CN113395277B - Method, device, system and medium for dynamically adjusting quasi-blacklist and blacklist - Google Patents

Method, device, system and medium for dynamically adjusting quasi-blacklist and blacklist Download PDF

Info

Publication number
CN113395277B
CN113395277B CN202110650391.1A CN202110650391A CN113395277B CN 113395277 B CN113395277 B CN 113395277B CN 202110650391 A CN202110650391 A CN 202110650391A CN 113395277 B CN113395277 B CN 113395277B
Authority
CN
China
Prior art keywords
blacklist
address
quasi
dynamically adjusting
current
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110650391.1A
Other languages
Chinese (zh)
Other versions
CN113395277A (en
Inventor
周通
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
ICBC Technology Co Ltd
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
ICBC Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC, ICBC Technology Co Ltd filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202110650391.1A priority Critical patent/CN113395277B/en
Publication of CN113395277A publication Critical patent/CN113395277A/en
Application granted granted Critical
Publication of CN113395277B publication Critical patent/CN113395277B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a method for dynamically adjusting a quasi-blacklist and a blacklist, belongs to the field of information security application, and can be applied to financial systems or other fields. The method for dynamically adjusting the quasi-blacklist and the blacklist comprises the following steps: identifying the IP address, and judging whether to carry out current limiting according to an identification result; and acquiring a current limiting result, and dynamically adjusting the quasi-blacklist and the blacklist according to the current limiting result. The current limiting result is combined with a blacklist mechanism, and the quasi-blacklist and the blacklist can be dynamically identified and released. The quasi-blacklist and the blacklist can be mutually converted, so that the flexible control on the blacklist is achieved; the blacklist is identified and controlled in the process, response is fast carried out, and time of the system being attacked maliciously is shortened. The invention also provides a device, a system and a storage medium for dynamically adjusting the quasi-blacklist and the blacklist control.

Description

Method, device, system and medium for dynamically adjusting quasi-blacklist and blacklist
Technical Field
The invention relates to the technical field of financial system service equipment, in particular to a method, a device, a system and a medium for dynamically adjusting a quasi-blacklist and a blacklist.
Background
The flow limitation refers to flow limitation, and the access flow of the system can be well controlled through the flow limitation, so that the purpose of protecting the system is achieved.
In the prior art, the IP address current limiting and the IP blacklist are generally split into two modules, and a current limiting result is not necessarily connected with the blacklist. And operating the blacklist through the configuration of system management, performing blacklist verification firstly, directly rejecting access if the blacklist is in the blacklist, performing current limiting module verification if the blacklist is not in the blacklist, rejecting access if current limiting is performed, and continuing transaction if current limiting is not performed.
In the prior art, the blacklist can be configured in advance or modified in the future only through system management configuration, and cannot be dynamically identified and released in the future.
Disclosure of Invention
The invention mainly aims to provide a method, a device, a system and a storage medium for dynamically adjusting a quasi-blacklist and a blacklist, aiming at solving the technical problem that the blacklist of a financial system can only be configured in advance or modified in the future through system management configuration in the prior art.
In order to achieve the above object, the present invention provides a method for dynamically adjusting a quasi-blacklist and a blacklist, which is applied to a financial system, and the method for dynamically adjusting a quasi-blacklist and a blacklist comprises the following steps:
identifying the IP address, and judging whether to carry out current limiting according to the identification result;
and acquiring a current limiting result, and dynamically adjusting the quasi-blacklist and the blacklist according to the current limiting result.
Optionally, the identifying the IP address, and determining whether to perform current limiting according to the identification result includes:
judging whether the IP address is an object in a white list library;
and if the IP address is the object in the white list library, not limiting the flow.
Optionally, the step of identifying the IP address and determining whether to perform current limiting according to the identification result further includes:
if the IP address is not the object in the white name list library, judging whether the IP address is the object in the black name list library;
if the IP address is not the object in the blacklist library, judging the access frequency;
if the IP address is an object in the blacklist library, judging whether the IP address can be released or not;
if the IP address can be released, judging the access frequency;
if the IP address is not releasable, access is denied.
Optionally, the step of determining the access frequency includes:
acquiring the access frequency of the IP address;
judging whether the access frequency exceeds a threshold value within a certain time;
if the access frequency exceeds the threshold value, carrying out current limiting;
and if the access frequency does not exceed the threshold, not limiting the current.
Optionally, the step of obtaining a result of current limiting and dynamically adjusting the quasi-blacklist and the blacklist according to the result of current limiting includes:
judging whether the current-limited IP address belongs to a blacklist or not;
if the limited IP address belongs to the blacklist, judging whether the limited IP address exceeds a release observation period;
and if the limited IP address does not belong to the object in the blacklist, adding the limited IP address into the quasi-blacklist.
Optionally, the step of determining whether the IP address being throttled has passed the release observation period includes:
if the current-limited IP address passes the release observation period, releasing the current-limited IP address from the blacklist and adding the current-limited IP address into the quasi-blacklist;
and if the limited IP address does not exceed the release observation period, prolonging the time for releasing the limited IP address from the blacklist.
Optionally, if the IP address to be restricted does not belong to an object in a blacklist, the step of adding the IP address to be restricted to a quasi-blacklist further includes:
judging whether the access times of the limited IP address in a certain time exceed a set value;
and when the current limit exceeds the set value, releasing the limited IP address from the quasi-blacklist and adding the limited IP address into the blacklist.
Optionally, the step of obtaining a result of current limiting, and dynamically adjusting the quasi-blacklist and the blacklist according to the result of current limiting includes:
judging whether the IP addresses without current limitation belong to a quasi-blacklist or not;
and when the IP address without the current limit belongs to the quasi-blacklist, judging whether the IP address without the current limit passes a release observation period.
Optionally, the step of determining whether the unrestricted IP address exceeds the release observation period includes:
and if the IP address without the current limit passes the release observation period, releasing the IP address without the current limit from the quasi-blacklist.
Optionally, the step of obtaining a result of current limiting and dynamically adjusting the quasi-blacklist and the blacklist according to the result of current limiting includes:
judging whether the IP addresses which do not limit the current belong to a blacklist or not;
and when the IP address without current limit belongs to the blacklist, judging whether the IP address without current limit passes the release observation period.
Optionally, the step of determining whether the unrestricted IP address exceeds the release observation period includes:
and if the IP address without the current limit passes the release observation period, releasing the IP address without the current limit from the blacklist.
