CN112291258B - Gateway risk control method and device - Google Patents
Gateway risk control method and device Download PDFInfo
- Publication number
- CN112291258B CN112291258B CN202011261474.3A CN202011261474A CN112291258B CN 112291258 B CN112291258 B CN 112291258B CN 202011261474 A CN202011261474 A CN 202011261474A CN 112291258 B CN112291258 B CN 112291258B
- Authority
- CN
- China
- Prior art keywords
- gateway
- abnormal
- data
- exception
- exception handling
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
Abstract
The invention discloses a gateway risk control method and device. Wherein, the method comprises the following steps: acquiring an access request sent by a client, and calling an application server to execute the access request; receiving response data returned by the application server executing the access request; and if the response data indicate that the access is abnormal, extracting key index data from the access request and the response data, inputting the key index data into a pre-trained gateway wind control model to obtain a first abnormal handling strategy, and performing service abnormal handling according to the first abnormal handling strategy. According to the gateway risk control scheme provided by the invention, under the condition that the access is determined to be abnormal, the abnormal handling strategy is determined through the gateway wind control model obtained through machine learning training, so that the abnormity can be responded quickly, the abnormal service time can be reduced to the greatest extent, the risk is reduced, meanwhile, the strategy can be dynamically controlled under the condition that the gateway does not need to be restarted, and the safety and the stability of the service are guaranteed.
Description
Technical Field
The invention relates to the technical field of internet, in particular to a gateway risk control method and device.
Background
The gateway is an entrance of the application server cluster, and the gateway can perform black and white list control, authentication control, flow control and data conversion on the access of the user, so that the safety of the user request reaching the application server is guaranteed. Wind control refers to controlling possible risks in the future through some measures so as to solve the influence caused by the risks and prevent damage or reduce damage.
With the coming of the internet era, the dependence degree of people on the internet is increasing day by day, but the security of enterprise servers and the stability of servers are more demanding. Behaviors which endanger the safety and stability of the server are continuously generated, for example, data are stolen by unauthorized requests, the pressure of the server is increased rapidly due to excessive crawling of a crawler server, and the response is slow due to excessive IO pressure of the server, so how to solve the problems is an important subject in the internet era.
At present, the traditional ways of enterprise application services mainly include several: and a gateway is not set, an interceptor embedded in the application service mode is applied, and a third-party gateway service is built. The method without the gateway is equivalent to directly exposing the application service to the Internet environment, and completely without defense, so that the application service is very easy to attack and capture malicious data; the application service embedded interception mode mainly includes that each service needs to be embedded with the interception module, the interception module is not universal, and once the embedded service is forgotten, the service can be exposed to the Internet environment without protection; building a third-party gateway service generally needs to write a fixed strategy in a configuration file, restart is needed in each adjustment, and then some unknown problems are solved, for example, the response time of all interfaces is increased suddenly, a long time is provided from manual intervention troubleshooting to solution, the service is unavailable to users in the time, and great loss is caused to enterprises and users.
Disclosure of Invention
In view of the above, the present invention is proposed in order to provide a gateway risk control method and apparatus that overcomes or at least partially solves the above mentioned problems.
According to an aspect of the present invention, there is provided a gateway risk control method, including:
acquiring an access request sent by a client, and calling an application server to execute the access request;
receiving response data returned by the application server executing the access request;
and if the response data indicate that the access is abnormal, extracting key index data from the access request and the response data, inputting the key index data into a pre-trained gateway wind control model to obtain a first abnormal handling strategy, and performing service abnormal handling according to the first abnormal handling strategy.
According to another aspect of the present invention, there is provided a gateway risk control apparatus, comprising:
the acquisition module is suitable for acquiring an access request sent by a client;
the calling module is suitable for calling the application server to execute the access request;
the receiving module is suitable for receiving response data returned by the application server executing the access request;
and the processing module is suitable for extracting key index data from the access request and the response data if the response data indicate that the access is abnormal, inputting the key index data into a pre-trained gateway wind control model to obtain a first abnormal processing strategy, and performing service abnormal processing according to the first abnormal processing strategy.
According to yet another aspect of the present invention, there is provided a computing device comprising: the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the operation corresponding to the gateway risk control method.
According to still another aspect of the present invention, a computer storage medium is provided, where at least one executable instruction is stored in the storage medium, and the executable instruction causes a processor to perform an operation corresponding to the gateway risk control method.
According to the scheme provided by the invention, under the condition that the access is determined to be abnormal, the abnormal handling strategy is determined through the gateway wind control model obtained by machine learning training, so that the abnormal handling strategy can be quickly responded, the abnormal service time can be furthest reduced, the risk is reduced, and meanwhile, the strategy can be dynamically controlled under the condition that the gateway does not need to be restarted, and the safety and the stability of the service are ensured.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 shows a schematic flow diagram of a gateway risk control method according to an embodiment of the invention;
fig. 2 shows a schematic flow diagram of a gateway risk control method according to another embodiment of the invention;
fig. 3 shows a schematic structural diagram of a gateway risk control apparatus according to an embodiment of the present invention;
FIG. 4 shows a block diagram of a computing device, according to one embodiment of the invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the invention are shown in the drawings, it should be understood that the invention can be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
Fig. 1 shows a flow diagram of a gateway risk control method according to an embodiment of the present invention. As shown in fig. 1, the method comprises the steps of:
step S101, obtaining an access request sent by a client, and calling an application server to execute the access request.
The gateway risk control method provided in this embodiment is executed by a gateway, and specifically, when a user wants to acquire data, the user may access an application server through a client, and the client sends an access request for accessing the application server, where the access request needs to pass through the gateway, that is, the gateway acquires the access request for accessing the application server sent by the client, and then invokes a corresponding application server to execute the access request, for example, the access request carries an IP address of the application server, and may invoke the application server to execute the access request according to the IP address of the application server.
And step S102, receiving response data returned by the application server executing the access request.
After executing the corresponding access request, the application server generates corresponding response data, where the response data is data returned by the server in response to the access request, and may be, for example, data actually requested by the client or data returned when an abnormal condition occurs, the application server returns the generated response data to the gateway, and the gateway receives the response data returned by the application server in executing the access request.
And S103, if the response data indicate that the access is abnormal, extracting key index data from the access request and the response data, inputting the key index data into a pre-trained gateway wind control model to obtain a first abnormal handling strategy, and performing service abnormal handling according to the first abnormal handling strategy.
After receiving the returned response data, analyzing the response data, for example, analyzing whether the response data includes a request exception code or analyzes whether a server index returned by the application server reaches a preset threshold, if the response data includes the request exception code or the server index reaches the preset threshold, determining that an exception occurs in access, and in order to implement gateway risk control and minimize the generated risk, extracting key index data from the access request and the response data, where the key index data is used to analyze and determine a processing policy used to resolve the exception, and optionally, the key index data includes one or more of the following data: the method comprises the steps of a client IP address, a request user protocol type, request time, response time, a request exception code, request data, throughput, query rate per second, transaction rate per second, concurrency number and an application server IP address, wherein key index data can also comprise other self-defined indexes. In practical applications, any one or more of the following anomalies may occur: the method comprises the steps of server memory exception, JVM exception, IO exception, CPU overhigh exception, network IO exception, local disk IO exception, database connection exception, application service internal exception and the like, wherein each exception corresponds to a different request exception code, and therefore which exception occurs specifically can be identified through the request exception code.
After the key index data are extracted, inputting the key index data into a pre-trained gateway wind control model to obtain a first exception handling strategy, wherein the gateway wind control model is a model which is obtained by machine learning and has the input as the key index data and the output as the first exception handling strategy, the first exception handling strategy provides an exception solution, and after the first exception handling strategy is determined, service exception handling can be performed according to the first exception handling strategy, for example, the first handling strategy is applied to an application server to solve corresponding service exception.
According to the gateway risk control method provided by the embodiment, under the condition that the access is determined to be abnormal, the abnormal handling strategy is determined through the gateway wind control model obtained through machine learning training, so that the abnormal handling strategy can be quickly responded, the abnormal service time can be furthest reduced, the risk occurrence is reduced, and meanwhile, the strategy can be dynamically controlled under the condition that the gateway does not need to be restarted, and the safety and the stability of the service are guaranteed.
Fig. 2 shows a flow diagram of a gateway risk control method according to an embodiment of the present invention. As shown in fig. 2, the method comprises the steps of:
step S201, acquiring an access request sent by a client, and invoking a pre-configured detection rule to detect the access request.
The gateway risk control method provided in this embodiment is executed by a gateway, and specifically, when a user wants to acquire data, the application server may be accessed through a client, and the client sends an access request for accessing the application server, where the access request needs to pass through the gateway, that is, the gateway acquires an access request for accessing the application server sent by the client.
For convenience of subsequent processing, after the access request sent by the client is acquired, request preprocessing can be performed on the access request, the internal data package data stream is analyzed, and the acquired data stream can be repeatedly acquired through preprocessing.
In this embodiment, in order to improve the security of access, a detection rule may be preconfigured to detect an access request sent by a client, where the detection rule includes one or more of the following rules: authentication rules, IP black lists, IP white lists, replay attack prevention, IP admission permission rules and the like.
After the access request sent by the client is acquired, a pre-configured detection rule can be called to detect the access request, whether the access request is an illegal request can be determined through detection, for example, whether the IP address of the client exists in an IP blacklist or not is inquired, if so, the access request can be determined to be the illegal request, and then the access is determined to be abnormal; or inquiring whether the IP address of the client exists in the IP white list, if so, determining that the access request is a normal request, and further determining that the access is normal. The authentication rule can verify whether the access of the client is abnormal or not by means of signature, and the description is not repeated. Of course, the detection rule in the present embodiment is not limited to the above, and may include other rules, such as a key. Wherein the detection rules may be configured through a gateway console.
And step S202, if the detection result indicates that the access is abnormal, returning an access refusing notification message to the client.
After the access request is detected, if the detection result shows that the access is abnormal, an access refusing notification message is returned to the client side to inform the client side that the client side refuses the access to the application server.
Step S203, if the detection result indicates that the access is normal, the application server is invoked to execute the access request.
After the access request is detected, if the detection result indicates that the access is normal, the corresponding application server may be called to execute the access request, for example, the access request carries an IP address of the application server, and the application server may be called to execute the access request according to the IP address of the application server. And step S204, receiving response data returned by the application server executing the access request.
After executing the corresponding access request, the application server generates corresponding response data, where the response data is data returned by the server in response to the access request, and may be, for example, data actually requested by the client or data returned when an abnormal condition occurs, for example, an Error message is automatically thrown by an abnormal system in Java, the application server analyzes the Error message to obtain Error data, and server index data related to a CPU and a memory, and the application server may obtain the Error data through a Linux command, and then returns the generated response data to the gateway, and the gateway receives the response data returned by the application server in executing the access request.
And step S205, if the response data indicate that the access is abnormal, extracting key index data from the access request and the response data.
After receiving the returned response data, analyzing the response data, for example, analyzing whether the response data includes a request exception code or analyzes whether a server index returned by the application server reaches a preset threshold, if the response data includes the request exception code or the server index reaches the preset threshold, determining that an exception occurs in access, and in order to implement gateway risk control and minimize the generated risk, extracting key index data from the access request and the response data, where the key index data is used for analyzing and determining a processing policy used for solving the exception, and optionally, the key index data includes one or more of the following data: the method comprises the steps of a client IP address, a request user protocol type, request time, response time, a request exception code, request data, throughput, a query rate per second QPS, a transaction processing rate per second TPS, concurrency and an application server IP address, wherein key index data can also comprise other custom indexes. In practical applications, any one or more of the following anomalies may occur: the method comprises the steps of server memory exception, JVM exception, IO exception, CPU overhigh exception, network IO exception, local disk IO exception, database connection exception, application service internal exception and the like, wherein each exception corresponds to a different request exception code, and therefore which exception occurs specifically can be identified through the request exception code. The request time specifically refers to the time when the client initiates an access request; response time specifically refers to the time from the start of the request to completion; the request data mainly refers to the characteristics of request data content, request data size and the like. It should be noted that the key index data is not limited to the above listed data, and may also include some other customized index data, such as CPU usage, memory occupancy, etc.
Step S206, judging whether a second preset exception handling strategy matched with the key index data exists; if yes, go to step S207; if not, step S209 is executed.
In order to be able to quickly resolve an exception when an exception occurs, a second exception handling policy may be configured in advance, for example, key index data and a corresponding second exception handling policy are stored in a database in an associated manner, and after determining that an exception occurs in an access, key index data is extracted from access request and response data, the database may be queried according to the key index data to determine whether a second preconfigured exception handling policy matching the key index data exists, and the second exception policy is some solution configured manually, for example, a flow limiting policy.
And step S207, performing service exception handling according to the second exception handling strategy.
In the case that it is determined that a preconfigured second exception handling policy matching the key indicator data exists, service exception handling may be performed according to the second exception handling policy, for example, the second exception handling policy is applied to the application server to resolve the corresponding service exception.
For example, if the abnormality occurs as a CPU surge of the application server, in order to resolve the abnormality, a flow control adjustment policy may be adopted to reject or wait for processing the request by limiting the flow, so as to prevent excessive requests from accessing the application server at the same time.
Step S208, judging whether the second exception handling strategy solves the service exception; if not, step S209 is executed.
Although the second exception handling policy is utilized to solve the service exception, it is likely that a situation in which the second exception handling policy cannot solve the service exception occurs, and in order to effectively solve the service exception, this embodiment further needs to determine whether the second exception handling policy solves the service exception, for example, determine whether the application server returns a request exception code or determines whether a server index returned by the application server is smaller than a preset threshold, and if the application server returns the request exception code or the server index is larger than the preset threshold, it may be determined that the second exception handling policy does not solve the service exception. If the second exception handling policy can resolve the service exception, the method ends.
Step S209, inputting the key index data into a pre-trained gateway wind control model to obtain a first exception handling strategy, and performing service exception handling according to the first exception handling strategy.
If the second exception handling strategy does not exist or if the second exception handling strategy exists but the second exception handling strategy does not solve the service exception, the key index data is input into a pre-trained gateway wind control model, machine learning is carried out by the gateway wind control model to obtain a first exception handling strategy corresponding to the key index data, wherein the gateway wind control model is a model which takes the input obtained through the machine learning as the key index data and outputs the key index data as the first exception handling strategy, the first exception handling strategy provides an exception solution, and after the first exception handling strategy is determined, service exception handling can be carried out according to the first exception handling strategy, for example, the first exception handling strategy is applied to an application server to solve the corresponding service exception. For example, the key index data indicates that an exception with slow response and insufficient memory occurs, and the corresponding first exception handling policy may be determined to be an automatic capacity expansion policy, so that the automatic capacity expansion policy may be applied to the application server, and the application server may handle the exception by performing automatic memory capacity expansion.
In an alternative embodiment of the present invention, the gateway wind control model may be obtained by training according to the following method: acquiring trained sample key index data and exception handling marking data corresponding to the sample key index data; inputting the sample key index data into an initial gateway wind control model for training to obtain abnormal processing data corresponding to the sample key index data; updating the weight parameter of the initial gateway wind control model according to the exception handling data and the exception handling marking data corresponding to the sample key index data; and circularly and iteratively executing the steps until an iteration ending condition is met, and obtaining a gateway wind control model. Specifically, the loss between the abnormal processing data and the abnormal processing marking data can be calculated to obtain a loss function, back propagation (back propagation) operation is performed according to the loss function, and the weight parameter of the initial gateway wind control model is updated according to the operation result. The iteration end condition may include: the iteration times reach an iteration time threshold; and/or the output value of the penalty function is less than a penalty threshold. Then, whether the iteration end condition is met can be judged by judging whether the iteration number reaches the iteration number threshold value, and whether the iteration end condition is met can also be judged according to whether the output value of the loss function is smaller than the loss threshold value. And stopping the iteration processing after the iteration ending condition is met, thereby obtaining a gateway wind control model, wherein the gateway wind control model is a pre-trained model.
The method comprises the steps that sample key index data required by gateway wind control model training can be obtained from daily flow, simulated problem flow and preset learning data flow, labeling is carried out by utilizing a provided decision console, an exception handling strategy corresponding to the sample key index data is labeled, and after the labeling is finished, the data is called exception handling labeling data for facilitating subsequent description.
The sample key indicator data includes one or more of the following: client IP address, requesting user protocol type, request time, response time, request exception code, request data, throughput, query rate per second QPS, transaction rate per second TPS, concurrency number, application server IP address, although the sample key indicator data may also contain some other custom indicators. In practical applications, any one or more of the following anomalies may occur: the method comprises the steps of server memory exception, JVM exception, IO exception, CPU overhigh exception, network IO exception, local disk IO exception, database connection exception, application service internal exception and the like, wherein each exception corresponds to a different request exception code, and therefore which exception occurs specifically can be identified through the request exception code. The request time specifically refers to the time when the client initiates an access request; response time specifically refers to the time from the start of the request to completion; the request data mainly refers to the characteristics of request data content, request data size and the like. It should be noted that the key index data is not limited to the above listed data, and may also include some other customized index data, such as CPU usage, memory occupancy, etc. The gateway wind control model trained by the key index data of the samples with different dimensions can comprehensively cover various abnormal services of the application server, so that the problem can be solved quickly.
Step S210, if the first exception handling policy does not solve the service exception, sending an alarm notification message to the processing end, so that the processing end performs exception handling according to the alarm notification message.
Although step S209 utilizes the first exception handling policy to resolve the service exception, it is highly likely that the first exception handling policy cannot resolve the service exception, and therefore, if the first exception handling policy does not resolve the service exception, an alarm notification message may be sent to the processing end, and the processing end may process the service exception after receiving the alarm notification message. In order to effectively reduce the harm caused by the abnormity, the time required for solving the service abnormity can be set, and if the service abnormity is not solved in the specified time, an alarm notification message is sent to the processing end.
And step S211, receiving the third abnormal processing strategy sent by the processing end, and updating the gateway wind control model according to the key index data and the third abnormal processing strategy.
In order to enable the gateway wind control model to provide an exception handling strategy more accurately, the gateway wind control model may be updated, specifically, after the processing end solves the service exception, a third exception handling strategy may be determined, the gateway receives the third exception handling strategy sent by the processing end, and updates the gateway wind control model according to the key index data and the third exception handling strategy. After the gateway wind control model is updated, if the same service abnormal condition occurs again next time, a corresponding abnormal processing strategy can be given through the gateway wind control model, and the secondary intervention of a processing end is not needed.
According to the gateway risk control method provided by the embodiment, after the access request sent by the client is obtained, the access request can be detected first to intercept an illegal request, so that risks are prevented; under the condition that the access is determined to be abnormal, for some known abnormalities, a second abnormality processing strategy configured in advance can be used for processing, and for unknown abnormalities, a first abnormality processing strategy is determined through a gateway wind control model obtained through machine learning training, so that the abnormality can be responded quickly, the time for service abnormality can be reduced to the maximum extent, the speed for solving problems is improved, the risk of risk occurrence is reduced, and meanwhile, the strategy can be dynamically controlled under the condition that the gateway does not need to be restarted, and the safety, the availability and the stability of service are guaranteed.
Fig. 3 shows a schematic structural diagram of a gateway risk control device according to an embodiment of the present invention. As shown in fig. 3, the apparatus includes: the device comprises an acquisition module 301, a calling module 302, a receiving module 303 and a processing module 304.
An obtaining module 301 adapted to obtain an access request sent by a client;
a calling module 302 adapted to call an application server to execute the access request;
a receiving module 303, adapted to receive response data returned by the application server executing the access request;
and the processing module 304 is adapted to extract key index data from the access request and the response data if the response data indicate that the access is abnormal, input the key index data into a pre-trained gateway wind control model to obtain a first abnormal processing strategy, and perform service abnormal processing according to the first abnormal processing strategy.
Optionally, the apparatus further comprises: the judging module is suitable for judging whether a second preconfigured exception handling strategy matched with the key index data exists or not;
the processing module is further adapted to: if the second exception handling strategy exists, performing service exception handling according to the second exception handling strategy;
and if the second exception handling strategy does not exist or the second exception handling strategy exists but the service exception is not solved by the second exception handling strategy, inputting the key index data into a pre-trained gateway wind control model.
Optionally, the key indicator data comprises one or more of the following: client IP address, requesting user protocol type, request time, response time, request exception code, request data, throughput, query rate per second, transaction rate per second, number of concurrencies, application server IP address.
Optionally, the apparatus further comprises: the gateway wind control model training module is suitable for acquiring trained sample key index data and exception handling marking data corresponding to the sample key index data;
inputting the sample key index data into an initial gateway wind control model for training to obtain abnormal processing data corresponding to the sample key index data;
updating the weight parameter of the initial gateway wind control model according to the exception handling data and the exception handling marking data corresponding to the sample key index data;
and circularly and iteratively executing the steps until an iteration ending condition is met, and obtaining a gateway wind control model.
Optionally, the apparatus further comprises: the sending module is suitable for sending an alarm notification message to the processing end if the first exception handling strategy does not solve the service exception, so that the processing end can carry out exception handling according to the alarm notification message;
and the updating module is suitable for receiving the third abnormal processing strategy sent by the processing end and updating the gateway wind control model according to the key index data and the third abnormal processing strategy.
Optionally, the apparatus further comprises: the detection module is suitable for calling a pre-configured detection rule to detect the access request;
the calling module is suitable for calling the application server to execute the access request if the detection result shows that the access is normal;
and the return module is suitable for returning an access refusing notification message to the client if the detection result shows that the access is abnormal.
Optionally, the detection rules include one or more of the following rules: authentication rules, IP blacklist.
The gateway risk control device provided by this embodiment determines the exception handling policy through the gateway wind control model obtained by machine learning training under the condition that the access is determined to be abnormal, so that the exception handling policy can be quickly responded, the time of service exception can be reduced to the greatest extent, the hazard of risk occurrence is reduced, and meanwhile, the policy can be dynamically controlled under the condition that the gateway does not need to be restarted, and the safety and stability of service are guaranteed.
The embodiment of the application also provides a nonvolatile computer storage medium, wherein the computer storage medium stores at least one executable instruction, and the computer executable instruction can execute the gateway risk control method in any method embodiment.
Fig. 4 is a schematic structural diagram of a computing device according to an embodiment of the present invention, and the specific embodiment of the present invention does not limit the specific implementation of the computing device.
As shown in fig. 4, the computing device may include: a processor (processor) 402, a Communications Interface 404, a memory 406, and a Communications bus 408.
Wherein:
the processor 402, communication interface 404, and memory 406 communicate with each other via a communication bus 408.
A communication interface 404 for communicating with network elements of other devices, such as clients or other servers.
The processor 402 is configured to execute the program 410, and may specifically execute the relevant steps in the above gateway risk control method embodiment.
In particular, program 410 may include program code comprising computer operating instructions.
The processor 402 may be a central processing unit CPU, or an Application Specific Integrated Circuit ASIC (Application Specific Integrated Circuit), or one or more Integrated circuits configured to implement an embodiment of the present invention. The computing device includes one or more processors, which may be the same type of processor, such as one or more CPUs; or may be different types of processors such as one or more CPUs and one or more ASICs.
And a memory 406 for storing a program 410. Memory 406 may comprise high-speed RAM memory, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The program 410 may specifically be configured to cause the processor 402 to perform the gateway risk control method in any of the method embodiments described above. For specific implementation of each step in the program 410, reference may be made to corresponding steps and corresponding descriptions in units in the above gateway risk control embodiment, which are not described herein again. It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described devices and modules may refer to the corresponding process descriptions in the foregoing method embodiments, and are not described herein again.
The algorithms or displays presented herein are not inherently related to any particular computer, virtual system, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. In addition, embodiments of the present invention are not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the embodiments of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the invention and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functionality of some or all of the components according to embodiments of the present invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website, or provided on a carrier signal, or provided in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names. The steps in the above embodiments should not be construed as limiting the order of execution unless specified otherwise.
Claims (9)
1. A gateway risk control method is applied to a gateway and comprises the following steps:
acquiring an access request sent by a client, and calling an application server to execute the access request;
receiving response data returned by the application server executing the access request, wherein whether the response data contain request abnormal codes or whether the server indexes returned by the application server reach a preset threshold value is analyzed, and if the response data contain the request abnormal codes or the server indexes reach the preset threshold value, the access is determined to be abnormal;
if the response data indicate that the access is abnormal, extracting key index data from the access request and the response data, inputting the key index data into a pre-trained gateway wind control model to obtain a first abnormal handling strategy, and performing service abnormal handling according to the first abnormal handling strategy;
wherein before inputting the key metric data into a pre-trained gateway wind control model, the method further comprises:
judging whether a second preset exception handling strategy matched with the key index data exists or not;
if a second exception handling strategy exists, performing service exception handling according to the second exception handling strategy;
and if the second exception handling strategy does not exist or the second exception handling strategy does not solve the service exception, inputting the key index data into a pre-trained gateway wind control model.
2. The method of claim 1, wherein the key indicator data comprises one or more of the following: client IP address, requesting user protocol type, request time, response time, request exception code, request data, throughput, query rate per second, transaction rate per second, number of concurrencies, application server IP address.
3. The method of claim 1 or 2, wherein the pre-trained gateway wind control model is obtained by training by:
acquiring trained sample key index data and exception handling marking data corresponding to the sample key index data;
inputting the sample key index data into an initial gateway wind control model for training to obtain abnormal processing data corresponding to the sample key index data;
updating the weight parameter of the initial gateway wind control model according to the exception handling data and the exception handling marking data corresponding to the sample key index data;
and circularly and iteratively executing the steps until an iteration ending condition is met, and obtaining a gateway wind control model.
4. The method according to claim 1 or 2, wherein the method further comprises: if the first exception handling strategy does not solve the service exception, sending an alarm notification message to a processing end so that the processing end can carry out exception handling according to the alarm notification message;
and receiving a third abnormal processing strategy sent by a processing end, and updating the gateway wind control model according to the key index data and the third abnormal processing strategy.
5. The method of claim 1 or 2, wherein after obtaining an access request sent by a client to access an application server, the method further comprises:
calling a pre-configured detection rule to detect the access request;
if the detection result shows that the access is normal, calling an application server to execute the access request;
and if the detection result shows that the access is abnormal, returning an access refusing notification message to the client.
6. The method of claim 5, wherein the detection rules include one or more of the following rules: authentication rules, IP blacklist.
7. A gateway risk control apparatus, the apparatus being applied to a gateway, the apparatus comprising:
the acquisition module is suitable for acquiring an access request sent by a client;
the calling module is suitable for calling the application server to execute the access request;
the receiving module is suitable for receiving response data returned by the application server executing the access request, analyzing whether the response data contains a request abnormal code or whether a server index returned by the application server reaches a preset threshold value, and determining that the access is abnormal if the request abnormal code or the server index reaches the preset threshold value;
the processing module is suitable for extracting key index data from the access request and the response data if the response data indicate that the access is abnormal, inputting the key index data into a gateway wind control model trained in advance to obtain a first abnormal processing strategy, and performing service abnormal processing according to the first abnormal processing strategy;
the device still includes: the judging module is suitable for judging whether a second preconfigured exception handling strategy matched with the key index data exists or not;
the processing module is further adapted to: if the second exception handling strategy exists, performing service exception handling according to the second exception handling strategy;
and if the second exception handling strategy does not exist or the second exception handling strategy does not solve the service exception, inputting the key index data into a pre-trained gateway wind control model.
8. A computing device, comprising: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction causes the processor to execute the corresponding operation of the gateway risk control method according to any one of claims 1-6.
9. A computer storage medium having stored therein at least one executable instruction that causes a processor to perform operations corresponding to the gateway risk control method of any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011261474.3A CN112291258B (en) | 2020-11-12 | 2020-11-12 | Gateway risk control method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011261474.3A CN112291258B (en) | 2020-11-12 | 2020-11-12 | Gateway risk control method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112291258A CN112291258A (en) | 2021-01-29 |
| CN112291258B true CN112291258B (en) | 2023-03-21 |
Family
ID=74398056
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011261474.3A Active CN112291258B (en) | 2020-11-12 | 2020-11-12 | Gateway risk control method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112291258B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112988441B (en) * | 2021-03-03 | 2024-04-05 | 北京京东乾石科技有限公司 | Exception handling method and device |
| CN113779036A (en) * | 2021-09-18 | 2021-12-10 | 深圳市元征软件开发有限公司 | Access control method and device for fault code library, server and storage medium |
| CN114710334A (en) * | 2022-03-23 | 2022-07-05 | 平安付科技服务有限公司 | Access policy adjustment method and system for server |
| CN116560764B (en) * | 2023-07-12 | 2023-12-22 | 深圳市华曦达科技股份有限公司 | Application program interface control method and device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2498442A1 (en) * | 2011-03-11 | 2012-09-12 | Openet Telecom Ltd. | Methods, systems and devices for the detection and prevention of malware within a network |
| CN110880128A (en) * | 2019-10-31 | 2020-03-13 | 支付宝(杭州)信息技术有限公司 | Abnormal information mining method, device and system and terminal equipment |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109688097B (en) * | 2018-09-07 | 2023-03-24 | 平安科技(深圳)有限公司 | Website protection method, website protection device, website protection equipment and storage medium |
| CN109447651A (en) * | 2018-10-22 | 2019-03-08 | 武汉极意网络科技有限公司 | Business air control detection method, system, server and storage medium |
| CN111444931A (en) * | 2019-01-17 | 2020-07-24 | 北京京东尚科信息技术有限公司 | Method and device for detecting abnormal access data |
| US11411958B2 (en) * | 2019-01-18 | 2022-08-09 | Cisco Technology, Inc. | Machine learning-based application posture for zero trust networking |
| CN110086649B (en) * | 2019-03-19 | 2023-06-16 | 深圳壹账通智能科技有限公司 | Abnormal flow detection method, device, computer equipment and storage medium |
| CN110417778B (en) * | 2019-07-30 | 2022-02-11 | 中国工商银行股份有限公司 | Access request processing method and device |
-
2020
- 2020-11-12 CN CN202011261474.3A patent/CN112291258B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2498442A1 (en) * | 2011-03-11 | 2012-09-12 | Openet Telecom Ltd. | Methods, systems and devices for the detection and prevention of malware within a network |
| CN110880128A (en) * | 2019-10-31 | 2020-03-13 | 支付宝(杭州)信息技术有限公司 | Abnormal information mining method, device and system and terminal equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112291258A (en) | 2021-01-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112291258B (en) | Gateway risk control method and device | |
| US11240262B1 (en) | Malware detection verification and enhancement by coordinating endpoint and malware detection systems | |
| CN109743315B (en) | Behavior identification method, behavior identification device, behavior identification equipment and readable storage medium for website | |
| US20160323295A1 (en) | Computer Imposed Countermeasures Driven by Malware Lineage | |
| KR101724307B1 (en) | Method and system for detecting a malicious code | |
| KR101122646B1 (en) | Method and device against intelligent bots by masquerading virtual machine information | |
| RU2606564C1 (en) | System and method of blocking script execution | |
| US9444834B2 (en) | Method and system for detecting behavior of remotely intruding into computer | |
| WO2014071867A1 (en) | Program processing method and system, and client and server for program processing | |
| CN108234480B (en) | Intrusion detection method and device | |
| CN107808095B (en) | System and method for detecting abnormal elements of web page | |
| JP6050162B2 (en) | Connection destination information extraction device, connection destination information extraction method, and connection destination information extraction program | |
| CN107623693B (en) | Domain name resolution protection method, device, system, computing equipment and storage medium | |
| CN108028843B (en) | Method, system and computing device for securing delivery of computer-implemented functionality | |
| CN111614624A (en) | Risk detection method, device, system and storage medium | |
| JP4363214B2 (en) | Access policy generation system, access policy generation method, and access policy generation program | |
| CN113190838A (en) | Web attack behavior detection method and system based on expression | |
| CN110659478B (en) | Method for detecting malicious files preventing analysis in isolated environment | |
| RU2587424C1 (en) | Method of controlling applications | |
| CN111131166A (en) | User behavior prejudging method and related equipment | |
| CN113590180B (en) | Detection strategy generation method and device | |
| CN114039778A (en) | Request processing method, device, equipment and readable storage medium | |
| CN109474452B (en) | Method, system and storage medium for automatically identifying B/S botnet background | |
| RU2659741C1 (en) | Methods of detecting the anomalous elements of web pages on basis of statistical significance | |
| CN113704749A (en) | Malicious excavation detection processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |