CN112291263A - Data blocking method and device - Google Patents
Data blocking method and device Download PDFInfo
- Publication number
- CN112291263A CN112291263A CN202011284353.0A CN202011284353A CN112291263A CN 112291263 A CN112291263 A CN 112291263A CN 202011284353 A CN202011284353 A CN 202011284353A CN 112291263 A CN112291263 A CN 112291263A
- Authority
- CN
- China
- Prior art keywords
- request
- service
- characteristic information
- distributed denial
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the invention provides a data blocking method and a data blocking device, which are applied to a proprietary cloud platform, wherein the method comprises the following steps: when a service request is received, determining request characteristic information corresponding to the service request; then determining the request accumulated quantity corresponding to the request characteristic information, and judging whether a distributed denial of service attack event corresponding to the request characteristic information exists or not according to the request accumulated quantity; and when the distributed denial of service attack event corresponding to the request characteristic information exists, carrying out blocking operation aiming at the distributed denial of service attack event. The method and the device realize detection and processing of the distributed denial of service attack, can detect the service request carrying the distributed denial of service attack in the service request received by the proprietary cloud platform, and block the service request before the cloud server in the proprietary cloud platform receives the service request carrying the distributed denial of service attack, thereby improving the security of the proprietary cloud platform.
Description
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a method and an apparatus for blocking data.
Background
The cloud platform refers to services based on hardware resources and software resources, and provides computing, network and storage capabilities. Cloud platforms can be divided into three categories: the cloud platform comprises a storage type cloud platform taking data storage as a main part, a computing type cloud platform taking data processing as a main part, and a comprehensive type cloud platform taking computing and storage processing into consideration.
When a user needs to use the service in the cloud platform, a service request can be sent to the cloud platform, and after the cloud platform receives the service request sent by the user, the cloud platform can respond to the corresponding service to the user according to the content of the service request. However, the service request received by the cloud platform may also be a request carrying a distributed denial of service attack, and after the service request carrying the distributed denial of service attack is received by the cloud platform, the cloud platform is very likely to be out of order due to load failure and break down, and thus the normal service is stopped being provided. Therefore, in the prior art, a method capable of detecting and processing a service request carrying a distributed denial of service attack received by a cloud platform is needed.
Disclosure of Invention
In view of the above, it is proposed to provide a method and apparatus, a server, a storage medium for data processing that overcome or at least partially solve the above problems, comprising:
a method for blocking data is applied to a proprietary cloud platform, and comprises the following steps:
when a service request is received, determining request characteristic information corresponding to the service request;
determining the request accumulated quantity corresponding to the request characteristic information, and judging whether a distributed denial of service attack event corresponding to the request characteristic information exists or not according to the request accumulated quantity;
and when the distributed denial of service attack event corresponding to the request characteristic information exists, carrying out blocking operation aiming at the distributed denial of service attack event.
Optionally, before the determining the cumulative number of requests corresponding to the request feature information, the method further includes:
and performing information clustering division on the request characteristic information.
Optionally, the determining the cumulative number of requests corresponding to the request feature information includes:
and determining the information quantity corresponding to the information cluster to which the request characteristic information belongs as the request accumulated quantity corresponding to the request characteristic information.
Optionally, when it is determined that a distributed denial of service attack event corresponding to the request feature information exists, performing a blocking operation for the distributed denial of service attack event includes:
when the distributed denial of service attack event is judged to exist, determining cluster characteristic information corresponding to the information cluster to which the request characteristic information belongs;
and performing blocking operation aiming at the distributed denial of service attack event according to the clustering characteristic information.
Optionally, the determining whether a distributed denial of service attack event corresponding to the request feature information exists according to the cumulative number of requests includes:
judging whether the accumulated number of the requests is greater than a preset number or not;
and when the accumulated number of the requests is larger than the preset number, judging that a distributed denial of service attack event corresponding to the request characteristic information exists.
Optionally, the method further comprises: and blocking the service request.
Optionally, the request feature information includes any one or more of:
IP address information, account information, device status information.
An apparatus for blocking data, which is applied to a proprietary cloud platform, the apparatus comprising:
the request characteristic information determining module is used for determining request characteristic information corresponding to a service request when the service request is received;
the event judgment module is used for determining the request accumulated quantity corresponding to the request characteristic information and judging whether a distributed denial of service attack event corresponding to the request characteristic information exists or not according to the request accumulated quantity;
and the event response module is used for carrying out blocking operation aiming at the distributed denial of service attack event when judging that the distributed denial of service attack event corresponding to the request characteristic information exists.
A server comprising a processor, a memory and a computer program stored on the memory and capable of running on the processor, the computer program when executed by the processor implementing the method of data blocking as described above.
A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method of data blocking as described above.
The embodiment of the invention has the following advantages:
in the embodiment of the invention, when a proprietary cloud platform receives a service request, request characteristic information corresponding to the service request is determined; then determining the request accumulated quantity corresponding to the request characteristic information, and judging whether a distributed denial of service attack event corresponding to the request characteristic information exists or not according to the request accumulated quantity; and when the distributed denial of service attack event corresponding to the request characteristic information exists, carrying out blocking operation aiming at the distributed denial of service attack event. The method and the device realize detection and processing of the distributed denial of service attack, can detect the service request carrying the distributed denial of service attack in the service request received by the proprietary cloud platform, and block the service request before the cloud server in the proprietary cloud platform receives the service request carrying the distributed denial of service attack, thereby improving the security of the proprietary cloud platform.
Drawings
In order to more clearly illustrate the technical solution of the present invention, the drawings needed to be used in the description of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic diagram of an overall architecture of a proprietary cloud platform according to an embodiment of the present invention;
FIG. 2 is a flow chart illustrating steps of a method for data blocking according to an embodiment of the present invention;
FIG. 3 is a flow chart illustrating steps of another method for data blocking according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a data blocking apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below. It is to be understood that the embodiments described are only a few embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
And the proprietary cloud platform adopts a unified operation and maintenance service management platform to manage related resources in the proprietary cloud platform. The proprietary cloud platform takes computation, network, storage and the like as basic constituent elements, and constituent elements in the proprietary cloud platform can be selected and predefined according to system requirements. The proprietary cloud platform is based on the existing hardware module, combines virtualization, software definition and a distributed architecture, and realizes modularized seamless horizontal extension by aggregating a plurality of sets of standardized general hardware through a network, so as to construct a cloud platform environment completely depending on software drive.
The operation and maintenance system in the proprietary cloud platform realizes the operation and maintenance management of unified automatic deployment, upgrading change and configuration management of physical equipment, an operating system, computing, networks, storage, databases, middleware, business applications and the like in the cloud computing environment. Monitoring alarm and automatic analysis and diagnosis processing in the aspects of fault, performance, configuration and the like are provided, the running state and quality of the cloud platform are evaluated through analysis and processing, the continuous and stable running of cloud computing service application is guaranteed, meanwhile, service and support are provided for a service process, and a perfect operation and maintenance service management platform is constructed.
The management of physical resources of the data center in the proprietary cloud platform can be provided for a proprietary cloud platform planning tool and an automated deployment operation and maintenance service, various resources of the proprietary cloud platform can be managed and scheduled in a centralized manner, physical computing resources, virtual computing resources, network resources and storage resources are covered, and various virtualization technologies can be adapted and managed. Through a unified operation and maintenance management interface, the special cloud platform for operation and maintenance can be comprehensively and efficiently managed.
The proprietary cloud platform may also provide proprietary cloud platform operation/diagnostic system services. The service depends on topology display, cloud platform resource full topology display, network topology display, monitoring configuration, network health, health inspection and pre-inspection of infrastructure, fault pre-inspection and diagnosis; these services in turn rely on the final state data, log data and monitoring data. Meanwhile, the NTP (Network Time Protocol) of the computer room also needs to ensure that the Time on each node must be synchronous, so that the collected log and monitoring data can be valid data, and the effectiveness of operation, maintenance and diagnosis is ensured.
Besides the cloud product autonomous operation and maintenance portal (entry site) through the proprietary cloud platform diagnostic system, the operation and maintenance in the proprietary cloud platform need to log on to the device node (physical server, virtual machine, container, network node, network device) for operation and maintenance under specific conditions. Meanwhile, in order to reduce operation errors caused by manual login of the service node, almost all operation and maintenance tools, operation and maintenance scripts and operation and maintenance commands in operation and maintenance work are integrated in the proprietary cloud platform operation and maintenance/diagnosis system, and remote login and operation and maintenance operations can be performed on the target node in an operation and maintenance portal provided by the cloud platform operation and maintenance/diagnosis system.
In the proprietary cloud platform, the operation and maintenance archive serves as storage of operation and maintenance data and comprises terminal data, diagnosis prescriptions (fault solutions), log data, monitoring data and operation and maintenance flow data. As a data source for comparison between diagnosis and fault judgment, the richer the data, the higher the diagnosis accuracy, and the higher the health pre-inspection and trend judgment accuracy.
The operation and maintenance safety is guaranteed from the perspective of three-power separation, a system administrator has operation and maintenance operation permissions of the platform, a security administrator has the permissions of creating, changing and destroying operation and maintenance accounts and roles, a security auditor has audit permissions on all operation and maintenance operation logs of the proprietary cloud platform, and the operation and maintenance permissions are subdivided, so that each operation and maintenance person is guaranteed to be used for the minimum applicable permission, and risks caused by overlarge permissions are avoided. The product operation and maintenance management and control are converged in a proprietary cloud platform operation and maintenance system in a unified manner, and an SSO (Single Sign On) system is accessed, so that the unified convergence of the product operation and maintenance management and control authority is ensured. The method supports various two-factor services, verifies the account IP and the authority information when the operation and maintenance system logs in, and ensures the authentication safety of the proprietary cloud platform.
In the construction of a smart city, by introducing advanced technologies such as cloud computing, big data, internet of things and mobile interconnection, a cross-domain multi-dimensional big data public service cloud platform with unified standards, unified entries, unified acquisition, unified management, unified service and unified data is built, so that the data fusion capability of cross-department, cross-domain and cross-region is realized, the data in-domain data concentration, data sharing and exchange outside the domain and flexible expansion of domain boundaries according to rules are achieved, the ecological cycle of digital economy is formed, the data sharing of various fields of city management, social civilian life, resource environment and economic industry is promoted, the administrative efficiency, the city management capability and the resident life quality are improved, the industry fusion development is promoted, and the industry transformation upgrading and the business model are promoted.
Through the construction of a cross-domain multi-dimensional big data cloud platform, data barriers can be broken, data concentration is realized, and the big data development problem is solved. Based on the construction of the cloud platform, a data center platform and a data sharing service system are further constructed aiming at the cloud platform.
Aiming at the construction of a data middle station (namely a unified data platform), a data resource platform, a data sharing platform and the like are introduced and matched with corresponding data specifications, so that a data sharing platform which provides access to all levels of service collaboration mechanisms, video areas, all levels of service systems and all fields can be constructed, and the data sharing platform which provides openness, interconnection and sharing can be formed and simultaneously can have a unified data management system such as data cloud, data management, data exploration and full link monitoring.
As shown in fig. 1, a regional application portal, an open service gateway, a unified data platform, a regional internet of things sensing system, and other structures are deployed in a proprietary cloud platform, where the open service gateway includes a converged service sharing center and a converged data innovation center, and the following specifically describes each part of the proprietary cloud platform:
area application portal
In the regional application portal, the regional application portal is mainly divided into blocks of traffic, environmental protection, tourism, industry and commerce, medical treatment, education, regional economic brains, employment, cross-domain authentication and the like, and a user can enter each block through the regional application portal and can acquire information corresponding to each block formed by processed data.
(II) converged service sharing center and converged data innovation center
The fusion service sharing center may create different data sharing centers after fusing the data of each region according to service classification, for example: the system comprises a personal information center, a credit information center, a legal information center, a financial service center, a travel service center, a comprehensive treatment service center, a space-time service center, an Internet of things service center and the like.
The fusion data innovation center can realize the innovative application of the fusion data through a data fusion system and an AI algorithm system. The fusion service sharing center and the fusion data innovation center can fuse the data and then present the processed data to the user through the regional application portal.
(III) unified data platform
The unified data platform can comprise a data resource platform and a data sharing platform, wherein the data resource platform can comprise a plurality of components, such as data cloud, an intelligent data warehouse, an intelligent tag, data exploration, an AIMaster, data DNA, panoramic monitoring and data assets, so that service can be provided for upper-layer industry application and service scenes, the problems of data standardization, data quality and the like in the field of data management are solved, interaction modes such as dragging and the like are adopted, the realization of service logic and service functions is simplified, and the usability of the data platform is improved.
(IV) regional Internet of things sensing system
The regional Internet of things sensing system is composed of relevant sensing equipment and equipment data such as pressure, humidity, a camera, a light source, infrared sensing and temperature.
(V) other structures
In addition, data can be processed through a supercomputing cluster, a regional cloud computing platform and an OpenStack FI Ware cluster (one open-source cloud computing management platform project is a combination of a series of software open-source projects).
Referring to fig. 2, a flowchart illustrating steps of a method for blocking data according to an embodiment of the present invention is shown, where the method is applied to a proprietary cloud platform, and specifically, the method may include the following steps:
wherein the characteristic information may include any one or more of:
IP address information, account information, device status information.
As an example, the IP address information may refer to an IP address of the user equipment that issued the service request; the account information may refer to account information of a user account logged in on the user equipment which sends the service request, and may include an account number, an account password, and account authority; the device state information may refer to a current login state, a current usage environment state, and the like of the user equipment that issued the service request, for example, whether the user equipment has abnormal login and the like.
In practical applications, a plurality of cloud servers may be disposed in a proprietary cloud platform, and different cloud servers may provide different services to users, for example: a cloud server providing computing services, a cloud server providing storage services, a cloud server providing online backup services, a cloud server providing hosted services, and the like. Therefore, when the user needs to use the service in the proprietary cloud platform, a service request can be generated in the user equipment and sent to the proprietary cloud platform.
As an example, the user device may be a cell phone, a computer, or the like.
As an example, when a user needs to use a service in a proprietary cloud platform, a request operation may be performed on a user equipment first, so as to generate a service request for requesting the proprietary cloud platform to provide the service on the user equipment, for example: when a user needs to store data in the proprietary cloud platform, corresponding operation can be performed according to the operation prompt on the user equipment to generate a storage service request for requesting the proprietary cloud platform to provide storage service.
After the service request is generated, the user equipment may send the service request to the proprietary cloud platform, and of course, before sending the service request, the user equipment may add the IP address information and the device state information of the user equipment and account information of the login account on the user equipment in the service request.
After receiving the service request, the proprietary cloud platform may send the service request to the corresponding cloud server according to the service type requested by the service request, so that the corresponding cloud server can respond to the request of the user according to the service request, thereby providing the corresponding service to the user.
In practical application, when receiving a plurality of service requests, the proprietary cloud platform may send service requests requesting different services to corresponding cloud servers according to services requested by the service requests. However, since the capability of the private cloud platform to process the service request is limited, if a distributed denial of service attack occurs, since the distributed denial of service attack is simultaneously launched to one or several targets by a plurality of attackers at different positions, or one attacker controls a plurality of machines at different positions and uses the machines to attack the victim at the same time, when the private cloud platform is attacked by the distributed denial of service attack, the cloud server in the private cloud platform may be out of the way to be loaded and be paralyzed to stop providing normal service.
As an example, in order to avoid that the proprietary cloud platform is paralyzed due to receiving the service request carrying the distributed denial of service attack, the request feature information corresponding to the service request may be determined when the service request is received.
Specifically, the proprietary cloud platform may determine request characteristic information of the service request, for example: the IP address of the user equipment that issued the service request, account information of the user account logged in on the user equipment that issued the service request, the current login status, the usage environment status, etc. of the user equipment that issued the service request may be determined.
In an embodiment of the present invention, a service request entering a proprietary cloud platform may be obtained through an optical splitter and a splitter.
the distributed denial of service attack event corresponding to the request feature information may refer to an event in which the request accumulated number of service requests having the same request feature information exceeds a preset number in service requests received by a proprietary cloud platform.
After the request characteristic information is determined, if the number of the service requests with the request characteristic information is small, the cloud server cannot be paralyzed, and only if the number of the service requests with the request characteristic information is large, the cloud server is easily paralyzed, so that the number of the service requests with the request characteristic information can be determined as a request accumulated number, and when the request accumulated number exceeds a preset number, the proprietary cloud platform can be considered to be subjected to distributed denial of service attack corresponding to the request characteristic information, and the service requests carry the distributed denial of service attack.
In practical application, the proprietary cloud platform may count the service requests with the same request feature information based on the request feature information to determine the request accumulated number of the service requests with the request feature information in the service requests received by the proprietary cloud platform, and then determine whether the proprietary cloud platform is attacked by the distributed denial of service corresponding to the request feature information according to the request accumulated number, for example: if the request accumulated quantity of the service requests with the request characteristic information of 'account is a new application account' exceeds the preset quantity, the proprietary cloud platform can judge that a distributed denial of service attack event corresponding to the request characteristic information of 'account is a new application account' exists.
Specifically, a preset number may be preset to determine whether the proprietary cloud platform is attacked by the distributed denial of service corresponding to the request feature information. Then, after the proprietary cloud platform receives the service request, the request accumulated quantity of the request corresponding to each request feature information can be counted, and then whether a distributed denial of service attack event corresponding to the request feature information exists is judged by judging whether the request accumulated quantity exceeds a preset quantity, for example: when the number of the service requests with the request characteristic information of 'the equipment state is subjected to malicious intrusion modification within the preset time' exceeds the preset number, determining the requests with the request characteristic information of 'the equipment state is subjected to malicious intrusion modification within the preset time' as carrying the distributed denial of service attack.
And 203, when the distributed denial of service attack event corresponding to the request characteristic information is judged to exist, performing blocking operation aiming at the distributed denial of service attack event.
In practical application, when it is determined that a distributed denial of service attack event corresponding to the request feature information exists according to the accumulated number of requests, blocking operation can be performed on the distributed denial of service attack, so that a cloud server is prevented from being crashed due to the fact that a large number of service requests carrying the distributed denial of service attack are received, and the safety of a proprietary cloud platform is guaranteed.
Specifically, the proprietary cloud platform may count the request accumulated number of the service requests corresponding to each request feature information, and when the request accumulated number of a certain request feature information exceeds a preset number, take the service request corresponding to the request feature information of this type as a service request with a distributed denial of service attack, and then may perform blocking operation for a distributed denial of service event.
As an example, the blocking operation may include the proprietary cloud platform deleting the service request before allocating the service request to the corresponding cloud server for response.
In an embodiment of the present invention, after detecting the distributed denial of service attack, the service request with the distributed denial of service attack may be sent to the cleaning device to remove the service request with the distributed denial of service attack, and the normal service request is injected back to the proprietary cloud platform.
In an embodiment of the present invention, the method may further include the following steps:
and blocking the service request.
After the distributed denial of service attack event corresponding to the request characteristic information is judged to exist, the proprietary cloud platform can block the service request with the request characteristic information to avoid distributing the service request to the cloud server, so that the blocking is performed on the distributed denial of service attack in advance, and the problem that the cloud server is paralyzed due to the fact that the cloud server processes the service request with the distributed denial of service attack is solved.
In an embodiment of the present invention, when it is determined that a distributed denial of service attack event exists, the proprietary cloud platform may further generate an alarm message, and a proprietary cloud platform administrator maintains and processes the proprietary cloud platform, for example: the service of the corresponding cloud server can be temporarily shut down to avoid loss of other users in normal use and paralysis of the cloud server.
In the embodiment of the invention, when a proprietary cloud platform receives a service request, request characteristic information corresponding to the service request is determined; then determining the request accumulated quantity corresponding to the request characteristic information, and judging whether a distributed denial of service attack event corresponding to the request characteristic information exists or not according to the request accumulated quantity; and when the distributed denial of service attack event corresponding to the request characteristic information exists, carrying out blocking operation aiming at the distributed denial of service attack event. The method and the device realize detection and processing of the distributed denial of service attack, can detect the service request carrying the distributed denial of service attack in the service request received by the proprietary cloud platform, and block the service request before the cloud server in the proprietary cloud platform receives the service request carrying the distributed denial of service attack, thereby improving the security of the proprietary cloud platform.
Referring to fig. 3, a flowchart illustrating steps of another data blocking method according to an embodiment of the present invention is shown, which may specifically include the following steps:
in practical application, a plurality of cloud servers can be arranged in a proprietary cloud platform, and different cloud servers can provide different services for users.
After the service request is generated, the user equipment may send the service request to the proprietary cloud platform, and of course, before sending the service request, the user equipment may add the IP address information and the device state information of the user equipment and account information of the login account on the user equipment in the service request.
After receiving the service request, the proprietary cloud platform may send the service request to the corresponding cloud server according to the service type requested by the service request, so that the corresponding cloud server can respond to the request of the user according to the service request, thereby providing the corresponding service to the user.
In practical application, in order to avoid the failure of the proprietary cloud platform due to the fact that the proprietary cloud platform receives a service request carrying a distributed denial of service attack, request characteristic information corresponding to the service request can be determined when the service request is received.
Specifically, the proprietary cloud platform may determine request characteristic information of the service request, for example: the IP address of the user equipment that issued the service request, account information of the user account logged in on the user equipment that issued the service request, the current login status, the usage environment status, etc. of the user equipment that issued the service request may be determined.
in an embodiment of the present invention, before determining the request cumulative number corresponding to the request feature information, information cluster division may be further performed on the request feature information.
In practical applications, a plurality of different information clusters may be preset, and each information cluster may correspond to one or more approximate request feature information, for example: the information cluster can be the information cluster of the device which is invaded in the preset time and the information cluster which is risky when the device logs in the environment. Then, after determining the request feature information of the service request, the request feature information of the service request may be divided into corresponding information clusters.
Specifically, the corresponding relation between the request characteristic information and the information clusters can be preset, and then after the request characteristic information of the service request is determined, the proprietary cloud platform can divide the request characteristic information into the corresponding information clusters according to the request characteristic information of the service request, so that the accumulated number of the requests with the same or similar request characteristic information can be counted, and the accuracy of subsequently judging whether the proprietary cloud platform is attacked by the distributed denial of service is improved.
as an example, the information quantity may represent the number of service requests classified into an information cluster with corresponding request characteristic information.
After the request feature information is divided into corresponding information clusters, the private cloud platform may use the information quantity corresponding to the information clusters as the request accumulated quantity corresponding to the request feature information.
As an example, the proprietary cloud platform may record the information amount corresponding to the information cluster in real time, and update the request accumulated amount of the request feature information correspondingly.
As another example, the information amount may also be updated at preset time intervals, and the corresponding request accumulated amount of the request feature information is updated.
after the request accumulated quantity is determined, the proprietary cloud platform can judge whether a distributed denial of service attack event corresponding to the characteristic request information exists in the proprietary cloud platform according to the request accumulated quantity corresponding to the characteristic request information.
In an embodiment of the present invention, step 304 may further include the following steps:
judging whether the accumulated number of the requests is greater than a preset number or not; and when the accumulated number of the requests is larger than the preset number, judging that a distributed denial of service attack event corresponding to the request characteristic information exists.
Specifically, a preset number may be preset to determine whether a distributed denial of service attack corresponding to the request feature information exists in the proprietary cloud platform, and then after the proprietary cloud platform receives the service request, whether a distributed denial of service attack event corresponding to the request feature information exists may be determined by determining whether the cumulative number of requests exceeds the preset number.
after the distributed denial of service attack event is judged to exist, the cluster characteristic information corresponding to the information cluster to which the request characteristic information belongs can be determined firstly, so that the subsequent distributed denial of service attack corresponding to the same or similar request characteristic information can be processed in a targeted manner, the safety of a proprietary cloud platform is improved, and the accuracy of detection of the distributed denial of service attack is also improved.
Specifically, multiple kinds of request feature information in the information cluster may be summarized to determine the cluster feature information of the information cluster, for example: if the request feature information e, f and g is included in the information cluster a, then "e or f or g" may be used as the cluster feature information of the information cluster a.
And step 306, performing blocking operation aiming at the distributed denial of service attack event according to the clustering characteristic information.
After determining the clustering characteristic information, the proprietary cloud platform may perform blocking operations for the distributed denial of service attack event.
As an example, blocking operations may be performed on all service requests with corresponding clustering feature information received by a proprietary cloud platform.
As an example, the blocking operation may include the proprietary cloud platform deleting the service request before allocating the service request to the corresponding cloud server for response.
In an embodiment of the present invention, after detecting the distributed denial of service attack, the service request with the distributed denial of service attack may be sent to the cleaning device to remove the service request with the distributed denial of service attack, and the normal service request is injected back to the proprietary cloud platform.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
Referring to fig. 4, a schematic structural diagram of an apparatus for data blocking according to an embodiment of the present invention is shown, where the apparatus may be applied to a proprietary cloud platform, and specifically may include the following modules:
a request feature information determining module 401, configured to determine, when a service request is received, request feature information corresponding to the service request;
an event determining module 402, configured to determine a cumulative number of requests corresponding to the request feature information, and determine whether a distributed denial of service attack event corresponding to the request feature information exists according to the cumulative number of requests;
an event response module 403, configured to perform a blocking operation for the distributed denial of service attack event when it is determined that the distributed denial of service attack event corresponding to the request feature information exists.
In an embodiment of the present invention, the apparatus further includes:
and the dividing module is used for carrying out information clustering division on the request characteristic information before determining the request accumulated quantity corresponding to the request characteristic information.
In an embodiment of the present invention, the event determining module 402 includes:
and the accumulated quantity determining submodule is used for determining the information quantity corresponding to the information cluster to which the request characteristic information belongs, and the information quantity is used as the request accumulated quantity corresponding to the request characteristic information.
In an embodiment of the present invention, the event response module 403 includes:
the cluster characteristic information determining submodule is used for determining cluster characteristic information corresponding to information clusters to which the request characteristic information belongs when judging that a distributed denial of service attack event exists;
and the event blocking sub-module is used for carrying out blocking operation aiming at the distributed denial of service attack event according to the clustering characteristic information.
In an embodiment of the present invention, the event determining module 402 includes:
the quantity judgment submodule is used for judging whether the accumulated quantity of the requests is greater than a preset quantity or not;
and the judging submodule is used for judging that a distributed denial of service attack event corresponding to the request characteristic information exists when the accumulated number of the requests is greater than the preset number.
In an embodiment of the present invention, the apparatus further includes:
and the service request blocking module is used for blocking the service request.
In an embodiment of the present invention, the request feature information includes any one or more of the following items:
IP address information, account information, device status information.
In the embodiment of the invention, when a proprietary cloud platform receives a service request, request characteristic information corresponding to the service request is determined; then determining the request accumulated quantity corresponding to the request characteristic information, and judging whether a distributed denial of service attack event corresponding to the request characteristic information exists or not according to the request accumulated quantity; and when the distributed denial of service attack event corresponding to the request characteristic information exists, carrying out blocking operation aiming at the distributed denial of service attack event. The method and the device realize detection and processing of the distributed denial of service attack, can detect the service request carrying the distributed denial of service attack in the service request received by the proprietary cloud platform, and block the service request before the cloud server in the proprietary cloud platform receives the service request carrying the distributed denial of service attack, thereby improving the security of the proprietary cloud platform.
An embodiment of the present invention also provides a server, which may include a processor, a memory, and a computer program stored on the memory and capable of running on the processor, and when executed by the processor, the computer program implements the method for blocking data as described above.
An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the above method for data blocking.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.
The method and the device for blocking data provided above are introduced in detail, and a specific example is applied in this document to illustrate the principle and the embodiment of the present invention, and the above description of the embodiment is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (10)
1. A method for blocking data is applied to a proprietary cloud platform, and comprises the following steps:
when a service request is received, determining request characteristic information corresponding to the service request;
determining the request accumulated quantity corresponding to the request characteristic information, and judging whether a distributed denial of service attack event corresponding to the request characteristic information exists or not according to the request accumulated quantity;
and when the distributed denial of service attack event corresponding to the request characteristic information exists, carrying out blocking operation aiming at the distributed denial of service attack event.
2. The method according to claim 1, further comprising, before said determining the cumulative number of requests corresponding to the request feature information:
and performing information clustering division on the request characteristic information.
3. The method according to claim 2, wherein the determining the cumulative number of requests corresponding to the request feature information comprises:
and determining the information quantity corresponding to the information cluster to which the request characteristic information belongs as the request accumulated quantity corresponding to the request characteristic information.
4. The method according to claim 2 or 3, wherein the performing a blocking operation for the distributed denial of service attack event when it is determined that the distributed denial of service attack event corresponding to the request feature information exists comprises:
when the distributed denial of service attack event is judged to exist, determining cluster characteristic information corresponding to the information cluster to which the request characteristic information belongs;
and performing blocking operation aiming at the distributed denial of service attack event according to the clustering characteristic information.
5. The method according to claim 1, 2 or 3, wherein the determining whether there is a distributed denial of service attack event corresponding to the request feature information according to the cumulative number of requests comprises:
judging whether the accumulated number of the requests is greater than a preset number or not;
and when the accumulated number of the requests is larger than the preset number, judging that a distributed denial of service attack event corresponding to the request characteristic information exists.
6. The method of claim 1, further comprising:
and blocking the service request.
7. The method of claim 1, wherein the request feature information comprises any one or more of:
IP address information, account information, device status information.
8. An apparatus for blocking data, applied to a proprietary cloud platform, the apparatus comprising:
the request characteristic information determining module is used for determining request characteristic information corresponding to a service request when the service request is received;
the event judgment module is used for determining the request accumulated quantity corresponding to the request characteristic information and judging whether a distributed denial of service attack event corresponding to the request characteristic information exists or not according to the request accumulated quantity;
and the event response module is used for carrying out blocking operation aiming at the distributed denial of service attack event when judging that the distributed denial of service attack event corresponding to the request characteristic information exists.
9. A server comprising a processor, a memory, and a computer program stored on the memory and capable of running on the processor, the computer program when executed by the processor implementing the method of data blocking of any of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method of data blocking according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011284353.0A CN112291263A (en) | 2020-11-17 | 2020-11-17 | Data blocking method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011284353.0A CN112291263A (en) | 2020-11-17 | 2020-11-17 | Data blocking method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112291263A true CN112291263A (en) | 2021-01-29 |
Family
ID=74399008
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011284353.0A Pending CN112291263A (en) | 2020-11-17 | 2020-11-17 | Data blocking method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112291263A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113660277A (en) * | 2021-08-18 | 2021-11-16 | 广州优视云集科技有限公司 | Crawler-resisting method based on multiplexing embedded point information and processing terminal |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110099622A1 (en) * | 2009-10-22 | 2011-04-28 | Tai Jin Lee | Apparatus for detecting and filtering application layer ddos attack of web service |
| CN102891829A (en) * | 2011-07-18 | 2013-01-23 | 航天信息股份有限公司 | Method and system for detecting and defending distributed denial of service attack |
| CN103856470A (en) * | 2012-12-06 | 2014-06-11 | 腾讯科技(深圳)有限公司 | Distributed denial of service attack detection method and device |
| CN105227528A (en) * | 2014-06-26 | 2016-01-06 | 华为技术有限公司 | To detection method and the device of the attack of Web server group |
| CN106790175A (en) * | 2016-12-29 | 2017-05-31 | 北京神州绿盟信息安全科技股份有限公司 | The detection method and device of a kind of worm event |
| RU2647616C1 (en) * | 2016-12-21 | 2018-03-16 | Общество с ограниченной ответственностью "ОНСЕК ИНК." | Method of detecting brute force attack on web service |
-
2020
- 2020-11-17 CN CN202011284353.0A patent/CN112291263A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110099622A1 (en) * | 2009-10-22 | 2011-04-28 | Tai Jin Lee | Apparatus for detecting and filtering application layer ddos attack of web service |
| CN102891829A (en) * | 2011-07-18 | 2013-01-23 | 航天信息股份有限公司 | Method and system for detecting and defending distributed denial of service attack |
| CN103856470A (en) * | 2012-12-06 | 2014-06-11 | 腾讯科技(深圳)有限公司 | Distributed denial of service attack detection method and device |
| CN105227528A (en) * | 2014-06-26 | 2016-01-06 | 华为技术有限公司 | To detection method and the device of the attack of Web server group |
| RU2647616C1 (en) * | 2016-12-21 | 2018-03-16 | Общество с ограниченной ответственностью "ОНСЕК ИНК." | Method of detecting brute force attack on web service |
| CN106790175A (en) * | 2016-12-29 | 2017-05-31 | 北京神州绿盟信息安全科技股份有限公司 | The detection method and device of a kind of worm event |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113660277A (en) * | 2021-08-18 | 2021-11-16 | 广州优视云集科技有限公司 | Crawler-resisting method based on multiplexing embedded point information and processing terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3278534B1 (en) | Networking flow logs for multi-tenant environments | |
| US9742794B2 (en) | Method and apparatus for automating threat model generation and pattern identification | |
| EP3111433B1 (en) | Wireless sensor network | |
| CN112398860A (en) | Safety control method and device | |
| CN112291264B (en) | Security control method, device, server and storage medium | |
| US8798051B2 (en) | Information and communication processing system, method, and network node | |
| CN106534362B (en) | Software resource sharing method and device based on cloud platform | |
| CN112291266B (en) | Data processing method, device, server and storage medium | |
| US20180368007A1 (en) | Security orchestration and network immune system deployment framework | |
| CN112383632A (en) | Load balancing method and device | |
| US20180054456A1 (en) | Website security tracking across a network | |
| CN105684391A (en) | Automated generation of label-based access control rules | |
| CN112256498A (en) | Fault processing method and device | |
| US11481478B2 (en) | Anomalous user session detector | |
| CN113489691B (en) | Network access method, network access device, computer readable medium and electronic equipment | |
| CN112269690B (en) | Data backup method and device | |
| CN110875943A (en) | Security service delivery method and related device | |
| CN112383631A (en) | Regional Internet of things platform and data processing method based on regional Internet of things platform | |
| CN111614639A (en) | Network security analysis method based on boundary theory | |
| CN114553471A (en) | Tenant safety management system | |
| CN112383435B (en) | Fault processing method and device | |
| Magare et al. | Security and privacy issues in smart city: Threats and their countermeasures | |
| CN112291263A (en) | Data blocking method and device | |
| CN114205563A (en) | Comprehensive security system | |
| CN112256490A (en) | Data processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210129 |
|
| RJ01 | Rejection of invention patent application after publication |