CN111291367A - Access control method and system, electronic device and storage medium - Google Patents
Access control method and system, electronic device and storage medium Download PDFInfo
- Publication number
- CN111291367A CN111291367A CN201811487391.9A CN201811487391A CN111291367A CN 111291367 A CN111291367 A CN 111291367A CN 201811487391 A CN201811487391 A CN 201811487391A CN 111291367 A CN111291367 A CN 111291367A
- Authority
- CN
- China
- Prior art keywords
- access
- access control
- prevention
- service system
- key value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
Abstract
The invention discloses an access control method and system, electronic equipment and a storage medium. The access control method comprises the following steps: acquiring access request data of a service system; the access request data includes a key value; grouping the key values into key value groups according to different dimensions; counting the access times of the service system in a preset time period according to the key values and/or the key value groups; and generating an access control strategy of the service system according to the access times. The invention carries out statistics of access request quantity of different dimensions based on the key value and/or the key value group, ensures the global performance and accuracy of the statistics, thereby generating the access control strategy through the global statistical result and realizing effective and accurate protection of the service system network.
Description
Technical Field
The present invention relates to the field of network security technologies, and in particular, to an access control method and system, an electronic device, and a storage medium.
Background
At present, flow control, degradation, isolation, caching and the like of a business system are controlled based on an application level, or are prevented and controlled based on a service gateway level. The distributed and non-global prevention and control modes can cause that some invalid user requests cannot be effectively filtered out, and the prevention, control and monitoring are not accurate, so that a service system cannot be effectively protected from being attacked.
Some of the firewall applications, such as DDoS (distributed denial of service) firewall and Web (global wide area network) firewall, are centralized, but the granularity of the centralized firewall is too coarse, so that some normal user requests are often killed, which results in false prevention and control, thereby reducing user experience.
Disclosure of Invention
The invention provides an access control method and system, electronic equipment and a storage medium, aiming at overcoming the defect that a prevention and control system of a service system in the prior art cannot meet the requirement of accurate dynamic prevention and control.
The invention solves the technical problems through the following technical scheme:
an access control method, the access control method comprising:
acquiring access request data of a service system; the access request data includes a key value;
grouping the key values into key value groups according to different dimensions;
counting the access times of the service system in a preset time period according to the key values and/or the key value groups;
and generating an access control strategy of the service system according to the access times.
Preferably, after the step of obtaining the access request data of the service system, the method further includes:
judging whether the data format of the access request data is the same as the standard data format;
and if not, converting the data format of the access request data into the data standard format.
Preferably, the access request data includes at least one of the following key values: HOST, URL (uniform resource locator), User ID (User account of the business system), device ID, User-Agent, URL-5XX (server error) status, object ID, and source IP.
Preferably, the access control method further includes:
acquiring a prevention and control rule; the prevention and control rule comprises a frequency threshold range corresponding to each key value and each key value group;
generating an access control policy of the service system according to the access times, specifically comprising:
judging whether the access times of the key values and the key value groups are within the respective time threshold range;
and when the judgment result is negative, adjusting the access control strategy.
Preferably, the step of generating the access control policy of the service system according to the access times specifically includes:
monitoring hot spot affairs of the service system according to the access times;
and when the hotspot transaction is monitored, adjusting the access control strategy.
An electronic device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing any of the above-described access control methods when executing the computer program.
A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the access control method of any of the preceding claims.
An access control system, the access control system comprising:
the data acquisition module is used for acquiring access request data of the service system; the access request data includes a key value;
the statistic module is used for combining the key values into key value groups according to different dimensions, and counting the access times of the service system in a preset time period according to the key values and/or the key value groups;
and the prevention and control module is used for generating an access control strategy of the service system according to the access times.
Preferably, the access control system further includes: the device comprises a judging module and a format conversion module;
the judging module is used for judging whether the data format of the access request data is the same as the standard data format or not and calling the format conversion module if the data format is judged not to be the same as the standard data format;
the format conversion module is used for converting the data format of the access request data into the data standard format and sending the data standard format to the statistic module.
Preferably, the access request data includes at least one of the following key values: HOST, URL, User ID, device ID, User-Agent, URL-5XX status, object ID, and source IP.
Preferably, the access control system further includes: a rule acquisition module;
the rule obtaining module is used for obtaining a prevention and control rule; the prevention and control rule comprises a frequency threshold range corresponding to each key value and each key value group;
the prevention and control module specifically comprises: the device comprises a judging unit and a prevention and control unit;
the judging unit is used for judging whether the access times of the key values and the key value groups are within the respective time threshold range or not, and calling the prevention and control unit if the access times of the key values and the key value groups are not within the respective time threshold range;
the prevention and control unit is used for adjusting the access control strategy.
Preferably, the access control system further includes: a hotspot monitoring module;
the prevention and control module specifically comprises: a prevention and control unit;
the hot spot monitoring module is used for monitoring the hot spot affairs of the service system according to the access times and calling the prevention and control unit when the hot spot affairs are monitored;
the prevention and control unit is used for adjusting the access control strategy.
The positive progress effects of the invention are as follows: the invention carries out statistics of access request quantity of different dimensions based on the key value and/or the key value group, ensures the global performance and accuracy of the statistics, thereby generating the access control strategy through the global statistical result and realizing effective and accurate protection of the service system network.
Drawings
Fig. 1 is a flowchart of an access control method according to embodiment 1 of the present invention.
Fig. 2 is a schematic structural diagram of an electronic device according to embodiment 2 of the present invention.
Fig. 3 is a block diagram of an access control system according to embodiment 4 of the present invention.
Detailed Description
The invention is further illustrated by the following examples, which are not intended to limit the scope of the invention.
Example 1
The embodiment provides an access control method, which is suitable for service systems of various applications. The service system is deployed on the application server, the terminal user sends an access request to the service system, the service system executes the access request, and the result is sent to the terminal user for display after data processing, so that the terminal user can access the service system.
As shown in fig. 1, the access control method of the present embodiment includes:
The access request data is also the access requests of the service system to be accessed, which are sent by a plurality of terminal users, and after the access request data is obtained, the data is sent to a request log queue through a User Datagram Protocol (UDP). The request log queue must be high performance, support level extensions, and may choose Kafka (an open source streaming platform), or use Redis (a storage system).
Wherein the access request comprises: a full URL, source IP, User-Agent, device ID, User ID, object ID (e.g., commodity ID), and personalized buried point, etc.
In this embodiment, in order to facilitate the following data statistics, the access request data may be obtained using a unified access stratum, for example, using Nginx. In order to implement network protection of the service system more effectively, it is further determined whether to use the unified access stratum, so that after step 101, the method further includes:
and judging whether the data format of the access request data is the same as the standard data format.
If not, the access request data is not acquired through the unified access layer, the data format of the access request data is converted into a data standard format, then the access request data is cleaned to acquire a plurality of key values in the access request, and the step 102 is executed; if it is determined that the unified access stratum is used, the access request data is directly cleaned to obtain a plurality of key values in the access request, and step 102 is executed.
Wherein, the key value includes: HOST, URL, User ID, device ID, User-Agent, HOST-5XX status, object ID, source IP, etc.
A set of key values, such as < Source IP, Commodity ID >, < Source IP, device ID >, < Source IP, user ID >, < Source IP, HOST >, and < user ID, device ID >, etc. It should be noted that the number of key values in the key value group is not limited to 2 in this embodiment, and may be set according to actual requirements, for example, 3, 4, or even more.
And 103, counting the access times of the service system in a preset time period according to the key values and/or the key value groups. The statistical results are shown in the following table.
The statistical granularity (preset time period) in the table is accurately realized based on a time window, and the sliding window is not used for realizing accurate statistics.
In this embodiment, after step 103, the statistical result is further pushed to a statistical data storage center for use in generating an access control policy, and the storage center implements high-performance storage using, for example, a Redis cluster.
And 104, generating an access control strategy of the service system according to the access times.
Therefore, the generated access control strategy is sent to the service system, and the service system can perform flow control, degradation and isolation processing according to the access control strategy, so that effective and accurate protection of the network is realized.
The protection of the service system comprises two situations, namely a normal situation and a hotspot existence situation.
Under normal conditions, the access control method further comprises the following steps:
and acquiring a prevention and control rule.
The prevention and control rule comprises a frequency threshold range corresponding to each key value and each key value group. The user can set the prevention and control rule by himself, namely, the user can define the prevention and control processing of each layer of the service system.
104-1, judging whether the counted access times of the key values and the key value groups are within the respective time threshold range;
if not, indicating that the current control strategy does not meet the protection requirement of the service system, executing a step 104-2; if the judgment is yes, the current control strategy is proved to meet the protection requirement of the service system, and the service system is prevented and controlled according to the originally generated control strategy.
Step 104-2, adjusting the access control policy. So as to meet the requirements of accurate dynamic prevention and control.
Taking the access request https:// item.jd.com/12153914.html as an example, setting the threshold ranges of times as follows: item.jd.com: 0/s-100/s; item, jd, com-5xx is 0/s-10/s; and the ua-spacer is 0/s-10/s, and if the statistical results of the current access times are all in the threshold range of times, the service system is protected according to the original control strategy. If the statistical result of item.jd.com is not within 0/s-100/s, returning a queuing interface to the user terminal sending the access request to realize degradation under the condition of current limiting; if the statistical result of the ua-spiders is not within 0/s-10/s, isolating the application server in the service system, and realizing isolation under the condition of a crawler; if the statistical result of the item.jd.com-5xx is not within 0/s-10/s, returning a degradation interface to the user terminal sending the access request, indicating that the back-end service has a problem when the 5xx is wrong, and directly performing degradation processing after triggering a time threshold.
In the presence of a hotspot, step 104 specifically includes:
and step 104-1', monitoring hot spot transactions of the service system according to the access times.
Step 104-2', when a hotspot transaction is monitored, the access control policy is adjusted.
In hot spot affairs, such as promotion and second killing, a lot of commodity data are hot spot data; if the first page of the home page, the first page of the list page and the first page of the hot word search are hot commodities, the commodities are hot commodities; some of the friends circle share the commodities and may be hot commodities; therefore, a mechanism is needed to globally count hot spot data and inform the relevant service system to deal with the subsequent burst traffic.
For example, if the commodity ID is set to be 100/s, that is, if the access amount of the commodity ID is greater than 100/s, it can be determined that the commodity ID is a hot commodity, the control strategy is adjusted, or the commodity ID is pushed through an MQ (message queue) to inform the business system, so that the business system can flexibly deal with the commodity ID.
Example 2
Fig. 2 is a schematic structural diagram of an electronic device according to an embodiment of the present invention, which shows a block diagram of an exemplary electronic device 90 suitable for implementing an embodiment of the present invention. The electronic device 90 shown in fig. 2 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiment of the present invention.
As shown in fig. 2, the electronic device 90 may take the form of a general purpose computing device, which may be a server device, for example. The components of the electronic device 90 may include, but are not limited to: the at least one processor 91, the at least one memory 92, and a bus 93 that connects the various system components (including the memory 92 and the processor 91).
The bus 93 includes a data bus, an address bus, and a control bus.
The processor 91 executes various functional applications and data processing, such as the access control method provided in embodiment 1 of the present invention, by executing the computer program stored in the memory 92.
The electronic device 90 may also communicate with one or more external devices 94 (e.g., keyboard, pointing device, etc.). Such communication may be through an input/output (I/O) interface 95. Also, the model-generated electronic device 90 may also communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet) via a network adapter 96. As shown, the network adapter 96 communicates with the other modules of the model-generated electronic device 90 via a bus 93. It should be understood that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the model-generating electronic device 90, including but not limited to: microcode, device drivers, redundant processors, external disk drive arrays, RAID (disk array) systems, tape drives, and data backup storage systems, etc.
It should be noted that although in the above detailed description several units/modules or sub-units/modules of the electronic device are mentioned, such a division is merely exemplary and not mandatory. Indeed, the features and functionality of two or more of the units/modules described above may be embodied in one unit/module according to embodiments of the invention. Conversely, the features and functions of one unit/module described above may be further divided into embodiments by a plurality of units/modules.
Example 3
The present embodiment provides a computer-readable storage medium on which a computer program is stored, which when executed by a processor implements the steps of the access control method provided in embodiment 1.
More specific examples, among others, that the readable storage medium may employ may include, but are not limited to: a portable disk, a hard disk, random access memory, read only memory, erasable programmable read only memory, optical storage device, magnetic storage device, or any suitable combination of the foregoing.
In a possible implementation, the invention may also be implemented in the form of a program product comprising program code for causing a terminal device to perform the steps of implementing the access control method of embodiment 1 when the program product is run on the terminal device.
Where program code for carrying out the invention is written in any combination of one or more programming languages, the program code may be executed entirely on the user device, partly on the user device, as a stand-alone software package, partly on the user device and partly on a remote device or entirely on the remote device.
Example 4
The embodiment is an access control system which is suitable for service systems of various applications. The service system is deployed on the application server, the terminal user sends an access request to the service system, the service system executes the access request, and the result is sent to the terminal user for display after data processing, so that the access of the service system is realized.
As shown in fig. 3, the access control system of the present embodiment includes: the device comprises a data acquisition module 1, a statistic module 2, a prevention and control module 3, a judgment module 4 and a format conversion module 5.
The data obtaining module 1 is used for obtaining access request data of a service system.
The access request data, that is, the access request of the service system to be accessed, sent by the terminal user, is sent to the request log queue through the UDP after obtaining the access request data, and the purpose of using the UDP is to ensure that the data collection process is non-blocking and does not affect the main process performance. The request log queue must be high performance, support level extensions, Kafka may be chosen, or Redis may be used.
Wherein the access request comprises: a full URL, source IP, User-Agent, device ID, User ID, object ID (e.g., commodity ID), and personalized buried point, etc.
In this embodiment, in order to facilitate the following data statistics, the access request data may be obtained using a unified access stratum, for example, using Nginx. In order to more effectively implement network protection of the service system, whether to use the unified access layer is also determined, specifically:
the judging module 4 judges whether the data format of the access request data acquired by the data acquiring module 1 is the same as the standard data format; if the judgment result is yes, the unified access layer is used, and the access request data are directly sent to the statistical module 2; if the judgment result is no, the unified access layer is not used, and then the format conversion module 5 is called. The format conversion module 5 converts the data format of the access request data into a data standard format and sends the data standard format to the statistic module 2.
The statistic module 2 is configured to combine the key values into a key value group according to different dimensions, and to count access times of the service system within a preset time period according to the key values and/or the key value group.
In this embodiment, before the statistical module is constructed, the access request data is also cleaned to obtain a key value in the access request, where the key value includes: HOST, URL, User ID, device ID, User-Agent, HOST-5XX status, object ID, source IP, etc.
A set of key values, such as < Source IP, Commodity ID >, < Source IP, device ID >, < Source IP, user ID >, < Source IP, HOST >, and < user ID, device ID >, etc. It should be noted that the number of key values in the key value group is not limited to 2 in this embodiment, and may be set according to actual requirements, for example, 3, 4, or even more.
In this embodiment, the access control system further includes a storage center, configured to store the statistical result, where the storage center implements high-performance storage, for example, using a Redis cluster.
The prevention and control module 3 is configured to obtain a statistical result from the Redis cluster, and generate an access control policy of the service system according to the counted access times. Therefore, the access control strategy can be sent to the service system to perform flow control, degradation and isolation control, and effective and accurate protection of the service system is realized.
Specifically, the prevention and control module 3 includes a judgment unit and a prevention and control unit. In this embodiment, the access control system further includes: a rule acquisition module 6 and a hotspot monitoring module 7.
The following is a detailed description of the operation of the access control system:
the rule obtaining module 6 is used for obtaining the prevention and control rule. The prevention and control rule comprises a frequency threshold range corresponding to each key value and each key value group; the user can set the prevention and control rule by himself, namely, the user can define the prevention and control processing of each layer of the service system.
When the access control system protects the network of the service system for the first time, the prevention and control unit generates an access control strategy according to the prevention and control rule and the result counted by the counting module 2. In the protection process, the determining unit 31 determines in real time whether the counted access times of the key values and the key value groups are within the respective time threshold range; if the judgment is no, the current control strategy is not in accordance with the protection requirement of the service system, the prevention and control unit is called to adjust the access control strategy, and the prevention and control unit protects the service system by the adjusted access control strategy so as to meet the accurate dynamic prevention and control requirement; if the judgment result is yes, the prevention and control unit protects the service system according to the originally generated control strategy, which indicates that the current control strategy meets the protection requirement of the service system.
Taking the access request https:// item.jd.com/12153914.html as an example, setting the threshold ranges of times as follows: item.jd.com: 0/s-100/s; item, jd, com-5xx is 0/s-10/s; and the ua-spacer is 0/s-10/s, and if the statistical results of the current access times are all in the threshold range of times, the service system is protected according to the original control strategy. If the statistical result of item.jd.com is not within 0/s-100/s, returning a queuing interface to a user terminal which sends an access request later, and realizing degradation under the condition of current limiting; if the statistical result of the ua-spiders is not within 0/s-10/s, isolating the application server in the service system, and realizing isolation under the condition of a crawler; if the statistical result of the item.jd.com-5xx is not within 0/s-10/s, returning a degradation interface to a user terminal which sends an access request later, indicating that the back-end service has a problem when the 5xx is wrong, and directly performing degradation processing after triggering a time threshold.
In this embodiment, the hotspot monitoring module 7 monitors hotspot transactions of the service system in real time according to the access times, and calls the prevention and control unit to adjust the access control policy when the hotspot transactions are monitored, and the prevention and control unit protects the service system with the adjusted access control policy.
For example, if the commodity ID is set to be 100/s, that is, if the access amount of the commodity ID is greater than 100/s, the commodity ID can be determined to be a hot commodity, the control strategy is adjusted, or the commodity ID is pushed through the MQ to inform the business system, so that the business system can flexibly deal with the commodity ID.
The access control system of the embodiment guarantees the global performance and accuracy of statistics through global statistics, each layer of the service system only needs to send rules and granularity to the access control system, the access control system can generate a proper access control strategy and send the access control strategy to the service system, and the service system can perform processing such as current limiting, degrading and isolating according to the control strategy, so that effective and accurate protection on a network is achieved.
While specific embodiments of the invention have been described above, it will be appreciated by those skilled in the art that this is by way of example only, and that the scope of the invention is defined by the appended claims. Various changes and modifications to these embodiments may be made by those skilled in the art without departing from the spirit and scope of the invention, and these changes and modifications are within the scope of the invention.
Claims (12)
1. An access control method, characterized in that the access control method comprises:
acquiring access request data of a service system; the access request data includes a key value;
grouping the key values into key value groups according to different dimensions;
counting the access times of the service system in a preset time period according to the key values and/or the key value groups;
and generating an access control strategy of the service system according to the access times.
2. The access control method of claim 1, wherein the step of obtaining access request data for the business system is followed by further comprising:
judging whether the data format of the access request data is the same as the standard data format;
and if not, converting the data format of the access request data into the data standard format.
3. The access control method of claim 1, wherein the access request data includes at least one of the following key values: HOST, URL, User ID, device ID, User-Agent, URL-5XX status, object ID, and source IP.
4. The access control method of claim 1, wherein the access control method further comprises:
acquiring a prevention and control rule; the prevention and control rule comprises a frequency threshold range corresponding to each key value and each key value group;
generating an access control policy of the service system according to the access times, specifically comprising:
judging whether the access times of the key values and the key value groups are within the respective time threshold range;
and when the judgment result is negative, adjusting the access control strategy.
5. The access control method according to claim 1, wherein the step of generating the access control policy of the service system according to the number of accesses specifically includes:
monitoring hot spot affairs of the service system according to the access times;
and when the hotspot transaction is monitored, adjusting the access control strategy.
6. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the access control method of any one of claims 1 to 5 when executing the computer program.
7. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the access control method according to any one of claims 1 to 5.
8. An access control system, characterized in that the access control system comprises:
the data acquisition module is used for acquiring access request data of the service system; the access request data includes a key value;
the statistic module is used for combining the key values into key value groups according to different dimensions, and counting the access times of the service system in a preset time period according to the key values and/or the key value groups;
and the prevention and control module is used for generating an access control strategy of the service system according to the access times.
9. The access control system of claim 8, wherein the access control system further comprises: the device comprises a judging module and a format conversion module;
the judging module is used for judging whether the data format of the access request data is the same as the standard data format or not and calling the format conversion module if the data format is judged not to be the same as the standard data format;
the format conversion module is used for converting the data format of the access request data into the data standard format and sending the data standard format to the statistic module.
10. The access control system of claim 8, wherein the access request data includes at least one of the following key values: HOST, URL, User ID, device ID, User-Agent, URL-5XX status, object ID, and source IP.
11. The access control system of claim 8, wherein the access control system further comprises: a rule acquisition module;
the rule obtaining module is used for obtaining a prevention and control rule; the prevention and control rule comprises a frequency threshold range corresponding to each key value and each key value group;
the prevention and control module specifically comprises: the device comprises a judging unit and a prevention and control unit;
the judging unit is used for judging whether the access times of the key values and the key value groups are within the respective time threshold range or not, and calling the prevention and control unit if the access times of the key values and the key value groups are not within the respective time threshold range;
the prevention and control unit is used for adjusting the access control strategy.
12. The access control system of claim 8, wherein the access control system further comprises: a hotspot monitoring module;
the prevention and control module specifically comprises: a prevention and control unit;
the hot spot monitoring module is used for monitoring the hot spot affairs of the service system according to the access times and calling the prevention and control unit when the hot spot affairs are monitored;
the prevention and control unit is used for adjusting the access control strategy.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811487391.9A CN111291367A (en) | 2018-12-06 | 2018-12-06 | Access control method and system, electronic device and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811487391.9A CN111291367A (en) | 2018-12-06 | 2018-12-06 | Access control method and system, electronic device and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111291367A true CN111291367A (en) | 2020-06-16 |
Family
ID=71026358
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811487391.9A Pending CN111291367A (en) | 2018-12-06 | 2018-12-06 | Access control method and system, electronic device and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111291367A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114430395A (en) * | 2022-03-02 | 2022-05-03 | 阿波罗智联(北京)科技有限公司 | Flow control method, device and equipment and intelligent traffic management equipment |
CN114640504A (en) * | 2022-02-24 | 2022-06-17 | 京东科技信息技术有限公司 | CC attack protection method, device, equipment and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1997000A (en) * | 2005-12-31 | 2007-07-11 | 腾讯科技(深圳)有限公司 | Virtual-host-based web server and method for user obtaining access data |
KR101451683B1 (en) * | 2013-05-27 | 2014-10-16 | 엘지히다찌 주식회사 | System for controlling access to the epcis service |
CN108494703A (en) * | 2018-03-08 | 2018-09-04 | 腾讯科技(深圳)有限公司 | A kind of access frequency control method, device and storage medium |
-
2018
- 2018-12-06 CN CN201811487391.9A patent/CN111291367A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1997000A (en) * | 2005-12-31 | 2007-07-11 | 腾讯科技(深圳)有限公司 | Virtual-host-based web server and method for user obtaining access data |
KR101451683B1 (en) * | 2013-05-27 | 2014-10-16 | 엘지히다찌 주식회사 | System for controlling access to the epcis service |
CN108494703A (en) * | 2018-03-08 | 2018-09-04 | 腾讯科技(深圳)有限公司 | A kind of access frequency control method, device and storage medium |
Non-Patent Citations (1)
Title |
---|
庄家栋;陈志刚;葛志辉;: "轻型的访问频率限制服务模型的设计与实现", 信息通信, no. 01 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114640504A (en) * | 2022-02-24 | 2022-06-17 | 京东科技信息技术有限公司 | CC attack protection method, device, equipment and storage medium |
CN114640504B (en) * | 2022-02-24 | 2024-02-06 | 京东科技信息技术有限公司 | CC attack protection method, device, equipment and storage medium |
CN114430395A (en) * | 2022-03-02 | 2022-05-03 | 阿波罗智联(北京)科技有限公司 | Flow control method, device and equipment and intelligent traffic management equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10715546B2 (en) | Website attack detection and protection method and system | |
EP4120166A1 (en) | Blockchain message processing method and apparatus, computer and readable storage medium | |
US20190173904A1 (en) | Entity Group Behavior Profiling | |
US10469514B2 (en) | Collaborative and adaptive threat intelligence for computer security | |
US10044737B2 (en) | Detection of beaconing behavior in network traffic | |
CN111352967B (en) | Frequency control method, system, equipment and medium of sliding window algorithm | |
CN106453669A (en) | Load balancing method and server | |
EP1303820A2 (en) | Dynamic web page caching system and method | |
US9800662B2 (en) | Generic network trace with distributed parallel processing and smart caching | |
CN111641658A (en) | Request intercepting method, device, equipment and readable storage medium | |
CN110445615B (en) | Network request security verification method, device, medium and electronic equipment | |
CN110875907A (en) | Access request control method and device | |
EP4084415A1 (en) | Data management method and system, associated subsystem and computer readable medium | |
CN111291367A (en) | Access control method and system, electronic device and storage medium | |
CN114640504B (en) | CC attack protection method, device, equipment and storage medium | |
CN103916379A (en) | CC attack identification method and system based on high frequency statistics | |
CN107360198B (en) | Suspicious domain name detection method and system | |
CN106411819A (en) | Method and apparatus for recognizing proxy Internet protocol address | |
CN113905091B (en) | Method and device for processing access request | |
AU2016393663A1 (en) | Method and system for compression and optimization of in-line and in-transit information security data | |
CN107508840B (en) | DNS Proxy-based method for monitoring DNS domain name attack | |
CN106789301A (en) | A kind of method and device of the running log of generation WEB gateways | |
CN108270755B (en) | Domain name level adaptive DDOS attack resisting method and device | |
CN111786940A (en) | Data processing method and device | |
US20170223136A1 (en) | Any Web Page Reporting and Capture |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |