CN112600861A - Method and device for detecting network wall turning behavior - Google Patents
Method and device for detecting network wall turning behavior Download PDFInfo
- Publication number
- CN112600861A CN112600861A CN202110232738.0A CN202110232738A CN112600861A CN 112600861 A CN112600861 A CN 112600861A CN 202110232738 A CN202110232738 A CN 202110232738A CN 112600861 A CN112600861 A CN 112600861A
- Authority
- CN
- China
- Prior art keywords
- client
- transit
- servers
- request
- response data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
Abstract
The application discloses a method and a device for detecting a network wall turning behavior. The method determines whether the network access behavior of the client is the network wall turning behavior by monitoring whether the interaction process between the client and the plurality of transfer servers comprises the following steps: the S1 client establishes communication connection with a plurality of transit servers; the S2 client sends a network access request to one transit server in the transit servers; s3, one of the transit servers sends a data request message corresponding to the network access request to another transit server except one of the transit servers; s4 other transfer service terminals obtain the response data in the request range corresponding to the transfer service terminals from the URL address and return the response data to the client terminal; the S5 client side recombines the response data in the request range corresponding to each other transit server side, and the problem that firewall software in the related technology has low detection accuracy on the network wall turning behavior is solved.
Description
Technical Field
The application relates to the technical field of network security, in particular to a method and a device for detecting a network wall-turning behavior, a storage medium and a processor.
Background
Since the beginning of the new century, along with the continuous change of media environment and the emergence of new social media, the phenomenon that various media are utilized to carry out network public opinion infiltration by counterintuitive power often occurs. The main approaches for network public opinion penetration by countering the vigor of Hua are as follows: infiltration with self-media; permeating by using a flow medium; spreading negative information by using the mobile phone APP; and firewall software is developed and cracked to induce domestic netizens to receive relevant information. Therefore, China uses the great wall firewall to monitor and control the Internet. When the content viewed by the user violates his law, the firewall will prohibit access to the website.
The major technologies in the great wall firewall include 4 technologies, such as IP blocking of a national entrance gateway, keyword filtering blocking of a main router, domain name hijacking, HTTPS certificate filtering and the like. Of course, the firewall software and the wall turning software are both true and evil parties and are not played all the time. However, the new wall-turning technology is rapidly changed, so that the firewall software has defects in technical width, the accuracy of network wall-turning behavior detection is reduced, and the national network security cannot be guaranteed.
Aiming at the problem that the firewall software in the related technology has low accuracy in detecting the network wall turning behavior, no effective solution is provided at present.
Disclosure of Invention
The present application mainly aims to provide a method, an apparatus, a storage medium, and a processor for detecting a network wall-turning behavior, so as to solve the problem in the related art that the accuracy of firewall software for detecting the network wall-turning behavior is low.
In order to achieve the above object, according to an aspect of the present application, there is provided a method for detecting a network wall-turning behavior, including:
if the interaction process between the client and the plurality of transit servers comprises the following steps, determining that the network access behavior of the client is a network wall turning behavior:
step S1, the client establishes communication connection with the plurality of transit servers;
step S2, the client sends a network access request to one of the transit servers;
step S3, the one transit server sends a data request message corresponding to the network access request to other transit servers except the one transit server, where the data request message includes: the IP address of the client, the URL address to be accessed, and the request range of the other transfer service terminals for requesting response data from the URL address;
step S4, the other transit server obtains the response data in the request range corresponding to itself from the URL address, and returns the response data in the request range corresponding to itself to the client;
and step S5, the client reorganizes the response data in the request range corresponding to each of the other transit servers.
Further, the step S1 of establishing, by the client, communication connections with the plurality of transit servers includes:
the client sends a network connection request to the transmitting end;
the distributing terminal acquires the IP addresses of the plurality of transfer service terminals and feeds the IP addresses back to the client;
the client establishes communication connection with the plurality of transfer servers respectively;
and the client informs the IP addresses of the plurality of transfer servers to each transfer server, so that the plurality of transfer servers establish communication connection with each other.
Further, the step of the forwarding end obtaining the IP addresses of the plurality of transit servers and feeding back the IP addresses to the client includes:
the distribution terminal judges whether the number of the transfer service terminals in the idle available state currently exceeds the preset value;
if the distribution end judges that the number of the transfer service ends currently in the idle available state exceeds the preset value, the distribution end randomly selects the plurality of transfer service ends from the transfer service ends currently in the idle available state, and acquires the IP addresses of the plurality of transfer service ends to feed back to the client;
and if the distribution terminal judges that the number of the transfer service terminals in the idle available state does not exceed the preset number, the distribution terminal returns a notification message to the client terminal, wherein the notification message is used for indicating that the network connection request of the client terminal fails.
Further, the method further comprises:
after the other transit servers obtain the response data in the request range corresponding to the other transit servers from the URL address and return the response data in the request range corresponding to the other transit servers to the client, if the client does not receive the response data in the request range corresponding to the other transit servers returned by the other transit servers, or if the client does not obtain complete response data after recombining the response data in the request range corresponding to each of the other transit servers, the client selects another transit server from the multiple transit servers and repeatedly executes the steps S2 to S5 with the another transit server as the one transit server.
Further, the method further comprises:
if the client does not obtain complete response data after executing the steps S2 to S5 to each of the plurality of transit servers, the client executes a shutdown operation and outputs a prompt message, where the prompt message is used to indicate that the client is restarted.
Further, the method further comprises:
when the client executes closing operation, the client sends a closing instruction to the plurality of transfer servers, and the plurality of transfer servers close the communication connection with the client and close the communication connection among the plurality of transfer servers.
Further, the time interval from the client to the client for sending the network connection request to the distribution end to the client for establishing the communication connection with the plurality of transit servers is less than the preset time.
In order to achieve the above object, according to another aspect of the present application, there is provided a device for detecting a wall turnover behavior of a network, including:
a determining unit, configured to determine that a network access behavior of a client is a network wall turning behavior if an interaction process between the client and multiple transit servers includes the following steps:
step S1, the client establishes communication connection with the plurality of transit servers;
step S2, the client sends a network access request to one of the transit servers;
step S3, the one transit server sends a data request message corresponding to the network access request to other transit servers except the one transit server, where the data request message includes: the IP address of the client, the URL address to be accessed, and the request range of the other transfer service terminals for requesting response data from the URL address;
step S4, the other transit server obtains the response data in the request range corresponding to itself from the URL address, and returns the response data in the request range corresponding to itself to the client;
and step S5, the client reorganizes the response data in the request range corresponding to each of the other transit servers.
In order to achieve the above object, according to another aspect of the present application, there is provided a storage medium including a stored program, wherein the program executes the method for detecting a network wall-turning behavior according to any one of the present applications.
In order to achieve the above object, according to another aspect of the present application, there is provided a processor configured to execute a program, where the program executes a method for detecting a network wall turnover behavior according to any one of the above embodiments.
Through the application, the following steps are adopted: determining whether the network access behavior of the client is a network wall-turning behavior by monitoring whether an interaction process between the client and a plurality of transit servers comprises the following steps: step S1, the client establishes communication connection with the plurality of transit servers; step S2, the client sends a network access request to one of the transit servers; step S3, the one transit server sends a data request message corresponding to the network access request to other transit servers except the one transit server, where the data request message includes: the IP address of the client, the URL address to be accessed, and the request range of the other transfer service terminals for requesting response data from the URL address; step S4, the other transit server obtains the response data in the request range corresponding to itself from the URL address, and returns the response data in the request range corresponding to itself to the client; and step S5, the client side recombines the response data in the request range corresponding to each other transit server side, so that the problem of low accuracy of firewall software in network wall-turning behavior detection in the related technology is solved. And then the effect of accurately detecting the wall turning behavior of the network based on the behavior characteristics of the network behavior is achieved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate embodiments of the application and, together with the description, serve to explain the application and are not intended to limit the application. In the drawings:
fig. 1 is a flowchart of a method for detecting a network wall-turning behavior according to an embodiment of the present application; and
fig. 2 is a schematic diagram of a device for detecting a network wall-turning behavior according to an embodiment of the present application.
Detailed Description
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only partial embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It should be understood that the data so used may be interchanged under appropriate circumstances such that embodiments of the application described herein may be used. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
For convenience of description, some terms or expressions referred to in the embodiments of the present application are explained below:
the invention is described below with reference to preferred embodiments.
The embodiment of the application provides a method for detecting a network wall turning behavior. The method relates to a client, a distributing terminal and a transit server. Wherein, the client can be a host; the distributing end can be a plurality of host machines; the transfer server can be a plurality of hosts. The client is an intranet host; the distributing end can be an internal network host and an external network host; the transfer server is an external network host.
The method can detect whether the network access behavior of the client is the network wall turning behavior by monitoring the interaction process between the client and the plurality of transit servers, and specifically, if the interaction process between the client and the plurality of transit servers includes the steps shown in fig. 1, it is determined that the network access behavior of the client is the network wall turning behavior:
step S1, the client establishes communication connection with the plurality of transit servers;
step S2, the client sends a network access request to one of the transit servers;
step S3, the one transit server sends a data request message corresponding to the network access request to other transit servers except the one transit server, where the data request message includes: the IP address of the client, the URL address to be accessed, and the request range of the other transfer service terminals for requesting response data from the URL address;
step S4, the other transit server obtains the response data in the request range corresponding to itself from the URL address, and returns the response data in the request range corresponding to itself to the client;
and step S5, the client reorganizes the response data in the request range corresponding to each of the other transit servers.
Optionally, in step S1, the communication connection between the client and the multiple transit servers includes: the communication connection between the client and each transfer server, and the communication connection between a plurality of transfer servers.
Optionally, the step S1 of establishing the communication connection between the client and the plurality of transit servers may include the following processes:
the client sends a network connection request to the distribution terminal, wherein the network connection request can carry the IP address of the client;
the distributing terminal acquires the IP addresses of the plurality of transfer service terminals and feeds the IP addresses back to the client;
the client establishes communication connection with the plurality of transfer servers respectively;
and the client informs the IP addresses of the plurality of transfer servers to each transfer server, so that the plurality of transfer servers establish communication connection with each other.
In one example, the client may send a network connection request to one of the distribution terminals, and after receiving the network connection request, the one of the distribution terminals obtains the IP addresses of the plurality of transit servers and feeds the IP addresses back to the client. The client establishes communication connection with the plurality of transit servers according to the IP addresses of the plurality of transit servers fed back by the forwarding end, where the manner of establishing communication connection between the client and the plurality of transit servers may include, but is not limited to: the client sends a network connection request to the transfer server; the transfer server responds to the network connection request and returns a notification message of successful network connection to the client, and after the client successfully receives the notification message, the communication connection between the client and the transfer server is successfully established. After a client establishes communication connection with a plurality of transfer servers respectively, the client notifies the IP addresses of the transfer servers to each transfer server, and the transfer servers establish communication connection with each other. The manner of establishing communication connection between the transit servers may also be the same as the manner of establishing communication connection between the client and the transit server, and is not described herein again.
In another example, the client may send network connection requests to a plurality of distribution terminals, respectively, and after each distribution terminal receives the network connection request, the client obtains IP addresses of a plurality of transit servers, respectively, and aggregates the IP addresses of the transit servers in one of the distribution terminals. One of the forwarding terminals selects a plurality of forwarding servers with less network resource occupation according to the IP addresses of the forwarding servers, and feeds back the IP addresses of the plurality of forwarding servers with less network resource occupation to the client. The client establishes communication connection with the plurality of transfer servers according to the IP addresses of the plurality of transfer servers fed back by the distribution end. After a client establishes communication connection with a plurality of transfer servers respectively, the client notifies the IP addresses of the transfer servers to each transfer server, and the transfer servers establish communication connection with each other.
Optionally, the obtaining, by the forwarding end, the IP addresses of the multiple transit servers to feed back to the client may include the following processes:
the forwarding end determines whether the number of transit servers currently in the idle available state exceeds a preset value, wherein the preset threshold value may be set or adjusted according to actual requirements, and is not specifically limited herein.
If the distribution end judges that the number of the transfer service ends currently in the idle available state exceeds the preset value, the distribution end randomly selects the plurality of transfer service ends from the transfer service ends currently in the idle available state, and acquires the IP addresses of the plurality of transfer service ends to feed back to the client.
And if the distribution terminal judges that the number of the transfer service terminals in the idle available state does not exceed the preset number, the distribution terminal returns a notification message to the client terminal, wherein the notification message is used for indicating that the network connection request of the client terminal fails.
Optionally, the client may use a symmetric encrypted communication mode to connect with each transit server, where the communication connection may be a long TCP connection, and during the communication process, the client and the transit server may use TOTP to complete the key exchange. Optionally, the communication connections between the multiple transit servers may also be encrypted according to the requirements.
Optionally, the time interval from the client sending the network connection request to the client establishing the communication connection with the plurality of transit servers is less than a predetermined time. The predetermined time may be set or adjusted according to actual requirements, and is not specifically limited herein.
And after the communication connection between the client and each transfer server and the communication connection between a plurality of transfer servers are successfully established, the complete communication link is successfully established. After step S1 occurs, the client does not send data to another transit server before step S2 occurs.
After the complete communication link is successfully established, the client (referred to as a) sends a network access request to one transit server (referred to as a B) of the plurality of transit servers, where the network access request may carry: the IP address of the client, the URL address to be accessed and the like. B performs information processing after receiving the network access request of a, including calculating a request range of each transit server except B from the URL address to request response data, for example, the size of the response data requested by a from the URL address is 2000 bytes, and if there are 3 transit servers, which are B, C, D respectively, then B calculates that the request range of B from the URL address to request response data is 0-1024; c the request range of the response data requested from the URL address is 1000-1500; the request range for requesting the response data from the URL address is 1500-. It should be noted that the request ranges of each relay server for requesting the response data from the URL address may or may not overlap with each other, but the combination of the request ranges corresponding to the plurality of relay servers must be consistent with the size of the response data.
After calculating the request range of each transit server for requesting response data from the URL address, B sends a data request message to other transit servers except B among the plurality of transit servers, where the data request message includes: the IP address of the client, the URL address to be accessed, and the request range of the response data requested by the other transfer service terminals from the URL address. And the other transit server side acquires the response data in the request range corresponding to the other transit server side from the URL address and returns the response data in the request range corresponding to the other transit server side to the client side. For example, if a size of response data requested from the URL address is 2000 bytes and there are 3 transit servers, each of which is B, C, D, B calculates that a request range of B requesting response data from the URL address is 0 to 1024; c the request range of the response data requested from the URL address is 1000-1500; the request range for requesting the response data from the URL address is 1500-. And then B sends a data request message to C and D, wherein the data request message comprises: the IP address of the client, the URL address to be accessed, and the request range of B, C, D for requesting response data from the URL address are respectively 0-1024; 1000-1500; 1500-2000. B, response data in the URL address requests 0-1024 are returned to the client; c, response data in the URL address request 1000-1500 is returned to the client; and D, returning response data in the URL address request 1500-2000 to the client.
And after receiving the response data in the request range corresponding to each of the other transit servers, the client side can recombine the response data in the request range corresponding to each of the other transit servers. If the request ranges corresponding to a plurality of other transfer service terminals are not overlapped, the client can directly splice and combine the data; if the request ranges corresponding to the other transit servers are not overlapped, the client filters out repeated data and then splices the combined data.
After the client reconstructs the response data in the request range corresponding to each of the other transit servers, if complete response data is obtained, the network access request of the client is processed, and at this time, it may be determined that the network access behavior of the client is a network wall-turning behavior, that is, the interaction process among the client, the distribution terminal, and the transit server is as shown in steps S1 to S5, and then it is determined that the network access behavior of the client is the network wall-turning behavior, and then the subsequent data request or data response may be prevented by using other manners such as a network blocking.
After the client reorganizes the response data in the request range corresponding to each of the other transit servers, if the client does not receive the response data in the request range corresponding to the client returned by the other transit servers, or if the client does not reorganize the response data in the request range corresponding to each of the other transit servers, the client selects another transit server from the plurality of transit servers, and repeatedly executes the steps S2 to S5 with the another transit server as the one transit server. And if the client can obtain complete response data once, the network access behavior of the client is the network wall turning behavior.
If the client does not obtain complete response data after executing the steps S2 to S5 to each of the plurality of transit servers, the client executes a shutdown operation and outputs a prompt message, where the prompt message is used to indicate that the client is restarted.
When the client executes a closing operation, the client sends a closing instruction to the plurality of transit servers, and the plurality of transit servers close the communication connection with the client and close the communication connection among the plurality of transit servers.
It should be noted that, in the detection method for the network wall-turning behavior in the embodiment of the present application, analysis and restoration of TCP/IP data at a network outlet are completed, feature matching is performed based on the connection rule of multiple source IP addresses and destination IP addresses, association judgment is performed according to multiple matching results, and finally, detection of the feature of the network wall-turning behavior is achieved. The method uses multiple rules for detection, and ensures the detection accuracy to a certain extent. The method uses the behavior rule for detection, and in a network environment with a horizontal private protocol, the network wall turning behavior is difficult to detect according to the fingerprint characteristics, so that the method is a good direction by researching the network connection behavior when the wall turning software operates. The method can be used for forbidding specific network wall turning behaviors, isolating the communication between the overseas force and the domestic personnel, maintaining the domestic public opinion stability, promoting the national network security and ensuring the long-term security of the country.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowcharts, in some cases, the steps illustrated or described may be performed in an order different than presented herein.
The embodiment of the present application further provides a device for detecting a network wall turning behavior, and it should be noted that the device for detecting a network wall turning behavior of the embodiment of the present application may be used to execute the method for detecting a network wall turning behavior provided by the embodiment of the present application. The following describes a device for detecting a network wall-turning behavior provided by the embodiment of the present application.
Fig. 2 is a schematic diagram of a device for detecting a network wall-turning behavior according to an embodiment of the present application. As shown in fig. 2, the apparatus includes:
the determining unit 21 determines that the network access behavior of the client is a network wall-turning behavior if the interaction process between the client and the multiple transit servers includes the following steps:
step S1, the client establishes communication connection with the plurality of transit servers;
step S2, the client sends a network access request to one of the transit servers;
step S3, the one transit server sends a data request message corresponding to the network access request to other transit servers except the one transit server, where the data request message includes: the IP address of the client, the URL address to be accessed, and the request range of the other transfer service terminals for requesting response data from the URL address;
step S4, the other transit server obtains the response data in the request range corresponding to itself from the URL address, and returns the response data in the request range corresponding to itself to the client;
and step S5, the client reorganizes the response data in the request range corresponding to each of the other transit servers.
Further, the step S1 of establishing, by the client, communication connections with the plurality of transit servers includes:
the client sends a network connection request to the transmitting end;
the distributing terminal acquires the IP addresses of the plurality of transfer service terminals and feeds the IP addresses back to the client;
the client establishes communication connection with the plurality of transfer servers respectively;
and the client informs the IP addresses of the plurality of transfer servers to each transfer server, so that the plurality of transfer servers establish communication connection with each other.
Further, the step of the forwarding end obtaining the IP addresses of the plurality of transit servers and feeding back the IP addresses to the client includes:
the distribution terminal judges whether the number of the transfer service terminals in the idle available state currently exceeds the preset value;
if the distribution end judges that the number of the transfer service ends currently in the idle available state exceeds the preset value, the distribution end randomly selects the plurality of transfer service ends from the transfer service ends currently in the idle available state, and acquires the IP addresses of the plurality of transfer service ends to feed back to the client;
and if the distribution terminal judges that the number of the transfer service terminals in the idle available state does not exceed the preset number, the distribution terminal returns a notification message to the client terminal, wherein the notification message is used for indicating that the network connection request of the client terminal fails.
Further, the apparatus further comprises: a reprocessing unit, configured to, after the other transit servers obtain response data in the request range corresponding to the other transit servers from the URL address and return the response data in the request range corresponding to the other transit servers to the client, if the client does not receive the response data in the request range corresponding to the other transit servers returned by the other transit servers, or if the client does not obtain complete response data after recombining the response data in the request range corresponding to each of the other transit servers, the client selects another transit server from the multiple transit servers, and repeatedly executes the steps S2 to S5 with the another transit server as the one transit server.
Further, the apparatus further comprises: a shutdown unit, configured to, if complete response data is not obtained after the client performs the steps S2 to S5 on each of the plurality of transit servers, execute a shutdown operation on the client, and output a prompt message, where the prompt message is used to indicate that the client is restarted.
Further, the apparatus further comprises: and the sending unit is used for sending a closing instruction to the plurality of transfer service terminals by the client when the client executes closing operation, closing the communication connection between the plurality of transfer service terminals and the client, and closing the communication connection between the plurality of transfer service terminals.
Further, the time interval from the client to the client for sending the network connection request to the distribution end to the client for establishing the communication connection with the plurality of transit servers is less than the preset time.
The device for detecting a network wall-turning behavior provided in the embodiment of the present application determines whether the network access behavior of the client is a network wall-turning behavior by determining whether the determining unit 21 monitors an interaction process between the client and a plurality of transit servers, including the following steps: step S1, the client establishes communication connection with the plurality of transit servers; step S2, the client sends a network access request to one of the transit servers; step S3, the one transit server sends a data request message corresponding to the network access request to other transit servers except the one transit server, where the data request message includes: the IP address of the client, the URL address to be accessed, and the request range of the other transfer service terminals for requesting response data from the URL address; step S4, the other transit server obtains the response data in the request range corresponding to itself from the URL address, and returns the response data in the request range corresponding to itself to the client; and step S5, the client side recombines the response data in the request range corresponding to each other transit server side, so that the problem of low accuracy of firewall software in network wall-turning behavior detection in the related technology is solved. And then the effect of accurately detecting the wall turning behavior of the network based on the behavior characteristics of the network behavior is achieved.
The detection device for the network wall turning behavior comprises a processor and a memory, wherein the determining unit and the like are stored in the memory as program units, and the processor executes the program units stored in the memory to realize corresponding functions.
The processor comprises a kernel, and the kernel calls the corresponding program unit from the memory. One or more kernels can be set, and accurate detection of the network wall turning behavior is achieved by adjusting kernel parameters.
The memory may include volatile memory in a computer readable medium, Random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip.
The embodiment of the invention provides a storage medium, wherein a program is stored on the storage medium, and the program realizes the detection method of the network wall turning behavior when being executed by a processor.
The embodiment of the invention provides a processor, which is used for running a program, wherein the detection method of the network wall turning behavior is executed when the program runs.
The embodiment of the invention provides equipment, which comprises a processor, a memory and a program which is stored on the memory and can run on the processor, wherein the processor executes the program and realizes the following steps: if the interaction process between the client and the plurality of transit servers comprises the following steps, determining that the network access behavior of the client is a network wall turning behavior: step S1, the client establishes communication connection with the plurality of transit servers; step S2, the client sends a network access request to one of the transit servers; step S3, the one transit server sends a data request message corresponding to the network access request to other transit servers except the one transit server, where the data request message includes: the IP address of the client, the URL address to be accessed, and the request range of the other transfer service terminals for requesting response data from the URL address; step S4, the other transit server obtains the response data in the request range corresponding to itself from the URL address, and returns the response data in the request range corresponding to itself to the client; and step S5, the client reorganizes the response data in the request range corresponding to each of the other transit servers.
The processor executes the program and further realizes the following steps: the client sends a network connection request to the transmitting end; the distributing terminal acquires the IP addresses of the plurality of transfer service terminals and feeds the IP addresses back to the client; the client establishes communication connection with the plurality of transfer servers respectively; and the client informs the IP addresses of the plurality of transfer servers to each transfer server, so that the plurality of transfer servers establish communication connection with each other.
The processor executes the program and further realizes the following steps: the distribution terminal judges whether the number of the transfer service terminals in the idle available state currently exceeds the preset value; if the distribution end judges that the number of the transfer service ends currently in the idle available state exceeds the preset value, the distribution end randomly selects the plurality of transfer service ends from the transfer service ends currently in the idle available state, and acquires the IP addresses of the plurality of transfer service ends to feed back to the client; and if the distribution terminal judges that the number of the transfer service terminals in the idle available state does not exceed the preset number, the distribution terminal returns a notification message to the client terminal, wherein the notification message is used for indicating that the network connection request of the client terminal fails.
The processor executes the program and further realizes the following steps: after the other transit servers obtain the response data in the request range corresponding to the other transit servers from the URL address and return the response data in the request range corresponding to the other transit servers to the client, if the client does not receive the response data in the request range corresponding to the other transit servers returned by the other transit servers, or if the client does not obtain complete response data after recombining the response data in the request range corresponding to each of the other transit servers, the client selects another transit server from the multiple transit servers and repeatedly executes the steps S2 to S5 with the another transit server as the one transit server.
The processor executes the program and further realizes the following steps: if the client does not obtain complete response data after executing the steps S2 to S5 to each of the plurality of transit servers, the client executes a shutdown operation and outputs a prompt message, where the prompt message is used to indicate that the client is restarted.
The processor executes the program and further realizes the following steps: when the client executes closing operation, the client sends a closing instruction to the plurality of transfer servers, and the plurality of transfer servers close the communication connection with the client and close the communication connection among the plurality of transfer servers.
The device herein may be a server, a PC, a PAD, a mobile phone, etc.
The present application further provides a computer program product adapted to perform a program for initializing the following method steps when executed on a data processing device: if the interaction process between the client and the plurality of transit servers comprises the following steps, determining that the network access behavior of the client is a network wall turning behavior: step S1, the client establishes communication connection with the plurality of transit servers; step S2, the client sends a network access request to one of the transit servers; step S3, the one transit server sends a data request message corresponding to the network access request to other transit servers except the one transit server, where the data request message includes: the IP address of the client, the URL address to be accessed, and the request range of the other transfer service terminals for requesting response data from the URL address; step S4, the other transit server obtains the response data in the request range corresponding to itself from the URL address, and returns the response data in the request range corresponding to itself to the client; and step S5, the client reorganizes the response data in the request range corresponding to each of the other transit servers.
It is further adapted to perform a procedure for initializing the following method steps: the client sends a network connection request to the transmitting end; the distributing terminal acquires the IP addresses of the plurality of transfer service terminals and feeds the IP addresses back to the client; the client establishes communication connection with the plurality of transfer servers respectively; and the client informs the IP addresses of the plurality of transfer servers to each transfer server, so that the plurality of transfer servers establish communication connection with each other.
It is further adapted to perform a procedure for initializing the following method steps: the distribution terminal judges whether the number of the transfer service terminals in the idle available state currently exceeds the preset value; if the distribution end judges that the number of the transfer service ends currently in the idle available state exceeds the preset value, the distribution end randomly selects the plurality of transfer service ends from the transfer service ends currently in the idle available state, and acquires the IP addresses of the plurality of transfer service ends to feed back to the client; and if the distribution terminal judges that the number of the transfer service terminals in the idle available state does not exceed the preset number, the distribution terminal returns a notification message to the client terminal, wherein the notification message is used for indicating that the network connection request of the client terminal fails.
It is further adapted to perform a procedure for initializing the following method steps: after the other transit servers obtain the response data in the request range corresponding to the other transit servers from the URL address and return the response data in the request range corresponding to the other transit servers to the client, if the client does not receive the response data in the request range corresponding to the other transit servers returned by the other transit servers, or if the client does not obtain complete response data after recombining the response data in the request range corresponding to each of the other transit servers, the client selects another transit server from the multiple transit servers and repeatedly executes the steps S2 to S5 with the another transit server as the one transit server.
It is further adapted to perform a procedure for initializing the following method steps: if the client does not obtain complete response data after executing the steps S2 to S5 to each of the plurality of transit servers, the client executes a shutdown operation and outputs a prompt message, where the prompt message is used to indicate that the client is restarted.
It is further adapted to perform a procedure for initializing the following method steps: when the client executes closing operation, the client sends a closing instruction to the plurality of transfer servers, and the plurality of transfer servers close the communication connection with the client and close the communication connection among the plurality of transfer servers.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). The memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (10)
1. A method for detecting a network wall-turning behavior is characterized by comprising the following steps:
if the interaction process between the client and the plurality of transit servers comprises the following steps, determining that the network access behavior of the client is a network wall turning behavior:
step S1, the client establishes communication connection with the plurality of transit servers;
step S2, the client sends a network access request to one of the transit servers;
step S3, the one transit server sends a data request message corresponding to the network access request to other transit servers except the one transit server, where the data request message includes: the IP address of the client, the URL address to be accessed, and the request range of the other transfer service terminals for requesting response data from the URL address;
step S4, the other transit server obtains the response data in the request range corresponding to itself from the URL address, and returns the response data in the request range corresponding to itself to the client;
and step S5, the client reorganizes the response data in the request range corresponding to each of the other transit servers.
2. The method according to claim 1, wherein the step S1 of the client establishing the communication connection with the plurality of transit servers includes:
the client sends a network connection request to the transmitting end;
the distributing terminal acquires the IP addresses of the plurality of transfer service terminals and feeds the IP addresses back to the client;
the client establishes communication connection with the plurality of transfer servers respectively;
and the client informs the IP addresses of the plurality of transfer servers to each transfer server, so that the plurality of transfer servers establish communication connection with each other.
3. The method of claim 2, wherein the forwarding end obtaining the IP addresses of the plurality of transit servers and feeding back the IP addresses to the client comprises:
the distribution terminal judges whether the number of the transfer service terminals in the idle available state currently exceeds the preset value;
if the distribution end judges that the number of the transfer service ends currently in the idle available state exceeds the preset value, the distribution end randomly selects the plurality of transfer service ends from the transfer service ends currently in the idle available state, and acquires the IP addresses of the plurality of transfer service ends to feed back to the client;
and if the distribution terminal judges that the number of the transfer service terminals in the idle available state does not exceed the preset number, the distribution terminal returns a notification message to the client terminal, wherein the notification message is used for indicating that the network connection request of the client terminal fails.
4. The method of claim 1, further comprising:
after the other transit servers obtain the response data in the request range corresponding to the other transit servers from the URL address and return the response data in the request range corresponding to the other transit servers to the client, if the client does not receive the response data in the request range corresponding to the other transit servers returned by the other transit servers, or if the client does not obtain complete response data after recombining the response data in the request range corresponding to each of the other transit servers, the client selects another transit server from the multiple transit servers and repeatedly executes the steps S2 to S5 with the another transit server as the one transit server.
5. The method of claim 4, further comprising:
if the client does not obtain complete response data after executing the steps S2 to S5 to each of the plurality of transit servers, the client executes a shutdown operation and outputs a prompt message, where the prompt message is used to indicate that the client is restarted.
6. The method of claim 5, further comprising:
when the client executes closing operation, the client sends a closing instruction to the plurality of transfer servers, and the plurality of transfer servers close the communication connection with the client and close the communication connection among the plurality of transfer servers.
7. The method of claim 5,
and the time interval for sending the network connection request from the client to the distribution terminal to the client to establish the communication connection with the plurality of transit servers is less than the preset time.
8. A detection device for a network wall-turning behavior is characterized by comprising:
a determining unit, configured to determine that a network access behavior of a client is a network wall turning behavior if an interaction process between the client and multiple transit servers includes the following steps:
step S1, the client establishes communication connection with the plurality of transit servers;
step S2, the client sends a network access request to one of the transit servers;
step S3, the one transit server sends a data request message corresponding to the network access request to other transit servers except the one transit server, where the data request message includes: the IP address of the client, the URL address to be accessed, and the request range of the other transfer service terminals for requesting response data from the URL address;
step S4, the other transit server obtains the response data in the request range corresponding to itself from the URL address, and returns the response data in the request range corresponding to itself to the client;
and step S5, the client reorganizes the response data in the request range corresponding to each of the other transit servers.
9. A storage medium characterized by comprising a stored program, wherein the program executes the method for detecting a network wall-turning behavior according to any one of claims 1 to 7.
10. A processor, configured to execute a program, wherein the program executes the method for detecting the network wall-turning behavior according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110232738.0A CN112600861A (en) | 2021-03-03 | 2021-03-03 | Method and device for detecting network wall turning behavior |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110232738.0A CN112600861A (en) | 2021-03-03 | 2021-03-03 | Method and device for detecting network wall turning behavior |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112600861A true CN112600861A (en) | 2021-04-02 |
Family
ID=75210107
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110232738.0A Pending CN112600861A (en) | 2021-03-03 | 2021-03-03 | Method and device for detecting network wall turning behavior |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112600861A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113505323A (en) * | 2021-05-26 | 2021-10-15 | 杭州安恒信息技术股份有限公司 | Identification method, device, equipment and storage medium for providing wall-turning service website |
-
2021
- 2021-03-03 CN CN202110232738.0A patent/CN112600861A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113505323A (en) * | 2021-05-26 | 2021-10-15 | 杭州安恒信息技术股份有限公司 | Identification method, device, equipment and storage medium for providing wall-turning service website |
| CN113505323B (en) * | 2021-05-26 | 2024-01-30 | 杭州安恒信息技术股份有限公司 | Identification method, device, equipment and storage medium for providing wall turning service website |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10362053B1 (en) | Computer security threat sharing | |
| US9275348B2 (en) | Identifying participants for collaboration in a threat exchange community | |
| CN110784433B (en) | User access processing method, device and equipment | |
| US10812314B2 (en) | Methods and apparatuses for pushing a message | |
| CN108063714B (en) | Network request processing method and device | |
| JP6491352B2 (en) | Method and apparatus for regulating batch billing of services | |
| US9749354B1 (en) | Establishing and transferring connections | |
| CN109450766B (en) | Access processing method and device for work area level VPN | |
| CN110933084B (en) | Cross-domain shared login state method, device, terminal and storage medium | |
| EP3092749A1 (en) | Method and apparatus of identifying proxy ip address | |
| WO2018023936A1 (en) | Method and device for implementing sharing of wireless access point | |
| CN107026758B (en) | Information processing method, information processing system and server for CDN service update | |
| CN112600861A (en) | Method and device for detecting network wall turning behavior | |
| CN108541000B (en) | Method, medium and device for detecting network connection | |
| CN107623916B (en) | Method and equipment for WiFi network security monitoring | |
| CN107819754A (en) | A kind of anti-abduction method, monitoring server, terminal and system | |
| CN106101075B (en) | A kind of method and apparatus for realizing secure access | |
| CN111490961B (en) | Communication connection blocking system, method, device and equipment | |
| CN109347766B (en) | Resource scheduling method and device | |
| CN105959248B (en) | The method and device of message access control | |
| CN105262605B (en) | A kind of method, apparatus and system obtaining local information | |
| US20140047014A1 (en) | Network access system | |
| CN109347822A (en) | A kind of user accesses the reminding method and device of unauthorized resource | |
| CN114793171A (en) | Access request intercepting method and device, storage medium and electronic device | |
| CN109040145B (en) | Method for safely accessing local area network, storage medium and application server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210402 |
|
| RJ01 | Rejection of invention patent application after publication |