In addition, in order to achieve the above object, the present invention further provides a control device for dynamically adjusting a quasi-blacklist and a blacklist, including a storage, a processor, and a control program for dynamically adjusting a quasi-blacklist and a blacklist, which is stored on the storage and can be run on the processor, where the control program for dynamically adjusting a quasi-blacklist and a blacklist is configured to implement the steps of the control method for dynamically adjusting a quasi-blacklist and a blacklist as described above.
In addition, in order to achieve the above object, the present invention further provides a system for dynamically adjusting a quasi-blacklist and a blacklist, including:
a database: the method comprises the following steps of (1) including a blacklist, a quasi-blacklist and a white list;
the control device for dynamically adjusting the quasi-blacklist and the blacklist is electrically connected with the database, and the control device for dynamically adjusting the quasi-blacklist and the blacklist is the control device for realizing the dynamic adjustment of the quasi-blacklist and the blacklist.
In addition, in order to achieve the above object, the present invention further provides a storage medium, in which a control program for dynamically adjusting a quasi-blacklist and a blacklist is stored, and when the control program for dynamically adjusting a quasi-blacklist and a blacklist is executed by a processor, the steps of the control method for dynamically adjusting a quasi-blacklist and a blacklist as described above are implemented.
Furthermore, to achieve the above object, the present invention also provides a computer program product, which includes a computer program, and when being executed by a processor, the computer program implements the steps of the control method for dynamically adjusting quasi-blacklists and blacklists as described above.
The technical scheme provided by the invention is applied to a financial system, and the method for dynamically adjusting the quasi-blacklist and the blacklist comprises the following steps: identifying the IP address, and judging whether to carry out current limiting according to an identification result; and acquiring a current limiting result, and dynamically adjusting the quasi-blacklist and the blacklist according to the current limiting result. The current limiting result is combined with a blacklist mechanism, and the quasi-blacklist and the blacklist can be dynamically identified and released. The quasi-blacklist and the blacklist can be mutually converted, so that the flexible control on the blacklist is achieved; the blacklist is identified and controlled in the process, response is fast carried out, and time of the system being attacked maliciously is shortened. The invention also provides a control device, a system and a storage medium for dynamically adjusting the quasi-blacklist and the blacklist.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the structures shown in the drawings without creative efforts.
FIG. 1 is a schematic structural diagram of a system for dynamically adjusting quasi-blacklists and blacklists of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a schematic structural diagram of the control apparatus for dynamically adjusting the quasi-blacklist and the blacklist in FIG. 1;
FIG. 3 is a flowchart illustrating an embodiment of a method for dynamically adjusting a quasi-blacklist and a blacklist according to the present invention;
FIG. 4 is a schematic flow chart illustrating a flow of current limiting in a method for dynamically adjusting a quasi-blacklist and a blacklist according to the present invention;
fig. 5 is a schematic flow chart illustrating the process of adjusting the quasi-blacklist and the blacklist in the method for dynamically adjusting the quasi-blacklist and the blacklist according to the present invention.
The reference numbers illustrate:
Figure BDA0003109890800000051
the implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments and the accompanying drawings. The technical solutions in the present invention are clearly and completely described, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that these descriptions are illustrative only and are not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B, and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B, and C" would include but not be limited to systems that have A alone, B alone, C alone, A and B together, A and C together, B and C together, and/or A, B, and C together, etc.). Where a convention analogous to "at least one of A, B, or C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B, or C" would include but not be limited to systems that have A alone, B alone, C alone, A and B together, A and C together, B and C together, and/or A, B, and C together, etc.).
It should be noted that, if directional indication is involved in the embodiment of the present invention, the directional indication is only used for explaining the relative positional relationship, the motion situation, and the like between the components in a certain posture, and if the certain posture is changed, the directional indication is changed accordingly.
In addition, if there is a description of "first", "second", etc. in an embodiment of the present invention, the description of "first", "second", etc. is for descriptive purposes only and is not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In addition, the meaning of "and/or" appearing throughout includes three juxtapositions, exemplified by "A and/or B" including either A or B or both A and B. Also, the technical solutions in the embodiments may be combined with each other, but must be based on the realization of those skilled in the art, and when the technical solutions are contradictory or cannot be realized, the combination of the technical solutions should be considered to be absent and not be within the protection scope of the present invention.
In the description of the present invention, it should be noted that the terms "upper", "lower", "top", "bottom", "inner", "outer", and the like indicate orientations or positional relationships based on those shown in the drawings, and are only for convenience of description and simplification of description, but do not indicate or imply that the referred device or element must have a specific orientation, be constructed in a specific orientation, and be operated, and thus, should not be construed as limiting the present invention.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly and may be, for example, fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
In addition, in the description of the present invention, the meaning of "a plurality", and "a plurality" is two or more, unless otherwise specified.
The flow limitation refers to flow limitation, and the access flow of the system can be well controlled through the flow limitation, so that the purpose of protecting the system is achieved. In the prior art, the IP address current limiting and the IP blacklist are generally split into two modules, and a current limiting result is not necessarily connected with the blacklist. And operating the blacklist through the configuration of system management, performing blacklist verification firstly, directly rejecting the visit if the blacklist is in the blacklist, performing current limiting module verification if the blacklist is not in the blacklist, rejecting the visit if the current is limited, and continuing the transaction if the current is not limited. In the prior art, the blacklist can be configured in advance or modified in the future only through system management configuration, and cannot be dynamically identified and released in the future.
In view of this, the present invention provides a method, an apparatus, a system and a storage medium for dynamically adjusting a quasi-blacklist and a blacklist, which aims to improve the technical problem that a blacklist of a financial system can only be configured in advance or modified in the future through system management configuration in the prior art.
FIG. 1 illustrates a system 100 for dynamically adjusting quasi-blacklists and blacklists in accordance with an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of a dynamically adjusted quasi-blacklist and blacklist system 100 to which the embodiments of the present disclosure may be applied to help a person skilled in the art understand the technical content of the present disclosure, but does not mean that the embodiments of the present disclosure may not be used in other devices, systems, environments or scenarios.
As shown in fig. 1, a system 100 for dynamically adjusting quasi-blacklists and blacklists according to an embodiment of the disclosure includes a database 101, a control device 1800 for dynamically adjusting quasi-blacklists and blacklists. Database 101 includes blacklists, quasi-blacklists, and whitelists. It should be noted that, the part of the system 100 for dynamically adjusting the quasi-blacklist and the blacklist in the embodiment of the present disclosure corresponds to the part of the method for dynamically adjusting the quasi-blacklist and the blacklist in the embodiment of the present disclosure, and specific implementation details and technical effects thereof are also the same, and are not described herein again. Fig. 1 schematically shows a block diagram of a system suitable for implementing the above described method according to an embodiment of the present disclosure. The dynamically adjusted quasi-blacklist and blacklist system 100 shown in FIG. 1 is merely an example and should not impose any limitations on the functionality or scope of use of embodiments of the present disclosure.
Referring to fig. 2, fig. 2 is a schematic structural diagram of a control apparatus 1800 for dynamically adjusting a quasi-blacklist and a blacklist in a hardware operating environment according to an embodiment of the present invention.
As shown in fig. 2, the control device 1800 for dynamically adjusting quasi-blacklists and blacklists may include: a processor 1801, which may perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 1802 or a program loaded from a storage section 1808 into a Random Access Memory (RAM) 1803. The processor 1801 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 1801 may also include onboard memory for caching purposes. The processor 1801 may include a single processing unit or multiple processing units for performing the various actions of the method flows in accordance with embodiments of the present disclosure.
The RAM 1803 stores various programs and data necessary for the operation of the electronic apparatus 1800. The processor 1801, ROM 1802, and RAM 1803 are connected to one another by a bus 1804. The processor 1801 performs various operations of the method flows according to embodiments of the present disclosure by executing programs in the ROM 1802 and/or the RAM 1803. Note that the programs may also be stored in one or more memories other than ROM 1802 and RAM 1803. The processor 1801 may also perform various operations of method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
According to an embodiment of the present disclosure, the electronic device 1800 may also include an input/output (I/O) interface 1805, the input/output (I/O) interface 1805 also being connected to the bus 1804. The electronic device 1800 may also include one or more of the following components connected to the I/O interface 1805: an input portion 1806 including a keyboard, a mouse, and the like; an output portion 1807 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage portion 1808 including a hard disk and the like; and a communication section 1809 including a network interface card such as a LAN card, a modem, or the like. The communication section 1809 performs communication processing via a network such as the internet. A driver 1810 is also connected to the I/O interface 1805 as needed. A removable medium 1811 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 1810 as necessary, so that a computer program read out therefrom is mounted in the storage portion 1808 as necessary. The communication section 1809 is used to implement connection communication among these components, and includes various connection types, such as wired, wireless communication links, or fiber optic cables. The input/output (I/O) interface 1805 may also include a standard wired interface, which may be a USB interface, a wireless interface.
The control apparatus 1800 of the cross-system configuration environment shown in fig. 2 further includes: the network interface is mainly used for connecting a background server and carrying out data communication with the background server; the user interface is mainly used for connecting user equipment; the control device of the cross-system configuration environment calls the control program of the cross-system configuration environment stored in the memory through the processor 1801, and executes the control procedure of the cross-system configuration environment provided by the embodiment of the present invention.
Those skilled in the art will appreciate that the configuration shown in FIG. 2 does not constitute a limitation of the control device 1800 across a system configuration environment, and may include more or fewer components than shown, or some components in combination, or a different arrangement of components.
Based on the hardware structure, the embodiment of the method for dynamically adjusting the quasi-blacklist and the blacklist is provided.
Referring to fig. 3, fig. 3 is a schematic flowchart of an embodiment of a method for dynamically adjusting a quasi-blacklist and a blacklist according to the present invention, and in an embodiment, the method for dynamically adjusting a quasi-blacklist and a blacklist includes the following steps:
s10: and identifying the IP address, and judging whether to carry out current limiting according to an identification result.
S20: and acquiring a current limiting result, and dynamically adjusting the quasi-blacklist and the blacklist according to the current limiting result.
It will be appreciated that an IP address is a way to address hosts on the Internet, also known as an Internet protocol address. The IP address is used to give a number to the computer on the Internet. It is a daily practice to have an IP address on each PC that is networked to communicate properly. We can compare "personal computer" with "a telephone", so that "IP address" is equivalent to "telephone number", and the router in Internet is equivalent to "stored program exchange" of telecommunication office.
In the technical scheme disclosed by the invention, the related user information, IP address acquisition, storage, application and the like all accord with the regulations of related laws and regulations, necessary security measures are taken, and the customs of the public order is not violated.
It should be noted that, the process of identifying the IP address is to determine which type of list the IP address belongs to, combine the current limiting result with the blacklist mechanism, introduce a quasi-blacklist device, and achieve flexible control of the blacklist; the blacklist is identified and controlled in the process, response is fast carried out, and time of the system being attacked maliciously is shortened. In the scheme, the IP which does not reach the release time in the blacklist does not need to be subjected to current limiting judgment, and access is directly refused, and after the release time is reached, the IP in the blacklist can be subjected to current limiting judgment; in the scheme, the IP in the quasi-blacklist is allowed to carry out current limiting judgment, but is observed, and is added into the blacklist if the current-limited times are accumulated to exceed a certain threshold value within a certain time; releasing the current-limited blacklist from the quasi-blacklist if the current-limited blacklist is not added for a certain time; in the scheme, the IP in the white list is directly used for subsequent transaction without current limiting judgment and is not influenced by current limiting.
Further, step S10 includes:
s11: and judging whether the IP address is an object in a white list library.
S12: and if the IP address is the object in the white list library, not limiting the flow.
It should be noted that, if there is a white list, the white list is checked first, and whether to limit the current is determined for the IP address in the white list, and the subsequent transaction is performed directly.
Further, step S10 further includes:
s13: and if the IP address is not the object in the white name list library, judging whether the IP address is the object in the black name list library.
S14: and if the IP address is not the object in the blacklist library, judging the access frequency.
S15: and if the IP address is the object in the blacklist library, judging whether the IP address can be released.
S16: and if the IP address can be released, judging the access frequency.
S17: and if the IP address can not be released, the access is refused.
If the object is not in the white list, it is determined whether the object is in the black list. If the name is the blacklist, judging whether the name can be released from the blacklist or not; if not, access is denied; and carrying out current limiting judgment on the blacklist IP which can be released, and judging whether the blacklist IP is limited.
Further, after step S17, the method further includes:
s18: and acquiring the access frequency of the IP address.
S19: and judging whether the access frequency exceeds a threshold value within a certain time.
S20: and if the access frequency exceeds the threshold value, carrying out current limiting.
S21: and if the access frequency does not exceed the threshold value, not limiting the current.
It should be noted that the criterion of the current limit judgment is the access frequency, that is, whether the number of accesses exceeds the setting within a certain time is considered, and in this embodiment, the number of accesses exceeds 15 times within one minute, which is considered to be exceeded. It is to be understood that the above set values are only one embodiment and are not limiting, and the skilled person may make the setting modifications as required.
Further, step S20 includes:
s201: and judging whether the limited IP address belongs to a blacklist or not.
S202: if the current-limited IP address belongs to the blacklist, judging whether the current-limited IP address exceeds a release observation period.
S203: and if the limited IP address does not belong to the object in the blacklist, adding the limited IP address into a quasi-blacklist.
It should be noted that, if the current is limited, it is determined whether the access IP is a blacklist. If the current time is the blacklist, whether the current time reaches a release observation period is judged; if not, it is added to the quasi-blacklist, and if it is in the quasi-blacklist, it is accumulated by the current limit number.
Further, step S202 includes:
s2021: if the current-limited IP address passes a release observation period, releasing the current-limited IP address from the blacklist and adding the current-limited IP address into a quasi-blacklist;
s2022: and if the current-limited IP address does not exceed the release observation period, prolonging the time for releasing the current-limited IP address from the blacklist.
It should be noted that, if the release observation period is reached, the release observation period is released from the blacklist and added to the quasi-blacklist; if the release observation period is not reached, the observation period is extended.
Further, after step S203, the method further includes:
s204: and judging whether the access times of the limited IP address exceed a set value in a certain time.
S205: and when the set value is exceeded, releasing the limited IP address from the quasi-blacklist and adding the limited IP address into the blacklist.
It should be noted that, it is determined whether the number of times of current limiting is exceeded within a certain time threshold, and if the number of times of current limiting is exceeded, the current limiting is released from the quasi-blacklist and added to the blacklist.
Further, step S20 includes:
s206: and judging whether the IP address without the flow limitation belongs to a quasi-blacklist.
S207: and when the IP address without current limit belongs to a quasi-blacklist, judging whether the IP address without current limit passes a release observation period.
Further, step S207 includes:
s2071: and if the IP address without the current limit passes the release observation period, releasing the IP address without the current limit from a quasi-blacklist.
It should be noted that if the current is not limited, if the current is in the quasi-blacklist and the release observation period is reached, the current is released from the quasi-blacklist; it is released from the blacklist if it is on the blacklist and a release observation period is reached.
Further, step S20 includes:
s208: and judging whether the IP addresses without flow limitation belong to a blacklist or not.
S209: and when the IP address without current limitation belongs to the blacklist, judging whether the IP address without current limitation exceeds a release observation period.
Further, step S209 includes:
s2091: and if the IP address without the current limit passes the release observation period, releasing the IP address without the current limit from a blacklist.
In summary, in the technical solution provided by the present invention, the method for dynamically adjusting the quasi-blacklist and the blacklist includes the following steps: identifying the IP address, and judging whether to limit the current according to an identification result; and acquiring a current limiting result, and dynamically adjusting the quasi-blacklist and the blacklist according to the current limiting result. The current limiting result is combined with a blacklist mechanism, so that the quasi-blacklist and the blacklist can be dynamically identified and released. The quasi-blacklist and the blacklist can be mutually converted, so that the flexible control on the blacklist is achieved; the blacklist is identified and controlled in the process, response is fast carried out, and time of the system being attacked maliciously is shortened. The invention also provides a control device, a system and a storage medium for dynamically adjusting the quasi-blacklist and the blacklist.
The present disclosure also provides a computer-readable storage medium, which may be embodied in the apparatus/system described in the above embodiments; or may be separate and not incorporated into the device/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to an embodiment of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium. Examples may include, but are not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM and/or RAM and/or one or more memories other than ROM and RAM described above.
According to embodiments of the present disclosure, method flows according to embodiments of the present disclosure may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable storage medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication section, and/or installed from a removable medium. The computer program, when executed by a processor, performs the above-described functions defined in the system of the embodiments of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
When the computer program product runs in a computer system, the program code is used for causing the computer system to realize the item recommendation method provided by the embodiment of the disclosure. The computer program performs the above-described functions defined in the system/apparatus of the embodiments of the present disclosure when executed by the processor 1801. The above described systems, devices, modules, units, etc. may be implemented by computer program modules according to embodiments of the present disclosure.
In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted in the form of a signal on a network medium, distributed, downloaded and installed via the communication section 1809, and/or installed from a removable media 1811. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such embodiments, the computer program may be downloaded and installed from a network via the communication portion 1809, and/or installed from the removable media 1811. The computer program, when executed by the processor 1801, performs the above-described functions defined in the system of the embodiments of the present disclosure. The above described systems, devices, apparatuses, modules, units, etc. may be implemented by computer program modules according to embodiments of the present disclosure.
In accordance with embodiments of the present disclosure, program code for executing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, these computer programs may be implemented using high level procedural and/or object oriented programming languages, and/or assembly/machine languages. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user computing device, partly on the user device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention or portions thereof that contribute to the prior art may be embodied in the form of a software product, where the computer software product is stored in a storage medium (e.g., a Read Only Memory (ROM)/Random Access Memory (RAM), a magnetic disk, an optical disk), and includes several instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention. The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the present invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (11)

1. A method for dynamically adjusting a quasi-blacklist and a blacklist is characterized by comprising the following steps:
identifying the IP address, and judging whether to carry out current limiting according to the identification result;
acquiring a current limiting result, and dynamically adjusting the quasi-blacklist and the blacklist according to the current limiting result;
wherein, the obtaining of the result of the current limiting and the dynamic adjustment of the quasi-blacklist and the blacklist according to the result of the current limiting specifically include:
judging whether the IP address subjected to current limitation belongs to a blacklist or not; if the limited IP address belongs to a blacklist, judging whether the limited IP address passes a release observation period, and if the limited IP address does not belong to an object in the blacklist, adding the limited IP address to a quasi-blacklist;
judging whether the IP addresses which do not limit the current belong to a quasi-blacklist or not; when the IP address without current limit belongs to a quasi-blacklist, judging whether the IP address without current limit passes a release observation period;
judging whether the IP addresses without flow limitation belong to a blacklist or not; and when the IP address without current limitation belongs to the blacklist, judging whether the IP address without current limitation exceeds a release observation period.
2. The method of claim 1, wherein the identifying the IP address and determining whether to perform current limiting according to the identification comprises:
judging whether the IP address is an object in a white list library or not;
and if the IP address is the object in the white list library, not limiting the flow.
3. The method of claim 2, wherein the identifying the IP address and determining whether to perform current limiting according to the identification further comprises:
if the IP address is not the object in the white name list library, judging whether the IP address is the object in the black name list library;
if the IP address is not the object in the blacklist library, judging the access frequency;
if the IP address is an object in the blacklist library, judging whether the IP address can be released or not;
if the IP address can be released, judging the access frequency;
and if the IP address can not be released, the access is refused.
4. The method of dynamically adjusting quasi-blacklists and blacklists according to claim 3, wherein the step of access frequency determination comprises:
acquiring the access frequency of the IP address;
judging whether the access frequency exceeds a threshold value within a certain time;
if the access frequency exceeds the threshold value, carrying out current limiting;
and if the access frequency does not exceed the threshold value, not limiting the current.
5. The method of claim 1, wherein the step of determining whether the IP address being throttled has passed a release observation period comprises:
if the current-limited IP address passes a release observation period, releasing the current-limited IP address from the blacklist and adding the current-limited IP address into a quasi-blacklist;
and if the current-limited IP address does not exceed the release observation period, prolonging the time for releasing the current-limited IP address from the blacklist.
6. The method of claim 1, wherein the step of adding the throttled IP address to a quasi-blacklist further comprises, if the throttled IP address does not belong to an object in a blacklist:
judging whether the access times of the limited IP address in a certain time exceed a set value;
and when the set value is exceeded, releasing the limited IP address from the quasi-blacklist and adding the limited IP address into the blacklist.
7. The method of claim 1, wherein the step of determining whether the IP addresses that are not restricted have passed a release observation period comprises:
and if the IP address without current limit passes the release observation period, releasing the IP address without current limit from a quasi-blacklist.
8. The method of dynamically adjusting quasi-blacklists and blacklists according to claim 1 wherein the step of determining whether the IP address of unrestricted flow has passed a release observation period comprises:
and if the IP address without current limit passes the release observation period, releasing the IP address without current limit from a blacklist.
9. A control apparatus for dynamically adjusting quasi-blacklists and blacklists, comprising a storage, a processor, and a control program for dynamically adjusting quasi-blacklists and blacklists, which is stored in the storage and can be run on the processor, wherein the control program for dynamically adjusting quasi-blacklists and blacklists is configured to implement the steps of the control method for dynamically adjusting quasi-blacklists and blacklists according to any one of claims 1 to 8.
10. A system for dynamically adjusting quasi-blacklists and blacklists, comprising:
a database: the method comprises the following steps of (1) including a blacklist, a quasi-blacklist and a white list;
a control device for dynamically adjusting the quasi-blacklist and the blacklist, electrically connected to the database, wherein the control device for dynamically adjusting the quasi-blacklist and the blacklist is the control device for dynamically adjusting the quasi-blacklist and the blacklist as claimed in claim 9.
11. A storage medium having stored thereon a control program for dynamically adjusting a quasi-blacklist and a blacklist, the control program for dynamically adjusting a quasi-blacklist and a blacklist when being executed by a processor implementing the steps of the control method for dynamically adjusting a quasi-blacklist and a blacklist of any one of claims 1 to 8.
CN202110650391.1A 2021-06-10 2021-06-10 Method, device, system and medium for dynamically adjusting quasi-blacklist and blacklist Active CN113395277B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110650391.1A CN113395277B (en) 2021-06-10 2021-06-10 Method, device, system and medium for dynamically adjusting quasi-blacklist and blacklist

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110650391.1A CN113395277B (en) 2021-06-10 2021-06-10 Method, device, system and medium for dynamically adjusting quasi-blacklist and blacklist

Publications (2)

Publication Number Publication Date
CN113395277A CN113395277A (en) 2021-09-14
CN113395277B true CN113395277B (en) 2023-04-07

Family

ID=77620426

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110650391.1A Active CN113395277B (en) 2021-06-10 2021-06-10 Method, device, system and medium for dynamically adjusting quasi-blacklist and blacklist

Country Status (1)

Country Link
CN (1) CN113395277B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2016146114A (en) * 2015-02-09 2016-08-12 株式会社日立システムズ Management method of blacklist
US9794840B1 (en) * 2014-05-27 2017-10-17 Sprint Sprectrum LP Systems and methods for determining access node candidates for handover of wireless devices
CN109862025A (en) * 2019-02-28 2019-06-07 北京安护环宇科技有限公司 Access control method, apparatus and system based on black and white lists
CN110933068A (en) * 2019-11-26 2020-03-27 秒针信息技术有限公司 Black and white list real-time optimization method and device, server and storage medium

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110572416A (en) * 2019-10-15 2019-12-13 赛尔网络有限公司 blacklist generation method and device, electronic equipment and medium
CN110784471A (en) * 2019-10-30 2020-02-11 深圳前海环融联易信息科技服务有限公司 Blacklist collection management method and device, computer equipment and storage medium
CN112104611A (en) * 2020-08-20 2020-12-18 广东网堤信息安全技术有限公司 CC attack protection management method
CN112583607A (en) * 2020-12-22 2021-03-30 珠海格力电器股份有限公司 Equipment access management method, device, system and storage medium
CN112929347B (en) * 2021-01-25 2023-06-27 百果园技术(新加坡)有限公司 Frequency limiting method, device, equipment and medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9794840B1 (en) * 2014-05-27 2017-10-17 Sprint Sprectrum LP Systems and methods for determining access node candidates for handover of wireless devices
JP2016146114A (en) * 2015-02-09 2016-08-12 株式会社日立システムズ Management method of blacklist
CN109862025A (en) * 2019-02-28 2019-06-07 北京安护环宇科技有限公司 Access control method, apparatus and system based on black and white lists
CN110933068A (en) * 2019-11-26 2020-03-27 秒针信息技术有限公司 Black and white list real-time optimization method and device, server and storage medium

Also Published As

Publication number Publication date
CN113395277A (en) 2021-09-14

Similar Documents

Publication Publication Date Title
US11516222B1 (en) Automatically prioritizing computing resource configurations for remediation
US11824878B2 (en) Malware detection at endpoint devices
CN111416811B (en) Unauthorized vulnerability detection method, system, equipment and storage medium
US8064947B2 (en) Portable device and information management method
KR20110124342A (en) Method and apparatus to vet an executable program using a model
CN111163095B (en) Network attack analysis method, network attack analysis device, computing device, and medium
US20140143895A1 (en) System and method for loading application classes
KR20190069574A (en) Wireless network type detection method and apparatus, and electronic device
CN105790948A (en) Identity authentication method and identity authentication device
CN109818972B (en) Information security management method and device for industrial control system and electronic equipment
KR102580881B1 (en) Electronic device and method of providing personal information, and computer-readable recording medium recording the same
CN113395277B (en) Method, device, system and medium for dynamically adjusting quasi-blacklist and blacklist
CN113779562A (en) Zero trust based computer virus protection method, device, equipment and medium
US11989294B2 (en) Detecting and preventing installation and execution of malicious browser extensions
CN110868410B (en) Method and device for acquiring webpage Trojan horse connection password, electronic equipment and storage medium
CN114285664A (en) Abnormal user identification method, system, device and medium
CN109714371B (en) Industrial control network safety detection system
CN114143056A (en) Terminal access method and device, electronic equipment and storage medium
US11522870B2 (en) Method for URL analysis and electronic device thereof
CN110765426A (en) Equipment permission setting method, device, equipment and computer storage medium
JP6619690B2 (en) Processing device, access control system, access control method, and access control program
CN110851185A (en) Automatic configuration method and device for equipment, electronic equipment and storage medium
CN107567627B (en) Device with test execution environment
CN111372252B (en) Method, device, equipment and storage medium for secure networking
CN116707986A (en) Policy processing method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant