, number of network connections and the load of each fringe node are determined from the nodal information;
Obtain the first weight of the Internet Service Provider, the second weight of the number of network connections and described
The third weight of load;
According to the Internet Service Provider, the number of network connections, the load and first weight, institute
The second weight, the third weight are stated, the scoring of each fringe node is calculated;
By the scoring of each fringe node according to being ranked up from high to low;
The node of default position before coming is obtained as the node to be transmitted.
Preferred embodiment according to the present invention, the processor 13 also execute multiple instruction and include:
The node to be transmitted is encrypted using RSA cryptographic algorithms;
By encrypted node-node transmission to be transmitted to the configuration interface document.
Preferred embodiment according to the present invention, the processor 13 also execute multiple instruction and include:
The time-out of shaking hands of transmission control protocol is adjusted, until detecting completion of shaking hands;And/or
Transparent transmission is carried out using proxy server technology.
Preferred embodiment according to the present invention, the processor 13 also execute multiple instruction and include:
Control enters 302 access states;And/or
Corresponding visitation frequency is configured for each Internet protocol address, when the access frequency for having the first Internet protocol address
It is secondary when being more than or equal to corresponding first threshold, within a preset time, intercept the access of first Internet protocol address;
And/or
When the request header for detecting the second Internet protocol address is illegal, with intercepting second Internet protocol
The access of location;And/or
When having detected third Internet protocol address by attacking at a slow speed, the third Internet protocol address is intercepted
Access.
Referring to Fig. 3, for the present invention is based on the functional block diagrams of the attack protection system of fringe node.It is described to be based on edge
The attack protection system 11 of node includes acquiring unit 110, determination unit 111, transmission unit 112, authenticating unit 113, connection list
Member 114, probe unit 115, adjustment unit 116, control unit 117, interception unit 118 and transparent transmission unit 119.Alleged by the present invention
Module/unit refer to that one kind can be performed by processor 13, and the series of computation machine journey of fixed function can be completed
Sequence section, storage is in memory 12.It in the present embodiment, will be in subsequent embodiment about the function of each module/unit
It is described in detail.
Acquiring unit 110 obtains the nodal information of each fringe node.
In at least one embodiment of the present invention, the fringe node includes various user nodes, and since user saves
The diversity of point, therefore, the fringe node also has different performances.
Such as: the fringe node can be the node by Intelligent hardware (such as: playing objective cloud) connection network, can also be with
It is using the node of the routing device connection network of any manufacturer, the present invention does not limit herein.
In at least one embodiment of the present invention, the nodal information includes, but are not limited to following one or more
Combination:
Internet Service Provider (Internet Service Provider, ISP), number of network connections, and load.
It at least one embodiment of the present invention, may include an overall control center in network system, by described total
Control center arranges the nodal information of each fringe node.
Further, the fringe node may include distribution node and defence node.Wherein, the distribution node is main
For distribution node etc., and the defence node is then mainly used for being on the defensive to various network attacks.
Further, the nodal information of each fringe node is obtained from the overall control center by the distribution node.
In at least one embodiment of the present invention, described when the nodal information of each fringe node can not be got
Method further include:
Probe unit 115 is made using distributed hash table algorithm (Distributed Hash Table, DHT) probe node
For the node to be transmitted.
, can be in the distribution node due to lost contacts whole by attack by above embodiment, i.e., the described acquisition is single
When member 110 can not get the nodal information of each fringe node, the probe unit 115 is gone using distributed hash table algorithm
It is detected to centralization, and random probing is to interim, available node, it is normal still not influence when under attack
Operation.
Determination unit 111 determines node to be transmitted according to the nodal information of each fringe node.
In at least one embodiment of the present invention, the node to be transmitted may include multiple (such as: 5-10), so as to
After a node is attacked, there are also other nodes can be used, and then avoids causing the normal use of network due to attack
It influences.
In at least one embodiment of the present invention, the determination unit 111 is according to the nodal information of each fringe node
Determine that node to be transmitted includes:
The determination unit 111 determines Internet Service Provider, the net of each fringe node from the nodal information
Network connection number and load, and the first weight of the Internet Service Provider, the second weight of the number of network connections are obtained,
And the third weight of the load, the determination unit 111 is according to the Internet Service Provider, the network connection
Several, the described load and first weight, second weight, the third weight, calculate commenting for each fringe node
Point, and by the scoring of each fringe node according to being ranked up from high to low, the acquisition of determination unit 111 presets position before coming
Node as the node to be transmitted.
It is understood that the determination unit 111 will preferentially select to have identical when determining the node to be transmitted
The node of operator, also, the fewer the number of network connections the better, and the lower the load then the better.
Further, based on different business demands, the demand to bandwidth etc. is also different, therefore, first power
Weight, second weight and the third weight also will be different, i.e., described first weight, second weight and third power
Weight can be configured according to actual needs, and the present invention does not limit herein.
By above embodiment, the determination unit 111 can get optimal to be transmitted for different situations
Node, and then node is forwarded in right amount, and determine nearest and optimal transmission path, accelerate connection.
Node to be transmitted described in 112 encrypted transmission of transmission unit is to configuring interface document.
In at least one embodiment of the present invention, the configuration interface document may include SDK (Software
Development Kit, Software Development Kit), the SDK can be integrated into application program, for user's networking.
In at least one embodiment of the present invention, node to be transmitted described in 112 encrypted transmission of transmission unit is to matching
Setting interface document includes:
The transmission unit 112 encrypts the node to be transmitted using RSA cryptographic algorithms, and by encrypted section to be transmitted
Point is transmitted to the configuration interface document.
Wherein, the RSA cryptographic algorithms are a kind of rivest, shamir, adelmans, have safe and efficient characteristic.
It is understood that since the node to be transmitted cannot expose in a network, in order to avoid by hacker attack, because
This, the transmission unit 112 encrypts the node to be transmitted using RSA cryptographic algorithms, to realize safe transmission.
Specifically, the transmission unit 112 can be using RSA cryptographic algorithms to the IP of the node to be transmitted
(Internet Protocol Address, Internet protocol address) is encrypted.
Further, after encryption, in order to reduce development cost, the transmission unit 112 can also will be described to be transmitted
Node is mounted under same or same group of domain name, and the present invention does not limit.
When receiving the connection request that application program is sent by the configuration interface document, 113 pairs of institutes of authenticating unit
Application program is stated to be authenticated.
In at least one embodiment of the present invention, the transmission unit 112 is encrypted to the node to be transmitted
Afterwards, a key will be generated.
Further, the authenticating unit 113 verifies the key of the application program, to realize to the application program
Authentication.
In at least one embodiment of the present invention, in order to further increase the safety of transmission, the transmission unit 112
Shell adding processing can also be carried out to the key and further protect the node to be transmitted to hide the node to be transmitted.
When the application program passes through authentication, connection unit 114 is that the application program is built with the node to be transmitted
Vertical connection.
In at least one embodiment of the present invention, connection is being established for the application program and the node to be transmitted
Afterwards, when by Denial of Service attack (SYN Flood), the method also includes:
(1) adjustment unit 116 adjusts holding for transmission control protocol (Transmission Control Protocol, TCP)
Hand time-out (TimeOut), until detecting completion of shaking hands.
Specifically, the adjustment unit 116 adjusts the TimeOut of TCP three-way handshake, until detecting TCP three-way handshake
It completes, to bear semi-connection state.
(2) transparent transmission unit 119 carries out transparent transmission using proxy server technology (Proxy Server).
Specifically, the transparent transmission unit 119 uses proxy server technology, is transferred to user in the data for needing user
While, guarantee that the IP of real server is not exposed, and then effectively increase the safety of server.
In at least one embodiment of the present invention, connection is being established for the application program and the node to be transmitted
Afterwards, when attacking (ChallengeCollapsar) by CC, the method also includes:
(1) control of control unit 117 enters 302 access states.
Specifically, described control unit 117 controls attacker and jumps in preconfigured server, real to protect
Server, and then effectively avoid unauthorized access.
(2) interception unit 118 is that each Internet protocol address configures corresponding visitation frequency, when there is the first internet protocol
When discussing the visitation frequency of address more than or equal to corresponding first threshold, within a preset time, the interception unit 118 is intercepted
The access of first Internet protocol address.
Wherein, the preset time can be custom-configured, such as 20 minutes.
By above embodiment, different visitation frequencies is formulated for different clients, to carry out specific aim to user
Protection.
(3) when the request header (Header) for detecting the second Internet protocol address is illegal, the interception unit
118 intercept the access of second Internet protocol address.
Specifically, when detecting in the request header there is no key-value pair (Key-Value), the interception unit 118
The access for intercepting second Internet protocol address, to avoid unauthorized access.
(4) when having detected third Internet protocol address by attacking at a slow speed, the interception unit 118 intercepts described
The access of third Internet protocol address.
Wherein, described the case where attack refers in a long time, receives only several characters at a slow speed.
By above embodiment, harm caused by attacking at a slow speed can be effectively prevent.
In conclusion the present invention can obtain the nodal information of each fringe node, and according to the section of each fringe node
Point information determines node to be transmitted, and node to be transmitted described in further encrypted transmission is to configuring interface document, when receiving application
When the connection request that program is sent by the configuration interface document, the application program is authenticated, applies journey when described
When sequence passes through authentication, connection is established for the application program and the node to be transmitted, to prevent network based on fringe node
Attack, and defence while, due to there is the participation of each fringe node, effectively reduce cost.
In the above-described embodiments, can come wholly or partly by software, hardware, firmware or any combination thereof real
It is existing.When implemented in software, it can entirely or partly realize in the form of a computer program product.
The computer program product includes one or more computer instructions.Load and execute on computers the meter
When calculation machine program instruction, entirely or partly generate according to process or function described in the embodiment of the present invention.The computer can
To be general purpose computer, special purpose computer, computer network or other programmable devices.The computer instruction can be deposited
Storage in a computer-readable storage medium, or from a computer readable storage medium to another computer readable storage medium
Transmission, for example, the computer instruction can pass through wired (example from a web-site, computer, server or data center
Such as coaxial cable, optical fiber, Digital Subscriber Line (DSL)) or wireless (such as infrared, wireless, microwave) mode to another website
Website, computer, server or data center are transmitted.The computer readable storage medium can be computer and can deposit
Any usable medium of storage either includes that the data storages such as one or more usable mediums integrated server, data center are set
It is standby.The usable medium can be magnetic medium, (for example, floppy disk, mobile hard disk, tape), optical medium (for example, DVD) or
Semiconductor medium (such as solid-state mobile hard disk Solid State Disk (SSD)) etc..
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed system, device and method can be with
It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the unit
It divides, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components
It can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown or
The mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, the indirect coupling of device or unit
It closes or communicates to connect, can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product
When, it can store in a computer readable storage medium.Based on this understanding, the technical solution of the application is substantially
The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words
It embodies, which is stored in a storage medium, including some instructions are used so that a computer
Equipment (can be personal computer, server or the network equipment etc.) executes the complete of each embodiment the method for the application
Portion or part steps.And storage medium above-mentioned includes: USB flash disk, mobile mobile hard disk, read-only memory (ROM, Read-Only
Memory), random access memory (RAM, Random Access Memory), magnetic or disk etc. are various can store journey
The medium of sequence code.
It should be noted that the serial number of the above embodiments of the invention is only for description, do not represent the advantages or disadvantages of the embodiments.And
The terms "include", "comprise" herein or any other variant thereof is intended to cover non-exclusive inclusion, so that packet
Process, device, article or the method for including a series of elements not only include those elements, but also including being not explicitly listed
Other element, or further include for this process, device, article or the intrinsic element of method.Do not limiting more
In the case where, the element that is limited by sentence "including a ...", it is not excluded that including process, device, the article of the element
Or there is also other identical elements in method.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills
Art field, is included within the scope of the present invention.
Claims (10)
1. a kind of anti-attack method based on fringe node, which is characterized in that the described method includes:
Obtain the nodal information of each fringe node;
Node to be transmitted is determined according to the nodal information of each fringe node;
Node to be transmitted described in encrypted transmission is to configuring interface document;
When receiving the connection request that application program is sent by the configuration interface document, reflect to the application program
Power;
When the application program passes through authentication, connection is established for the application program and the node to be transmitted.
2. as described in claim 1 based on the anti-attack method of fringe node, which is characterized in that when each side can not be got
When the nodal information of edge node, the method also includes:
Using distributed hash table algorithm probe node as the node to be transmitted.
3. as described in claim 1 based on the anti-attack method of fringe node, which is characterized in that described according to each edge section
The nodal information of point determines that node to be transmitted includes:
Internet Service Provider, number of network connections and the load of each fringe node are determined from the nodal information;
Obtain the first weight of the Internet Service Provider, the second weight of the number of network connections and the load
Third weight;
According to the Internet Service Provider, the number of network connections, the load and first weight, described
Two weights, the third weight, calculate the scoring of each fringe node;
By the scoring of each fringe node according to being ranked up from high to low;
The node of default position before coming is obtained as the node to be transmitted.
4. as described in claim 1 based on the anti-attack method of fringe node, which is characterized in that described in the encrypted transmission to
Transmission node extremely configures interface document
The node to be transmitted is encrypted using RSA cryptographic algorithms;
By encrypted node-node transmission to be transmitted to the configuration interface document.
5. as described in claim 1 based on the anti-attack method of fringe node, which is characterized in that for the application program with
After the node to be transmitted establishes connection, when by Denial of Service attack, the method also includes:
The time-out of shaking hands of transmission control protocol is adjusted, until detecting completion of shaking hands;And/or
Transparent transmission is carried out using proxy server technology.
6. as described in claim 1 based on the anti-attack method of fringe node, which is characterized in that for the application program with
After the node to be transmitted establishes connection, when being attacked by CC, the method also includes:
Control enters 302 access states;And/or
Corresponding visitation frequency is configured for each Internet protocol address, when there is the visitation frequency of the first Internet protocol address big
When corresponding first threshold, within a preset time, the access of first Internet protocol address is intercepted;And/
Or
When the request header for detecting the second Internet protocol address is illegal, second Internet protocol address is intercepted
Access;And/or
When having detected third Internet protocol address by attacking at a slow speed, the visit of the third Internet protocol address is intercepted
It asks.
7. a kind of electronic equipment, which is characterized in that the electronic equipment includes:
Memory stores at least one instruction;And
Processor, execute the instruction that stores in the memory with realize as described in any one of claim 1 to 6 based on
The anti-attack method of fringe node.
8. electronic equipment according to claim 7, which is characterized in that the electronic equipment be component content distribution network or
The node of person's block chain network.
9. a kind of attack protection system based on fringe node, which is characterized in that the system comprises:
Acquiring unit, for obtaining the nodal information of each fringe node;
Determination unit, for determining node to be transmitted according to the nodal information of each fringe node;
Transmission unit, for node to be transmitted described in encrypted transmission to configuring interface document;
Authenticating unit, for when receive application program by it is described configuration interface document send connection request when, to described
Application program is authenticated;
Connection unit, for when the application program passes through authentication, being that the application program and the node to be transmitted are established
Connection.
10. a kind of computer readable storage medium, which is characterized in that be stored on the computer readable storage medium based on side
The attack protection program of edge node, the attack protection program based on fringe node can be executed by one or more processor, with
Realize such as the anti-attack method described in any one of claims 1 to 6 based on fringe node.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910453146.4A CN110177102A (en) | 2019-05-28 | 2019-05-28 | Anti-attack method, electronic equipment, system and medium based on fringe node |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910453146.4A CN110177102A (en) | 2019-05-28 | 2019-05-28 | Anti-attack method, electronic equipment, system and medium based on fringe node |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110177102A true CN110177102A (en) | 2019-08-27 |
Family
ID=67695797
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910453146.4A Pending CN110177102A (en) | 2019-05-28 | 2019-05-28 | Anti-attack method, electronic equipment, system and medium based on fringe node |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110177102A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110191139A (en) * | 2019-07-17 | 2019-08-30 | 中国联合网络通信集团有限公司 | A kind of method for authenticating and system, the method for accessing terminal to network |
CN111026748A (en) * | 2019-11-05 | 2020-04-17 | 广州市玄武无线科技股份有限公司 | Data compression method, device and system for network access frequency management and control |
CN112953986A (en) * | 2019-12-10 | 2021-06-11 | 华为技术有限公司 | Management method and device for edge application |
CN114466008A (en) * | 2021-12-22 | 2022-05-10 | 天翼云科技有限公司 | Cloud side communication system, method and device, electronic equipment and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2012003890A1 (en) * | 2010-07-09 | 2012-01-12 | Telefonaktiebolaget L M Ericsson (Publ) | Switching node with load balancing of bursts of packets |
CN107800723A (en) * | 2017-12-06 | 2018-03-13 | 中盈优创资讯科技有限公司 | CC attack guarding methods and equipment |
CN108737544A (en) * | 2018-05-22 | 2018-11-02 | 中国联合网络通信集团有限公司 | CDN node dispatching method and device |
CN109005164A (en) * | 2018-07-20 | 2018-12-14 | 深圳市网心科技有限公司 | A kind of network system, equipment, network data exchange method and storage medium |
CN109428839A (en) * | 2017-08-31 | 2019-03-05 | 华为技术有限公司 | A kind of CDN dispatching method, equipment and system |
-
2019
- 2019-05-28 CN CN201910453146.4A patent/CN110177102A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2012003890A1 (en) * | 2010-07-09 | 2012-01-12 | Telefonaktiebolaget L M Ericsson (Publ) | Switching node with load balancing of bursts of packets |
CN109428839A (en) * | 2017-08-31 | 2019-03-05 | 华为技术有限公司 | A kind of CDN dispatching method, equipment and system |
CN107800723A (en) * | 2017-12-06 | 2018-03-13 | 中盈优创资讯科技有限公司 | CC attack guarding methods and equipment |
CN108737544A (en) * | 2018-05-22 | 2018-11-02 | 中国联合网络通信集团有限公司 | CDN node dispatching method and device |
CN109005164A (en) * | 2018-07-20 | 2018-12-14 | 深圳市网心科技有限公司 | A kind of network system, equipment, network data exchange method and storage medium |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110191139A (en) * | 2019-07-17 | 2019-08-30 | 中国联合网络通信集团有限公司 | A kind of method for authenticating and system, the method for accessing terminal to network |
CN111026748A (en) * | 2019-11-05 | 2020-04-17 | 广州市玄武无线科技股份有限公司 | Data compression method, device and system for network access frequency management and control |
CN111026748B (en) * | 2019-11-05 | 2020-11-17 | 广州市玄武无线科技股份有限公司 | Data compression method, device and system for network access frequency management and control |
CN112953986A (en) * | 2019-12-10 | 2021-06-11 | 华为技术有限公司 | Management method and device for edge application |
WO2021115270A1 (en) * | 2019-12-10 | 2021-06-17 | 华为技术有限公司 | Edge application management method, and device |
CN112953986B (en) * | 2019-12-10 | 2024-03-12 | 华为云计算技术有限公司 | Edge application management method and device |
CN114466008A (en) * | 2021-12-22 | 2022-05-10 | 天翼云科技有限公司 | Cloud side communication system, method and device, electronic equipment and storage medium |
CN114466008B (en) * | 2021-12-22 | 2023-10-13 | 天翼云科技有限公司 | Cloud edge communication system, cloud edge communication method, cloud edge communication device, electronic equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11496377B2 (en) | Anomaly detection through header field entropy | |
US10554622B2 (en) | Secure application delivery system with dial out and associated method | |
US20210029156A1 (en) | Security monitoring system for internet of things (iot) device environments | |
CN110177102A (en) | Anti-attack method, electronic equipment, system and medium based on fringe node | |
US10826872B2 (en) | Security policy for browser extensions | |
US9661013B2 (en) | Manipulating API requests to indicate source computer application trustworthiness | |
WO2017039971A1 (en) | User-aware datacenter security policies | |
RU2584506C1 (en) | System and method of protecting operations with electronic money | |
KR102451237B1 (en) | Security for container networks | |
US8856308B1 (en) | Cloud scale automatic identity management | |
TW201445962A (en) | Internet protocol threat prevention | |
US10484418B2 (en) | Systems and methods for updating security policies for network traffic | |
US10637829B2 (en) | Passport-controlled firewall | |
KR101076683B1 (en) | Apparatus and method for splitting host-based networks | |
US11652824B2 (en) | Trustworthiness evaluation of network devices | |
US11784993B2 (en) | Cross site request forgery (CSRF) protection for web browsers | |
Mishra et al. | An enhanced DDoS TCP flood attack defence system in a cloud computing | |
US11451560B2 (en) | Systems and methods for pre-configuration attestation of network devices | |
Benzidane et al. | Application-based authentication on an inter-VM traffic in a cloud environment | |
EP3012771B1 (en) | System and method for protecting electronic money transactions | |
Krishna et al. | Cloud-Centric Networking Using Virtualization and Resource Sharing | |
Díaz García et al. | Multiprotocol Authentication Device for HPC and Cloud Environments Based on Elliptic Curve Cryptography | |
Mudge | Live-fire security testing with armitage and metasploit | |
Kiliç | Software defined implementation of cyber attack detection and prevention | |
Establishing the software-defined networking based defensive system in clouds |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190827 |