CN112671695A - Method, system, medium, and apparatus for limiting number of IP access connections from the same source - Google Patents
Method, system, medium, and apparatus for limiting number of IP access connections from the same source Download PDFInfo
- Publication number
- CN112671695A CN112671695A CN201910984982.5A CN201910984982A CN112671695A CN 112671695 A CN112671695 A CN 112671695A CN 201910984982 A CN201910984982 A CN 201910984982A CN 112671695 A CN112671695 A CN 112671695A
- Authority
- CN
- China
- Prior art keywords
- limiting
- access
- module
- same
- connections
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method, a system, a medium and a device for limiting the number of IP access connections of the same source, which comprises the following steps: loading an access connection number limiting unit in a Linux system; the number of access connections for the same period of the same source IP is set to a preset number based on the access connection number limiting unit. The method, the system, the medium and the device for limiting the number of the access connections of the same source IP are used for setting the number of the access connections of the same source IP in the same time period for the Linux system and preventing the Linux system from being attacked by DDOS.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method, a system, a medium, and an apparatus for limiting the number of IP access connections from the same source.
Background
The Linux operating system is a clone system developed based on the UNIX operating system, and is born in the Linux desktop of 10, 5 (which is the first time of official publishing outwards) in 1991. With the help of the Internet network, and through the common efforts of computer enthusiasts all over the world, the UNIX-type operating system which is the most used in the world today is formed, and the number of users is also increasing dramatically. Existing Linux systems are vulnerable to DDOS attacks.
Therefore, it is desirable to solve the problem of how to better protect Linux systems from DDOS attacks.
Disclosure of Invention
In view of the above-mentioned shortcomings of the prior art, the present invention provides a method, system, medium and apparatus for limiting the number of connections accessed by the same source IP, so as to solve the problem of how to better protect Linux system from DDOS attack in the prior art.
In order to achieve the above objects and other related objects, the present invention provides a method for limiting the number of connections accessed to a same source IP based on a Linux system, comprising the steps of: loading an access connection number limiting unit in a Linux system; the number of access connections for the same period of the same source IP is set to a preset number based on the access connection number limiting unit.
In an embodiment of the present invention, the method further includes determining whether the access connection number limitation unit is loaded to the Linux system.
In an embodiment of the present invention, the step of loading the access connection number limiting unit in the Linux system includes the following steps: the connection number limiting unit is accessed by initiating script loading.
In an embodiment of the present invention, the method further includes the following steps: receiving an instruction of a client; judging whether the number of the access connections of the instruction is less than or equal to the preset number or not; when the number of the access connections is less than or equal to the preset number, not limiting the access connections of the instruction; and when the number of the access connections is larger than the preset number, limiting the access connections exceeding the preset number.
In order to achieve the above object, the present invention further provides a system for limiting the number of connections accessed by the same source IP based on the Linux system, comprising: a loading module and a setting module; the loading module is used for loading the access connection number limiting unit in the Linux system; the setting module is used for setting the number of the access connections of the same source IP in the same period to be a preset number based on the access connection number limiting unit.
In an embodiment of the present invention, the Linux system further includes a confirming module, and the confirming module is configured to confirm whether the access connection number limiting unit is loaded to the Linux system.
In an embodiment of the present invention, the method further includes: the device comprises a command receiving module, a quantity judging module, a non-limiting module and a limiting module; the receiving instruction module is used for receiving an instruction of a client; the quantity judging module is used for judging whether the quantity of the access connections of the instruction is less than or equal to the preset quantity; the non-limiting module is used for not limiting the access connection of the instruction when the number of the access connections is less than or equal to the preset number; the limiting module is used for limiting the access connections exceeding the preset number when the number of the access connections is larger than the preset number.
To achieve the above object, the present invention further provides a computer-readable storage medium having a computer program stored thereon, which, when being executed by a processor, implements any of the above methods for limiting the number of connections for the same source IP access based on the Linux system.
In order to achieve the above object, the present invention further provides a device for limiting the number of IP access connections from the same source, including: a processor and a memory; the memory is used for storing a computer program; the processor is connected with the memory and is used for executing the computer program stored in the memory so as to enable the same source IP access connection number limiting device to execute any one of the above methods for limiting the same source IP access connection number based on the Linux system.
Finally, the invention also provides a same source IP access connection number limiting system based on the Linux system, which comprises the same source IP access connection number limiting device and a client; and the client is used for sending an instruction to the same source IP access connection number limiting device.
As described above, the method, system, medium, and apparatus for limiting the number of connections accessed by the same source IP according to the present invention have the following advantages: and setting the number of access connections of the same source IP in the same period for preventing the Linux system from being attacked by the DDOS.
Drawings
FIG. 1 is a flowchart illustrating a method for limiting the number of IP access connections to a same source based on a Linux system according to an embodiment of the present invention;
FIG. 2 is a block diagram illustrating an embodiment of a system for limiting the number of IP access connections from a same source based on a Linux system according to the present invention;
FIG. 3 is a schematic structural diagram illustrating an apparatus for limiting the number of IP access connections from one source according to an embodiment of the present invention;
FIG. 4 is a schematic diagram illustrating a structure of a system for limiting the number of IP access connections from the same source based on a Linux system according to another embodiment of the present invention;
FIG. 5 is a block diagram illustrating a system for limiting the number of IP access connections from a same source based on a Linux system according to another embodiment of the present invention.
Description of the element reference numerals
21 load module
22 setting module
31 processor
32 memory
41 same source IP access connection number limiting device
42 client
51 same source IP access connection number limiting device
52 first client
53 second client
Detailed Description
The embodiments of the present invention are described below with reference to specific embodiments, and other advantages and effects of the present invention will be easily understood by those skilled in the art from the disclosure of the present specification. The invention is capable of other and different embodiments and of being practiced or of being carried out in various ways, and its several details are capable of modification in various respects, all without departing from the spirit and scope of the present invention. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict.
It should be noted that the drawings provided in the following embodiments are only for illustrating the basic idea of the present invention, so that the components related to the present invention are only shown in the drawings rather than drawn according to the number, shape and size of the components in actual implementation, the type, quantity and proportion of the components in actual implementation can be changed freely, and the layout of the components can be more complicated.
The method, the system, the medium and the device for limiting the number of the access connections of the same source IP are used for setting the number of the access connections of the same source IP in the same time period for the Linux system and preventing the Linux system from being attacked by DDOS.
As shown in fig. 1, in an embodiment, the method for limiting the number of connections accessed by the same source IP based on the Linux system of the present invention includes the following steps:
and step S11, loading an access connection number limiting unit in the Linux system.
In an embodiment of the invention, the connection number limiting unit is a connlimit module. And adding a system patch for the Linux system before the Linux system loads the access connection number limiting unit. The system patch is characterized in that corresponding patch software is installed to supplement bugs in the system, and the places with water leakage are supplemented, so that the invasion of viruses of the same type is avoided. After the system is released, some programs are discovered to have bugs which can be used by hackers to attack users, so that corresponding measures are released to deal with the hackers, some application programs are used for repairing the bugs and are called 'patches', and after the patches are installed, the hackers cannot use the bugs to attack the users. Hackers try to attack the system from other locations, and often issue patches to combat the hackers. The system patch is a program which is actually produced by a programmer to repair bugs in the system after discovering that the programmer utilizes the bugs in the system to carry out malignant virus destruction. Just as the people who mend the ship, some places of ship are not well connected, have intake, we use antivirus software and firewall, just ladles out the water with the ladle as if, we install the patch for the system, just as if directly with the wooden plate or welder, mend this hole, and the water has never got into. And loading an access connection number limiting unit in the Linux system after adding the system patch to the Linux system. Specifically, the connection number limiting unit is a connlimit module, and the loading of the connlimit module is performed by executing a first instruction. The first instruction is: modprobe ipt _ connlimit. DDOS attack: distributed Denial of Service (DDoS) attacks refer to the joint use of multiple computers as an attack platform by means of client/server technology, and launch DDoS attacks on one or more targets, thereby exponentially improving the power of Denial of Service attacks. Typically, an attacker installs a DDOS host on a computer using a stolen account number, and at a set time the host will communicate with a number of agents that have been installed on many computers on the network. The agent, upon receiving the instruction, launches an attack. With client/server technology, the host can activate hundreds or thousands of runs of agents in a few seconds.
In an embodiment of the present invention, the method further includes determining whether the access connection number limitation unit is loaded to the Linux system. Specifically, whether the connlimit module is loaded to the Linux system is confirmed. And confirming whether the connlimit module is loaded to the Linux system or not by executing a second instruction. The second instruction is: lsmod | grepp.
In an embodiment of the present invention, the step of loading the access connection number limiting unit in the Linux system includes the following steps: the connection number limiting unit is accessed by initiating script loading. Specifically, the start script is an IPtables start script, and the access connection number limiting unit is loaded in the IPtables start script by loading the access connection number limiting unit in the IPtables start script, so that the access connection number limiting unit can be loaded by the IPtables start script. Specifically, the access connection number limiting unit is a connlimit module, and the loading of the connlimit module in the iptables start-up script is realized by executing a third instruction, where the third instruction is: the/sbin/modprobe ipt _ connlimit.
Step S12, setting the number of access connections of the same source IP for the same period to a preset number based on the access connection number limiting unit.
In an embodiment of the present invention, the number of access connections in the same time period of the same source IP is set to be a preset number based on the connlimit module. I.e. the number of access connections defining the same time period of the same source IP, e.g. the number of access connections defining the same time period of the same source IP is at most 100. I.e. an instruction is received from the client at a certain point in time, said instruction comprising a maximum number of 100 access connections. Specifically, the setting of the number of access connections for the same period of the same source IP is realized by executing the fourth instruction. When the preset number is 100, the fourth instruction is: iptables-I INPUT-p tcp-syn- -dport 80-m connlimit- -connlimit-above 100-j REJECT. Or: iptables-I INPUT-p tcp-syn-dport 80-m connlimit! - - -connlimit-above 100-j ACCEPT. Specifically, the same source IP is an IP of the same IP address. The number of access connections of the same source IP in the same time period is the number of concurrent links of a single IP.
In an embodiment of the present invention, the method further includes the following steps:
an instruction of a client is received. Specifically, an instruction is received from the client at a certain time point, and the instruction includes a certain number of access connections. One instruction of the client at a certain time point comprises a certain number of access connections of the same source IP in the same time period.
And judging whether the number of the access connections of the instruction is less than or equal to the preset number.
And when the number of the access connections is less than or equal to the preset number, not limiting the access connections of the instruction.
And when the number of the access connections is larger than the preset number, limiting the access connections exceeding the preset number. Specifically, for example, if the preset number is 100, the access connection 100 is not restricted in the portion of the internal portion (including 100 th), and the access connection 100 is restricted in the portion of the external portion (not including 100 th), that is, access is denied.
As shown in fig. 2, in an embodiment, the system for limiting the number of IP access connections to the same source based on the Linux system of the present invention includes a loading module 21 and a setting module 22.
The loading module 21 is used for loading the access connection number limiting unit in the Linux system.
In an embodiment of the invention, the connection number limiting unit is a connlimit module. And adding a system patch for the Linux system before the Linux system loads the access connection number limiting unit. And loading an access connection number limiting unit in the Linux system after adding the system patch to the Linux system. Specifically, the connection number limiting unit is a connlimit module, and the loading of the connlimit module is performed by executing a first instruction. The first instruction is: modprobe ipt _ connlimit.
In an embodiment of the present invention, the method further includes determining whether the access connection number limitation unit is loaded to the Linux system. Specifically, whether the connlimit module is loaded to the Linux system is confirmed. And confirming whether the connlimit module is loaded to the Linux system or not by executing a second instruction. The second instruction is: lsmod | grepp.
In an embodiment of the present invention, the step of loading the access connection number limiting unit in the Linux system includes the following steps: the connection number limiting unit is accessed by initiating script loading. Specifically, the start script is an iptables start script, and the access connection number limiting unit is loaded in the iptables start script by loading the access connection number limiting unit in the iptables start script, so that the access connection number limiting unit can be loaded by the iptables start script. Specifically, the access connection number limiting unit is a connlimit module, and the loading of the connlimit module in the iptables start-up script is realized by executing a third instruction, where the third instruction is: the/sbin/modprobe ipt _ connlimit.
The setting module is used for setting the number of the access connections of the same source IP in the same period to be a preset number based on the access connection number limiting unit.
In an embodiment of the present invention, the number of access connections in the same time period of the same source IP is set to be a preset number based on the connlimit module. I.e. the number of access connections defining the same time period of the same source IP, e.g. the number of access connections defining the same time period of the same source IP is at most 100. I.e. an instruction is received from the client at a certain point in time, said instruction comprising a maximum number of 100 access connections. Specifically, the setting of the number of access connections for the same period of the same source IP is realized by executing the fourth instruction. When the preset number is 100, the fourth instruction is: iptables-I INPUT-p tcp-syn- -dport 80-m connlimit- -connlimit-above 100-j REJECT. Or: iptables-I INPUT-p tcp-syn-dport 80-m connlimit! - - -connlimit-above 100-j ACCEPT. The number of access connections of the same source IP in the same time period is the number of concurrent links of a single IP.
In an embodiment of the present invention, the present invention further includes the following modules:
the instruction receiving module is used for receiving an instruction of the client.
And the quantity judging module is used for judging whether the quantity of the access connections of the instruction is less than or equal to the preset quantity.
And the non-limiting module is used for not limiting the access connection of the instruction when the number of the access connections is less than or equal to the preset number.
The limiting module is used for limiting the access connections exceeding the preset number when the number of the access connections is larger than the preset number.
It should be noted that the division of the modules of the above system is only a logical division, and the actual implementation may be wholly or partially integrated into one physical entity, or may be physically separated. And these modules can be realized in the form of software called by processing element; or may be implemented entirely in hardware; and part of the modules can be realized in the form of calling software by the processing element, and part of the modules can be realized in the form of hardware. For example, the x module may be a processing element that is set up separately, or may be implemented by being integrated in a chip of the apparatus, or may be stored in a memory of the apparatus in the form of program code, and the function of the x module may be called and executed by a processing element of the apparatus. Other modules are implemented similarly. In addition, all or part of the modules can be integrated together or can be independently realized. The processing element described herein may be an integrated circuit having signal processing capabilities. In implementation, each step of the above method or each module above may be implemented by an integrated logic circuit of hardware in a processor element or an instruction in the form of software.
For example, the above modules may be one or more integrated circuits configured to implement the above methods, such as: one or more Application Specific Integrated Circuits (ASICs), or one or more microprocessors (DSPs), or one or more Field Programmable Gate Arrays (FPGAs), among others. For another example, when one of the above modules is implemented in the form of a Processing element scheduler code, the Processing element may be a general-purpose processor, such as a Central Processing Unit (CPU) or other processor capable of calling program code. For another example, these modules may be integrated together and implemented in the form of a system-on-a-chip (SOC).
In an embodiment of the present invention, the present invention further includes a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements any of the methods for limiting the number of connections accessed by the same source IP based on the Linux system.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the above method embodiments may be performed by hardware associated with a computer program. The aforementioned computer program may be stored in a computer readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
As shown in fig. 3, in an embodiment, the apparatus for limiting the number of IP access connections of the same source of the present invention includes: a processor 31 and a memory 32; the memory 32 is for storing a computer program; the processor 31 is connected to the memory 32, and is configured to execute the computer program stored in the memory 32, so that the same source IP access connection number limiting apparatus executes any one of the methods for limiting the same source IP access connection number based on the Linux system.
Specifically, the memory 32 includes: various media that can store program codes, such as ROM, RAM, magnetic disk, U-disk, memory card, or optical disk.
Preferably, the Processor 31 may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; the Integrated Circuit may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, or discrete hardware components.
As shown in fig. 4, in an embodiment of the present invention, the system for limiting the number of connection for the same source IP access based on the Linux system includes the aforementioned device 41 for limiting the number of connection for the same source IP access and the client 42.
The client 42 is configured to send an instruction to the same source IP access connection number limiting device 41. The same source IP access connection number limiting device 41 is configured to receive an instruction of the client 42; judging whether the number of the access connections of the instruction is less than or equal to the preset number or not; when the number of the access connections is less than or equal to the preset number, not limiting the access connections of the instruction; and when the number of the access connections is larger than the preset number, limiting the access connections exceeding the preset number.
As shown in fig. 5, in an embodiment of the present invention, the system for limiting the number of connection for the same source IP access based on the Linux system includes the aforementioned device 51 for limiting the number of connection for the same source IP access, a first client 52 and a second client 53.
The first client 52 is configured to send a first client instruction to the same source IP access connection number limiting device 51. The second client 53 is configured to send a second client instruction to the same source IP access connection number limiting device 51. The same-source IP access connection number limiting device 51 is configured to respectively determine whether the number of access connections of the first client instruction is less than or equal to the preset number; when the number of the access connections is less than or equal to the preset number, not limiting the access connections of the first client instruction; and when the number of the access connections is larger than the preset number, limiting the access connections exceeding the preset number. The same-source IP access connection number limiting device 51 is further configured to determine whether the number of access connections of the second client instruction is less than or equal to the preset number; when the number of the access connections is less than or equal to the preset number, not limiting the access connections of the second client instruction; and when the number of the access connections is larger than the preset number, limiting the access connections exceeding the preset number.
In an embodiment, the system for limiting the number of connection of the same source IP access based on the Linux system of the present invention may include the above-mentioned device for limiting the number of connection of the same source IP access and at least one client.
In summary, the method, system, medium and apparatus for limiting the number of access connections to the same source IP of the present invention flexibly and effectively extend the firewall protection function, and set the number of access connections to the Linux system at the same time period of the same source IP, so as to prevent the Linux system from being attacked by DDOS. Therefore, the invention effectively overcomes various defects in the prior art and has high industrial utilization value.
The foregoing embodiments are merely illustrative of the principles and utilities of the present invention and are not intended to limit the invention. Any person skilled in the art can modify or change the above-mentioned embodiments without departing from the spirit and scope of the present invention. Accordingly, it is intended that all equivalent modifications or changes which can be made by those skilled in the art without departing from the spirit and technical spirit of the present invention be covered by the claims of the present invention.
Claims (10)
1. A same source IP access connection number limiting method based on a Linux system is characterized by comprising the following steps:
loading an access connection number limiting unit in a Linux system;
the number of access connections for the same period of the same source IP is set to a preset number based on the access connection number limiting unit.
2. The Linux system-based same-source IP access connection number limiting method of claim 1, further comprising confirming whether the access connection number limiting unit is loaded to the Linux system.
3. The method for limiting the number of IP access connections of the same source based on the Linux system as recited in claim 1, wherein said loading the access connection number limiting unit in the Linux system comprises the steps of:
the connection number limiting unit is accessed by initiating script loading.
4. The method for limiting the number of IP access connections to the same source based on Linux system according to claim 1, further comprising the steps of:
receiving an instruction of a client;
judging whether the number of the access connections of the instruction is less than or equal to the preset number or not;
when the number of the access connections is less than or equal to the preset number, not limiting the access connections of the instruction;
and when the number of the access connections is larger than the preset number, limiting the access connections exceeding the preset number.
5. A same source IP access connection number limiting system based on a Linux system is characterized by comprising: a loading module and a setting module;
the loading module is used for loading the access connection number limiting unit in the Linux system;
the setting module is used for setting the number of the access connections of the same source IP in the same period to be a preset number based on the access connection number limiting unit.
6. The Linux system-based same-source IP access connection number limiting system of claim 5, further comprising a confirmation module configured to confirm whether the access connection number limiting unit is loaded to the Linux system.
7. The Linux system-based same-source IP access connection number limiting system of claim 5, further comprising: the device comprises a command receiving module, a quantity judging module, a non-limiting module and a limiting module;
the receiving instruction module is used for receiving an instruction of a client;
the quantity judging module is used for judging whether the quantity of the access connections of the instruction is less than or equal to the preset quantity;
the non-limiting module is used for not limiting the access connection of the instruction when the number of the access connections is less than or equal to the preset number;
the limiting module is used for limiting the access connections exceeding the preset number when the number of the access connections is larger than the preset number.
8. A computer-readable storage medium on which a computer program is stored, the computer program, when being executed by a processor, implementing the method for limiting the number of identical source IP access connections of the Linux-based system according to any one of claims 1 to 4.
9. A same-source IP access connection number limiting apparatus, comprising: a processor and a memory;
the memory is used for storing a computer program;
the processor is connected with the memory and is used for executing the computer program stored in the memory so as to enable the same-source IP access connection number limiting device to execute the same-source IP access connection number limiting method based on the Linux system of any one of claims 1 to 4.
10. A same-source IP access connection number limitation system based on a Linux system, comprising the same-source IP access connection number limitation apparatus of claim 9 and a client; and the client is used for sending an instruction to the same source IP access connection number limiting device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910984982.5A CN112671695A (en) | 2019-10-16 | 2019-10-16 | Method, system, medium, and apparatus for limiting number of IP access connections from the same source |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910984982.5A CN112671695A (en) | 2019-10-16 | 2019-10-16 | Method, system, medium, and apparatus for limiting number of IP access connections from the same source |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112671695A true CN112671695A (en) | 2021-04-16 |
Family
ID=75400438
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910984982.5A Pending CN112671695A (en) | 2019-10-16 | 2019-10-16 | Method, system, medium, and apparatus for limiting number of IP access connections from the same source |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112671695A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114710496A (en) * | 2022-04-24 | 2022-07-05 | 中国工商银行股份有限公司 | Multi-node load balancing method and device |
| CN114745413A (en) * | 2022-04-06 | 2022-07-12 | 苏州浪潮智能科技有限公司 | Access control method and device for server, computer equipment and storage medium |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107222471A (en) * | 2017-05-26 | 2017-09-29 | 微梦创科网络科技(中国)有限公司 | A kind of recognition methods of unartificial brush functional interface and identifying system |
-
2019
- 2019-10-16 CN CN201910984982.5A patent/CN112671695A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107222471A (en) * | 2017-05-26 | 2017-09-29 | 微梦创科网络科技(中国)有限公司 | A kind of recognition methods of unartificial brush functional interface and identifying system |
Non-Patent Citations (6)
| Title |
|---|
| ITLAOWU: "iptables使用ipt_connlimit限制连接数", 《HTTPS://WWW.LINUXIDC.COM/LINUX/2012-11/74038.HTM》 * |
| LINUXBOY: ""iptables使用ipt_connlimit限制连接数", 《HTTP://WWW.LINUXBOY.NET/LINUXJC/56655.HTML》 * |
| RORSHACH: "ipt_connlimit限制并发,ipt_recent限制单位时间内的请求数目", 《HTTPS://WWW.CNBLOGS.COM/ITFENQING/P/7953521.HTML》 * |
| 周增国等: "Linux平台下Netfilter/Iptables包过滤防火墙的研究与应用", 《网络安全技术与应用》 * |
| 张德杨: "利用Iptables构建网络防火墙", 《河南科技》 * |
| 李绪等: "Apache并发连接数量控制", 《实验室科学》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114745413A (en) * | 2022-04-06 | 2022-07-12 | 苏州浪潮智能科技有限公司 | Access control method and device for server, computer equipment and storage medium |
| CN114745413B (en) * | 2022-04-06 | 2023-08-08 | 苏州浪潮智能科技有限公司 | Access control method and device for server, computer equipment and storage medium |
| CN114710496A (en) * | 2022-04-24 | 2022-07-05 | 中国工商银行股份有限公司 | Multi-node load balancing method and device |
| CN114710496B (en) * | 2022-04-24 | 2024-05-14 | 中国工商银行股份有限公司 | Multi-node load balancing method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2016369460B2 (en) | Dual memory introspection for securing multiple network endpoints | |
| EP3430557B1 (en) | System and method for reverse command shell detection | |
| EP3314861B1 (en) | Detection of malicious thread suspension | |
| US7865952B1 (en) | Pre-emptive application blocking for updates | |
| US9087188B2 (en) | Providing authenticated anti-virus agents a direct access to scan memory | |
| US10050993B2 (en) | Non-invasive whitelisting | |
| US20110099632A1 (en) | Detecting user-mode rootkits | |
| US10242182B2 (en) | Computer security system and method | |
| CN112671695A (en) | Method, system, medium, and apparatus for limiting number of IP access connections from the same source | |
| WO2020114342A1 (en) | Kernel security check method, apparatus, and device, and storage medium | |
| US11514165B2 (en) | Systems and methods for secure certificate use policies | |
| US20130167254A1 (en) | Universal Serial Bus Shield | |
| CN107479874B (en) | DLL injection method and system based on Windows platform | |
| US9723006B2 (en) | Temporary process deprivileging | |
| US20220391506A1 (en) | Automated Interpreted Application Control For Workloads | |
| CN112395593A (en) | Instruction execution sequence monitoring method and device, storage medium and computer equipment | |
| US11277436B1 (en) | Identifying and mitigating harm from malicious network connections by a container | |
| US10467417B2 (en) | Automated and secure module building system | |
| US10474821B2 (en) | Secure module build center | |
| US10467404B2 (en) | Apparatus and method for secure module build | |
| CN115659320B (en) | Method, system, device and medium for carrying out preset operation on client | |
| CN114329540A (en) | File distribution processing method and device, storage medium and terminal | |
| CN111382433A (en) | Module loading method, device, equipment and storage medium | |
| CN110826073A (en) | Kernel vulnerability detection method and device and storage medium | |
| CN114398597A (en) | Security reinforcement method and device for client application side and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20210416 |
|
| WD01 | Invention patent application deemed withdrawn after publication |