CN113971242A

CN113971242A - Attack defense method, equipment and storage medium of data query system

Info

Publication number: CN113971242A
Application number: CN202111088933.7A
Authority: CN
Inventors: 冯昱辉; 向荣
Original assignee: Alibaba China Co Ltd; Alibaba Cloud Computing Ltd
Current assignee: Alibaba China Co Ltd; Alibaba Cloud Computing Ltd
Priority date: 2021-09-16
Filing date: 2021-09-16
Publication date: 2022-01-25

Abstract

The application provides an attack defense method and equipment of a data query system and a storage medium. After receiving the query request, the index structure in the query request can be judged first, and if the index structure meets the set structure requirement, whether the index is a valid index is judged according to the information contained in the structure. Otherwise, judging whether the index is a valid index according to the stock index stored in the filter. The index based structure information and the method for verifying the validity of the index by the filter can filter and intercept the index which meets the set structure requirement and the index which does not meet the stock of the set structure requirement. On one hand, the method is favorable for carrying out good compatibility on the query process of the stock index which does not follow the set format requirement in the data query system, and reduces the probability of malicious attack on the data query system. On the other hand, the judgment efficiency of invalid indexes can be accelerated based on the filter, and the attack defense cost of the data query system can be reduced.

Description

Attack defense method, equipment and storage medium of data query system

Technical Field

The present application relates to the field of data query systems, and in particular, to an attack defense method, device, and storage medium for a data query system.

Background

The query system generally comprises an application service and a data query system, wherein an information mapping relationship between a query identifier and information can be stored in the data query system. For example, the correspondence between order numbers and order information, the correspondence between card numbers and asset information, and the like. The application service is used for providing a query operation entrance. When a user needs to query for certain information, the query index can be provided through an application service of the query system. If the information corresponding to the index exists in the data query system, a query result is returned.

In general, the queried index is often valid, but it may also happen that the queried index does not actually exist, such as an invalid order number or an invalid card number. When a large number of invalid indexes are received by the query system, a large query pressure is applied to the query system, and even the result that the query system is not available is caused. Therefore, a new solution is yet to be proposed.

Disclosure of Invention

Aspects of the present application provide an attack defense method, device and storage medium for a data query system, which are used to defend against malicious query requests of the data query system.

The embodiment of the application provides an attack defense method of a data query system, which comprises the following steps: receiving a query request, wherein the query request comprises an index of data to be queried; judging whether the structure of the index meets the set structure requirement or not; if the structure of the index meets the set structure requirement, judging whether the index is a valid index according to signature information contained in the index; if the structure of the index does not meet the set structure requirement, judging whether the index is an effective index or not through a preset filter; storing a stock index which does not comply with the set structure requirement in the filter; and if the index is a valid index, performing data query operation according to the index.

The embodiment of the application provides an attack defense method, which comprises the following steps: receiving a query request, wherein the query request comprises an index of data to be queried; judging whether the structure of the index meets the set structure requirement or not; if the structure of the index meets the set structure requirement, judging whether the index is a valid index according to encrypted timestamp information contained in the index; if the structure of the index does not meet the set structure requirement, judging whether the index is an effective index or not through a preset filter; the filter stores a full index generated by a data server before the filter is constructed; and if the index is an effective index, sending the query request to the corresponding data server.

An embodiment of the present application further provides a server, including: a memory and a processor; the memory is to store one or more computer instructions; the processor is to execute the one or more computer instructions to: the steps in the method provided by the embodiments of the present application are performed.

An embodiment of the present application further provides a gateway device, including: a memory and a processor; the memory is to store one or more computer instructions; the processor is to execute the one or more computer instructions to: the steps in the method provided by the embodiments of the present application are performed.

Embodiments of the present application further provide a computer-readable storage medium storing a computer program, where the computer program can be executed by a processor to perform the steps in the method provided by the embodiments of the present application.

In the attack defense method provided by the embodiment of the application, after the query request is received, the structure of the index in the query request can be judged at first, and if the structure of the index meets the requirement of the set structure, whether the index is an effective index is judged according to the information contained in the structure. Otherwise, judging whether the index is a valid index according to the stock index stored in the filter. The index based structure information and the method for verifying the validity of the index by the filter can filter and intercept the index which meets the set structure requirement and the index which does not meet the stock of the set structure requirement. On one hand, the method is favorable for carrying out good compatibility on the query process of the stock index which does not follow the set format requirement in the data query system, and reduces the probability of malicious attack on the data query system. On the other hand, the judgment efficiency of invalid indexes can be accelerated based on the filter, and the attack defense cost of the data query system can be reduced.

Drawings

The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:

fig. 1 is a schematic flowchart of an attack defense method of a data query system according to an exemplary embodiment of the present application;

fig. 2 is a schematic diagram illustrating a data server pre-verifying a query Key according to an exemplary embodiment of the present application;

fig. 3 is a schematic flowchart of an attack defense method of a data query system according to another exemplary embodiment of the present application;

fig. 4 is a schematic diagram of a rich client pre-verifying a query Key according to an exemplary embodiment of the present application;

fig. 5 is a schematic diagram of a data server and a rich client performing two-layer pre-verification on a query Key according to an exemplary embodiment of the present application;

FIG. 6 is a block diagram of a server according to an exemplary embodiment of the present application;

fig. 7 is a schematic structural diagram of a gateway device according to an exemplary embodiment of the present application.

Detailed Description

In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail and completely with reference to the following specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

In general, the queried index is often valid, but it may also happen that the queried index does not actually exist, such as an invalid order number or an invalid card number. When a large number of invalid indexes are received by the query system, a large query pressure is applied to the query system, and even the result that the query system is not available is caused.

In an attack defense method of a data query system, part of malicious access can be intercepted by limiting a character set for generating a Key (index) or designing a structure for generating the Key. For example, keys generated by Base64 encoding may be restricted, or fixed starts of keys may be specified, or the structure of keys may be specified. Although the method can effectively intercept a part of randomly forged keys, when a malicious attacker learns the character set or structure of the keys, the Key which can avoid interception can be forged, so that the interception function is invalid.

In view of the above technical problems, in some embodiments of the present application, a solution is provided, and the technical solutions provided by the embodiments of the present application are described in detail below with reference to the accompanying drawings.

Fig. 1 is a flowchart of an attack defense method of a data query system according to an exemplary embodiment of the present application, and as shown in fig. 1, the method includes:

step 101, receiving a query request, wherein the query request comprises an index of data to be queried.

And 102, judging whether the structure of the index meets the set structure requirement.

And 103, if the structure of the index meets the set structure requirement, judging whether the index is a valid index according to the signature information contained in the index.

Step 104, if the structure of the index does not meet the set structure requirement, judging whether the index is an effective index or not through a preset filter; the filter stores a stock index that does not comply with the set configuration requirements.

And 105, if the index is an effective index, performing data query operation according to the index.

The execution subject of this embodiment may be a data server, and the data server may be implemented as a server deployed with a data query system. The implementation form of the server may be a conventional server device, a cloud server, a cloud host, an elastic computing instance, and the like, which is not limited in this embodiment.

In this embodiment, the query request may be sent by the user through the client device, or may be sent by other upstream devices or application systems, which is not limited in this embodiment. The query request includes an index of the data to be queried. The index of the data to be queried and the information mapping relationship between the data to be queried can be represented by a Key-value pair. The index of the data to be queried is the Key (Key) in the Key-value pair.

In this embodiment, to identify an invalid index, an index that is easy to identify may be generated according to the set structure requirements. The configuration requirements may specify different elements and combinations of elements included in the index. In order to avoid that a large number of invalid indexes are generated by a malicious attacker after the structure of the index is exposed, the set structure requires that the designated index needs to contain signature information obtained by signing with an agreed signature key.

After receiving the query request, the data server can analyze the structure of the index in the query request and judge whether the structure of the index meets the requirement of the set structure. If the structure of the index meets the set structure requirement, whether the index is a valid index can be judged according to the signature information contained in the index. For example, if the signature information is verified, the index may be determined to be a valid index if the signature information passes the verification. Otherwise, if the signature information is not verified, the index is determined to be an invalid index.

In the present embodiment, in addition to the index generated according to the set structure requirement, the index not generated according to the set structure requirement (i.e., the index generated according to the historical index generation manner) of the stock is included in the data query system. Therefore, after the generation mode of the index is changed, a filter can be set to avoid influencing the query function of the stock index. The filter stores a stock index that does not comply with the set configuration requirements.

Alternatively, the Filter may be implemented as a Bloom Filter (Bloom Filter). A bloom filter is a probabilistic data structure that can return a probability that a Key must not exist or may exist. The probability of breakthrough of a bloom filter depends on the probability set at initialization.

In some embodiments, before determining whether the index is an effective index by using a preset filter, the full data in the data server may be further scanned to obtain a full index corresponding to the full data, and the full index is added to the filter. Wherein the full index may be cached in a HashMap table.

Based on this, when the structure of the index does not meet the set structure requirement, the data server can judge whether the index is a valid index through a preset filter. If the filter determines that the index misses any of the pre-stored indices, the index may be considered an invalid index. If the filter determines that the index hits in a pre-stored index, the index may be considered a valid index.

If the index is determined to be a valid index according to the signature information contained in the index, or if the index is determined to be a valid index through a preset filter, data query operation can be performed according to the index.

In this embodiment, after receiving the query request, the data server may first determine the structure of the index in the query request, and if the structure of the index meets the set structure requirement, determine whether the index is a valid index according to the signature information included in the index. If the structure of the index does not meet the set requirement, judging whether the index is a valid index according to the stock index which is stored in the filter and does not meet the set structure requirement. The signature information in the index-based structure and the method for verifying the validity of the index by the filter can filter and intercept the indexes meeting the set structure requirement and the indexes of the stock which do not meet the set structure requirement. On one hand, the method is favorable for carrying out good compatibility on the query process of the stock index which does not follow the set format requirement in the data query system, and reduces the probability of malicious attack on the data query system. On the other hand, the judgment efficiency of invalid indexes can be accelerated based on the filter, and the attack defense cost of the data query system can be reduced.

Optionally, after the solutions provided by the above and following embodiments of the present application are started to intercept and filter the access request, the index may be generated according to the set structure requirement. In some alternative embodiments, the index may be combined from a base string (baseString) and signature information according to a set structure. Wherein, the basic character string at least includes: data identification characters and a signature key version number used by the signature information. Namely:

baseString ═ combinatorial mode 1 (data identification character, signature key version number);

combination mode 2(baseString, signature _ signkey (baseString))

The signature _ signkey (baseString) represents signature information obtained by signing the baseString with the signature key corresponding to the signature key version number.

The combination modes 1 and 2 may include any combination with certain rules, and may be simple string concatenation, byte code concatenation, or other combination modes, which includes but is not limited to this embodiment.

Based on the above, in some exemplary embodiments, when the data server determines whether the structure of the index in the query request meets the set structure requirement, it may determine whether the index is obtained by combining the basic character string and the signature information according to the set structure. Wherein, this basic character string includes at least: data identification characters and a signature key version number used by the signature information. And if the index is obtained by combining the basic character string and the signature information according to a set structure, judging whether the signature key version number in the basic character string is a valid signature key version number. And if the signature key version number is a valid signature key version number, determining that the structure of the index meets the requirement of a set structure.

The valid key version number may be determined by the data server according to the key version. For example, the data server may take the key version number with the higher version number as the valid key version number. Or the version number of the valid key may also be a version number of a new version generated in a specified time period closer to the current time, which is not limited in this embodiment.

In some exemplary embodiments, to further defend against the security of the policy, a round robin update may be performed on the version of the signing key used in generating the index.

Optionally, the data server may respond to a key update event when a new index is generated, and perform version update on the signing key to obtain an updated target signing key version number. The key update event may be a timing event, or may be a periodic arrival event, or may be an event that receives a key update instruction of a user, which is not limited in this embodiment.

After the version of the signature key is updated, the data server can update the version number of the effective signature key by using the obtained version number of the target signature key. That is, the target signing key version number is used to replace an existing old valid signing key version number, or the target signing key version number is added to an existing valid signing key version number. After updating the valid signing key version number, the data server may add the stock index having the signing key version number lower than the target signing key version number to the filter, so as to filter the access request corresponding to the stock index through the filter.

In this embodiment, the version number of the signature key may be dynamically changed along with the round-robin update of the version number of the signature key, thereby further improving the difficulty of breaking the index structure. Even if the index structure is attacked, the defense filtering performance can be improved by updating the version of the signature key.

In such an embodiment, when the version of the signing key is updated, the index using the old version of the signing key will become the historical index of the stock. This portion of the history index may be added to the filter and a validity determination made by the filter. Based on the implementation mode, on one hand, the real-time updating of the index structure can be supported, and the safety is improved, on the other hand, the effectiveness of the historical stock index is judged based on the filter, the judgment speed can be improved, and the system overhead required by the judgment based on the structure can be reduced, so that the response efficiency of the query request can be improved.

In some exemplary embodiments, if the structure of the index meets the set structure requirement, the data server may determine whether the index is a valid index according to the signature information included in the index. In the embodiment of the present application, for convenience of description and distinction, the signature information included in the index is described as the first signature information. The data server may obtain the base string, the first signature information, and a signature key version number used by the first signature information from the index. The first signature information is obtained by signing the basic character string by the requester. The data server can adopt the signature key corresponding to the signature key version number to sign the basic character string in the same signature mode as the requester to obtain second signature information. Next, the data server may determine whether the first signature information and the second signature information in the index are consistent. If the first signature information and the second signature information are consistent, the index is not considered as a forged index, and the data server can determine that the index is a valid index. If the first signature information and the second signature information are not consistent, the index is considered to be a forged index, and the data server can intercept the index.

It should be noted that, in some embodiments, a user may set an index white list according to actual needs, and an effective index requiring special processing may be stored in the white list. When the structure of the index does not meet the set structure requirement and the index is judged to be an invalid index by the filter, the data server can judge whether the index is the index needing special processing or not through the white list. If the index passes the matching operation of the white list, the data server can perform data query operation according to the index. If the index does not pass the matching operation of the white list, the data server can return a message that the index query fails.

The attack defense method provided by the above embodiments will be further exemplified below with reference to fig. 2. First, the data server can load the Key full quantity in the data query system into the bloom filter by scanning the full table in the data query system, and provide a Key providing white list that needs not to be intercepted for special reasons. As shown in fig. 2, in the pre-verification process of the data server, when receiving a query Key, the structure of the Key may be first analyzed, and whether the structure of the Key meets the requirement of setting the structure is determined. If the Key meets the requirement of setting the structure, the Key can be considered as the Key generated according to the signature Key of the new version, and the signature can be calculated to judge the validity of the Key. When executing signature calculation and verification operation, the symmetric signature Key signKey can be used for repeatedly calculating the signature part in the Key and comparing the signature part with the signature part in the Key. If the structure of the Key does not meet the requirement of setting the structure, the Key can be regarded as the Key of the stock, and the validity of the Key can be judged through the filter at the moment. If the Key is judged to be an effective Key based on the two modes, the data query system can be accessed according to the Key to perform query. If the Key is judged to be an invalid Key based on the two modes, whether the Key is a Key which needs to be specially processed can be judged according to a white list of the Key. And if the Key is the effective Key which needs special processing, entering a data query system for querying. Otherwise, returning the message of failure query.

When the data server intercepts malicious accesses based on the above embodiments, in a test of an actual application scenario, the interception rate of intercepting the malicious accesses based on signature information contained in the structure can reach more than 99.99%; the interception rate of intercepting the malicious access request based on the filter can also reach 99.99%, namely the overall interception rate of the data server can reach 99.99%.

In addition to the attack defense method of the data query system executable by the data server described in the foregoing embodiments, the present application also provides an attack defense method of the data query system executable by the rich client. Among them, Rich clients (RIA) refer to clients of a query system provided by a data server. In addition to querying the query system, the rich client may provide additional functions, such as caching, validity checking, message notification awareness, and other enhanced functions in conjunction with the query system. The rich client implementation form can include: gateway devices, database proxy devices, etc. As will be exemplified below.

Fig. 3 is a schematic flowchart of a method for defending against attacks of a data query system according to another exemplary embodiment of the present application, and as shown in fig. 3, the method includes:

step 301, receiving a query request, where the query request includes an index of data to be queried.

Step 302, judging whether the structure of the index meets the set structure requirement.

And 303, if the structure of the index meets the set structure requirement, judging whether the index is a valid index according to the encrypted timestamp information contained in the index.

Step 304, if the structure of the index does not meet the set structure requirement, judging whether the index is an effective index or not through a preset filter; the filter stores the full index generated by the data server before the filter is built.

And 305, if the index is an effective index, sending the query request to a corresponding data server.

In this embodiment, the rich client is located between the client of the querying user and the data server, and can intercept the query request and perform pre-verification on the query request.

In this embodiment, to identify an invalid index, an index that is easy to identify may be generated according to the set structure requirements. The configuration requirements may specify different elements and combinations of elements included in the index. After receiving the query request, the rich client can analyze the structure of the index in the query request and judge whether the structure of the index meets the requirement of the set structure.

In order to prevent a malicious attacker from generating a large number of invalid indexes after the structure of the indexes is exposed, the setting structure requires that the specifiable indexes need to contain encrypted timestamps. And the encrypted timestamp is obtained by encrypting the specified timestamp by adopting an agreed encryption key. The specified timestamp may be a fixed timestamp, or may be an index generation timestamp, which is not limited in this embodiment. The time stamp is encrypted by adopting the appointed encryption key, so that the time stamp can be prevented from being tampered in the transmission process.

Based on this, if the structure of the index meets the set structure requirement, whether the index is a valid index can be judged according to the encrypted timestamp contained in the index. The rich client can try to decrypt the encrypted timestamp by adopting an agreed decryption key to obtain the timestamp, and the validity of the index is judged based on the timestamp.

The data query system includes, in addition to the index generated in accordance with the set structure requirement, indexes that are not generated in accordance with the set structure requirement (that is, indexes generated in accordance with the history index generation method) of the stock. Therefore, after the generation mode of the index is changed, a filter can be set to avoid influencing the query function of the stock index. The filter maintains an inventory index that the data server generates prior to building the filter.

Wherein the filter is sent by the data server. The data server may send the latest filters to the rich client at set periods (e.g., 12 hours, 24 hours, 3 days) to meet the real-time updated defense filtering needs.

In some embodiments, before determining whether the index is a valid index through a preset filter, the rich client may request the data server to obtain the filter. The data server can scan the full data stored in the data query system at the moment to obtain a full index corresponding to the full data, and the full index is sent to the rich client for use by the filter of the rich client. Wherein the full index may be cached in the HashMap table.

Based on this, when the structure of the index does not meet the set structure requirement, the rich client can judge whether the index is a valid index through a preset filter. If the filter determines that the index misses any of the pre-stored indices, the index may be considered an invalid index. If the filter determines that the index hits in a pre-stored index, the index may be considered a valid index.

If the index is judged to be an effective index according to the encrypted timestamp information contained in the index, or the index is judged to be an effective index through a preset filter, the rich client side can send a request corresponding to the index to the data server, so that the data server performs data query operation according to the index. If the index is an invalid index, the rich client can intercept the query request corresponding to the index.

In this embodiment, after receiving the query request, the rich client may first determine the structure of the index in the query request, and if the structure of the index meets the set structure requirement, determine whether the index is a valid index according to an encrypted timestamp included in the index. If the structure of the index does not meet the set requirement, judging whether the index is a valid index according to the stock index stored in the filter. The encrypted timestamp in the index-based structure and the method for verifying the validity of the index by the filter can filter and intercept the index which meets the set structure requirement and the index which does not meet the set structure requirement. On one hand, the method is favorable for carrying out good compatibility on the query process of the stock index which does not follow the set format requirement in the data query system, and reduces the probability of malicious attack on the data query system. On the other hand, the judgment efficiency of invalid indexes can be accelerated based on the filter, and the attack defense cost of the data query system can be reduced.

In addition, in this embodiment, since the validity of the index can be determined by the encrypted timestamp in the index, the requirement for strong consistency between the index cached in the filter and the index actually held in the data server is low. Even if the set of indexes cached in the filter is smaller than the set of indexes actually owned in the data server, the rich client can perform validity judgment on the indexes by checking the encryption information in the indexes.

Optionally, after the solutions provided by the above and following embodiments of the present application are started to intercept and filter the access request, the index may be generated according to the set structure requirement. In some optional embodiments, the base string (baseString) in the index may be combined in a set structure from at least the data identification character, the encrypted timestamp information, and the encryption key version number. Namely:

baseString ═ combinatorial mode 1 (data identifier, version number of encryption key, encrypt _ encKey (ramdonString, timeStamp));

index Key 2(baseString)

Where timeStamp can be the generation timeStamp of the index. encKey represents a symmetric encryption key, and encryption _ encKey (timeStamp) represents an encryption key corresponding to a key version number of the encryption key, and an encrypted timeStamp obtained by encrypting a random string and an index generation timeStamp.

Based on this, in some exemplary embodiments, when determining whether the structure of the index meets the set structure requirement, the rich client may determine whether the basic character string in the index is obtained by combining the data identification character, the encrypted timestamp information, and the encryption key version number according to the set structure; if so, the rich client can judge whether the key version number in the basic character string is a valid encryption key version number; if so, the rich client may determine that the structure of the index satisfies the set structure requirement.

The rich client can periodically receive the decryption key corresponding to the version number of the valid encryption key sent by the data server. The version number of the valid encryption key may be determined by the data server according to the level of the version number of the encryption key. For example, the data server may treat the key version number with the higher version number as the valid encryption key version number. Or the version number of the valid encryption key may also be a version number of a new version generated in a specified time period closer to the current time, which is not limited in this embodiment.

In some exemplary embodiments, if the structure of the index meets the set structure requirement, the rich client may obtain the encrypted timestamp information and the version number of the encryption key from the index when determining whether the index is a valid index according to the encrypted timestamp information included in the index; and decrypting the encrypted timestamp information by adopting a decryption key corresponding to the version number of the encryption key to obtain the generation timestamp of the index.

If the generation timestamp of the index is smaller than or equal to the construction timestamp of the filter, the rich client adopts the filter to judge whether the index is an effective index.

If the generation timestamp of the index is greater than the construction timestamp of the filter and less than the timestamp of the current moment, the rich client determines that the index is an effective index. That is, the index may have been recently generated. The timestamp less than the current time may include: the time difference with the current time stamp is larger than the set time threshold. Furthermore, the misjudgment caused by the clock inaccuracy among different devices can be overcome.

And if the generation time stamp of the index is greater than or equal to the time stamp of the current time, determining that the index is an invalid index.

In some embodiments, an index white list may be set according to actual requirements, and valid indexes requiring special processing may be stored in the white list. When the structure of the index does not meet the set structure requirement and the index is judged to be an invalid index by the filter, whether the index is the index needing special processing or not can be judged through the white list. If the index passes the matching operation of the white list, the data server can perform data query operation according to the index. If the index does not pass the matching operation of the white list, the data server can return a message that the index query fails.

The attack defense method provided by the above embodiments will be further exemplified below with reference to fig. 4. First, the rich client obtains the filter, the white list of keys, and the symmetric encrypted Key from the data server.

As shown in fig. 4, in the pre-verification process of the rich client, when receiving a query Key, the structure of the Key may be first analyzed, and whether the structure of the Key meets the requirement of the set structure is determined. If the Key does not meet the requirement of setting the structure, the validity of the index can be judged through a filter. If the Key meets the requirement of the set structure, the encrypted timestamp can be decrypted by using the corresponding decryption Key through the Key structure and the information of the encryption Key version.

And if the construction time of the Key is known to be after the construction time of the filter and before the current time according to the time stamp obtained by decryption, the query Key can be sent to a data server for query. If the Key meets the requirement of setting the structure, but the construction time of the Key is behind the current time, the Key can be judged to be invalid and intercepted. If the Key meets the requirement of setting the structure, but the construction time of the Key is before that of the filter, the validity of the Key can be judged through the filter.

If the filter judges that the Key is an invalid Key, the validity of the Key can be judged through a white list of the Key. And if the Key is judged to be an effective Key needing special processing according to the white list, entering a data query system for querying. Otherwise, returning the message of failure query.

When the data server intercepts malicious access based on the above embodiments, in a test of an actual application scenario, the higher the update efficiency and the breakdown rate of the filter are, the higher the interception rate of the rich client to the malicious access request is. In some scenarios, if the filter is updated in a day-level cycle and the breakdown probability of the filter is set to 99.99%, the overall interception rate of the rich client can reach 99.99%.

It should be further noted that, in order to facilitate the data server or the rich client to perform pre-verification on the access request by using the foregoing embodiment, pre-verified information required by the foregoing various embodiments may be comprehensively considered when designing the structure of the index. That is, the index can be generated from elements such as a random string (ramdonString), a generation time stamp (timeStamp) of the index, an encryption key (encKey), a signature key (signKey), a key version number of the signature key, and a version number of the encryption key. Namely:

baseString ═ combinatorial mode 1 (data identifier character, key version number of signature key, version number of encryption key, encrypt _ encKey (ramdonString, timeStamp));

combination mode 2(baseString, signature _ signkey (baseString))

After the index formed based on the structure is formed, the defense interception of one side of the rich client side can be started, or the defense interception of one side of the data server can be started, or the rich client side and the data server can be started simultaneously to perform two-layer defense interception.

Although the defense interception at the rich client side and the defense interception at the data server side are different in check logic of the index, the calculation magnitude is the same. Namely, the rich client side only pays attention to the information of the encrypted part, only needs to carry out decryption calculation once, does not carry out signature calculation, and further guarantees that the signature key cannot be sent to be leaked so as to generate systematic blasting risk. One side of the data server only concerns the information of the signature part, only needs to perform signature calculation once, and does not perform decryption calculation, so that the computation magnitude is the same as that of the rich client.

As shown in fig. 5, if the rich client and the data server are started to perform two-layer defense interception simultaneously, the pre-verification of the rich client is performed before the query request reaches the service of the data query system, and the pre-verification of the data server is performed after the query request reaches the data server. That is, the index is validly identified by the rich client based on the structure of the index and the encrypted timestamp before the access request reaches the data server. After the access request reaches the data server, the data server may perform validity identification on the index according to the structure of the index and the signature information, which may specifically refer to the descriptions of the foregoing embodiments and will not be described herein again.

Optionally, when two-layer interception is performed based on the rich client and the data server, the filter in the rich client and the filter in the data server may share the same index cache data. That is, the rich client and the data server may share a cache instance in which a set of valid indexes is stored, and the data server may manage the set of valid indexes. In the pre-check process, both the rich client and the data server can query and judge the validity of the index through the shared cache example, and details are not repeated.

In the implementation mode, two layers of interception are carried out based on the rich client and the data server, so that the interception rate can be further improved, and the probability that the data query system is maliciously attacked is reduced.

It should be noted that the execution subjects of the steps of the methods provided in the above embodiments may be the same device, or different devices may be used as the execution subjects of the methods. For example, the execution subjects of steps 101 to 103 may be device a; for another example, the execution subject of

steps

101 and 102 may be device a, and the execution subject of step 103 may be device B; and so on.

In addition, in some of the flows described in the above embodiments and the drawings, a plurality of operations are included in a specific order, but it should be clearly understood that the operations may be executed out of the order presented herein or in parallel, and the sequence numbers of the operations, such as 101, 102, etc., are merely used for distinguishing different operations, and the sequence numbers do not represent any execution order per se. Additionally, the flows may include more or fewer operations, and the operations may be performed sequentially or in parallel.

Fig. 6 illustrates a schematic structural diagram of a server provided in an exemplary embodiment of the present application, on which a data query system is deployed. As shown in fig. 6, the server includes: memory 601, processor 602, and communication component 603.

The memory 601 is used for storing computer programs and may be configured to store other various data to support operations on the server. Examples of such data include instructions for any application or method operating on the server, contact data, phonebook data, messages, pictures, videos, and so forth.

The memory 601 may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.

A processor 602, coupled to the memory 601, for executing the computer programs in the memory 601 to: receiving a query request, wherein the query request comprises an index of data to be queried; judging whether the structure of the index meets the set structure requirement or not; if the structure of the index meets the set structure requirement, judging whether the index is a valid index according to signature information contained in the index; if the structure of the index does not meet the set structure requirement, judging whether the index is an effective index or not through a preset filter; storing a stock index which does not comply with the set structure requirement in the filter; and if the index is a valid index, performing data query operation according to the index.

Further optionally, when determining whether the structure of the index meets the set structure requirement, the processor 602 is specifically configured to: judging whether the index is obtained by combining a basic character string and the signature information according to a set structure; the base string includes at least: data identification characters and signature key version numbers used by the signature information; if the index is obtained by combining the basic character string and the signature information according to a set structure, judging whether the signature key version number is a valid signature key version number; and if the signature key version number is a valid signature key version number, determining that the structure of the index meets the requirement of a set structure.

Further optionally, if the structure of the index meets the requirement of the set structure, when determining whether the index is a valid index according to the signature information included in the index, the processor 602 is specifically configured to: acquiring the basic character string, the signature information and a signature key version number used by the signature information from the index; signing the basic character string by adopting a signature key corresponding to the version number of the signature key to obtain new signature information; judging whether the signature information in the index is consistent with the new signature information; and if so, determining the index as a valid index.

Further optionally, after determining whether the signing key version number is a valid signing key version number, the processor 602 is further configured to: responding to a key updating event when a new index is generated, and updating the version of the signature key to obtain the updated version number of the target signature key; updating the version number of the effective signing key by adopting the version number of the target signing key; and adding the stock index with the signature key version number lower than the target signature key version number into the filter so as to filter the access request corresponding to the stock index through the filter.

Further optionally, before determining whether the index is a valid index through a preset filter, the processor 602 is further configured to: scanning the full data in the data server to obtain a full index corresponding to the full data; and adding the full index into the filter, so that the filter judges the effectiveness of the index in the received query request according to the full index.

Further, as shown in fig. 6, the server further includes: communication components 603, power components 604, and the like. Only some of the components are schematically shown in fig. 6, and it is not meant that the server includes only the components shown in fig. 6.

Wherein the communication component 603 is configured to facilitate communication between the device in which the communication component is located and other devices in a wired or wireless manner. The device in which the communication component is located may access a wireless network based on a communication standard, such as WiFi, 2G, 3G, 4G, or 5G, or a combination thereof. In an exemplary embodiment, the communication component receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component may be implemented based on Near Field Communication (NFC) technology, Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.

The power supply assembly 604 provides power to various components of the device in which the power supply assembly is located. The power components may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the device in which the power component is located.

Accordingly, the present application further provides a computer-readable storage medium storing a computer program, where the computer program can implement the steps that can be executed by the server in the foregoing embodiments when executed.

Accordingly, embodiments of the present application also provide a computer program product, which includes a computer program/instructions, wherein when the computer program is executed by a processor, the processor is caused to implement the steps that can be executed by the server in the above embodiments.

Fig. 7 is a schematic structural diagram of a gateway device, which is deployed between a client and a data server, according to an exemplary embodiment of the present application. As shown in fig. 7, the gateway apparatus includes: memory 701, processor 702, and communications component 703.

A memory 701 for storing a computer program and may be configured to store other various data to support operations on the server. Examples of such data include instructions for any application or method operating on the server, contact data, phonebook data, messages, pictures, videos, and so forth.

The memory 701 may be implemented by any type or combination of volatile and non-volatile memory devices, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.

A processor 702, coupled to the memory 701, for executing the computer program in the memory 701 for: receiving a query request through the communication component 703, the query request containing an index of data to be queried; judging whether the structure of the index meets the set structure requirement or not; if the structure of the index meets the set structure requirement, judging whether the index is a valid index according to encrypted timestamp information contained in the index; if the structure of the index does not meet the set structure requirement, judging whether the index is an effective index or not through a preset filter; the filter stores a full index generated by a data server before the filter is constructed; and if the index is an effective index, sending the query request to the corresponding data server.

Further optionally, when determining whether the structure of the index meets the set structure requirement, the processor 702 is specifically configured to: judging whether the basic character string in the index is obtained by combining a data identification character, encrypted timestamp information and an encryption key version number according to a set structure; if the basic character string in the index is obtained by combining the data identification character, the encrypted timestamp information and the encryption key version number according to a set structure, judging whether the encryption key version number is a valid encryption key version number; and if the version number of the encryption key is a valid version number of the encryption key, determining that the structure of the index meets the requirement of a set structure.

Further optionally, if the structure of the index meets the requirement of the set structure, when determining whether the index is a valid index according to the encrypted timestamp information included in the index, the processor 702 is specifically configured to: acquiring the encrypted timestamp information and the version number of the encryption key from the index; decrypting the encrypted timestamp information by adopting a decryption key corresponding to the version number of the encryption key to obtain the generation timestamp of the index; if the generation timestamp of the index is less than or equal to the construction timestamp of the filter, judging whether the index is a valid index by using the filter; if the generation timestamp of the index is larger than the construction timestamp of the filter and smaller than the timestamp of the current moment, determining the index as an effective index; and if the generation time stamp of the index is greater than or equal to the time stamp of the current time, determining the index as an invalid index.

Further optionally, before determining whether the structure of the index meets the set structure requirement, the processor 702 further includes: and receiving the filter sent by the data server and a decryption key corresponding to the version number of the effective encryption key.

Further, as shown in fig. 7, the gateway device further includes: display component 704, power component 705, and audio component 706. Only some of the components are schematically shown in fig. 7, and it is not meant that the gateway device includes only the components shown in fig. 7.

The communication component 703 is configured to facilitate communication between the device in which the communication component is located and other devices in a wired or wireless manner. The device in which the communication component is located may access a wireless network based on a communication standard, such as WiFi, 2G, 3G, 4G, or 5G, or a combination thereof. In an exemplary embodiment, the communication component receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component may be implemented based on Near Field Communication (NFC) technology, Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.

The display module 704 includes a Liquid Crystal Display (LCD) and a Touch Panel (TP). If display component 704 comprises a touch panel, display component 704 can be implemented as a touch screen to receive input signals from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation.

The power supply 705 provides power to various components of the device in which the power supply is located. The power components may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the device in which the power component is located.

Where the audio component 706 is stored as an output and/or input audio signal. For example, the audio component 706 includes a Microphone (MIC) configured to receive external audio signals when the device in which the audio component 706 is located is in an operational mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signal may further be stored in a memory or transmitted via a communication component. In some embodiments, audio component 706 also includes a speaker for outputting audio signals.

As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.

Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims

1. An attack defense method for a data query system, comprising:

receiving a query request, wherein the query request comprises an index of data to be queried;

judging whether the structure of the index meets the set structure requirement or not;

if the structure of the index meets the set structure requirement, judging whether the index is a valid index according to signature information contained in the index;

if the structure of the index does not meet the set structure requirement, judging whether the index is an effective index or not through a preset filter; storing a stock index which does not comply with the set structure requirement in the filter;

and if the index is a valid index, performing data query operation according to the index.

2. The method of claim 1, wherein determining whether the structure of the index meets a set structure requirement comprises:

judging whether the index is obtained by combining a basic character string and the signature information according to a set structure; the base string includes at least: data identification characters and signature key version numbers used by the signature information;

if the index is obtained by combining the basic character string and the signature information according to a set structure, judging whether the signature key version number is a valid signature key version number;

and if the signature key version number is a valid signature key version number, determining that the structure of the index meets the requirement of a set structure.

3. The method of claim 2, wherein if the structure of the index meets the requirement of the set structure, determining whether the index is a valid index according to signature information included in the index comprises:

acquiring the basic character string, the signature information and a signature key version number used by the signature information from the index;

signing the basic character string by adopting a signature key corresponding to the version number of the signature key to obtain new signature information;

judging whether the signature information in the index is consistent with the new signature information;

and if so, determining the index as a valid index.

4. The method of claim 2, wherein after determining whether the signing key version number is a valid signing key version number, further comprising:

responding to a key updating event when a new index is generated, and updating the version of the signature key to obtain the updated version number of the target signature key;

updating the version number of the effective signing key by adopting the version number of the target signing key;

and adding the stock index with the signature key version number lower than the target signature key version number into the filter so as to filter the access request corresponding to the stock index through the filter.

5. The method according to any one of claims 1-4, wherein before determining whether the index is a valid index through a preset filter, the method further comprises:

scanning the full data in the data server to obtain a full index corresponding to the full data;

and adding the full index into the filter, so that the filter judges the effectiveness of the index in the received query request according to the full index.

6. An attack defense method for a data query system, comprising:

if the structure of the index meets the set structure requirement, judging whether the index is a valid index according to encrypted timestamp information contained in the index;

if the structure of the index does not meet the set structure requirement, judging whether the index is an effective index or not through a preset filter; the filter stores a full index generated by a data server before the filter is constructed;

and if the index is an effective index, sending the query request to the corresponding data server.

7. The method of claim 6, wherein determining whether the structure of the index meets a set structure requirement comprises:

judging whether the basic character string in the index is obtained by combining a data identification character, encrypted timestamp information and an encryption key version number according to a set structure;

if the basic character string in the index is obtained by combining the data identification character, the encrypted timestamp information and the encryption key version number according to a set structure, judging whether the encryption key version number is a valid encryption key version number;

and if the version number of the encryption key is a valid version number of the encryption key, determining that the structure of the index meets the requirement of a set structure.

8. The method of claim 7, wherein if the structure of the index meets the set structure requirement, determining whether the index is a valid index according to encrypted timestamp information included in the index comprises:

acquiring the encrypted timestamp information and the version number of the encryption key from the index;

decrypting the encrypted timestamp information by adopting a decryption key corresponding to the version number of the encryption key to obtain the generation timestamp of the index;

if the generation timestamp of the index is less than or equal to the construction timestamp of the filter, judging whether the index is a valid index by using the filter;

if the generation timestamp of the index is larger than the construction timestamp of the filter and smaller than the timestamp of the current moment, determining the index as an effective index;

and if the generation time stamp of the index is greater than or equal to the time stamp of the current time, determining the index as an invalid index.

9. The method according to claim 7 or 8, wherein before determining whether the structure of the index meets the set structure requirement, the method further comprises: and receiving the filter sent by the data server and a decryption key corresponding to the version number of the effective encryption key.

10. A server, comprising: a memory and a processor;

the memory is to store one or more computer instructions;

the processor is to execute the one or more computer instructions to: performing the steps of the method of any one of claims 1-5.

11. A gateway device, comprising: a memory and a processor;

the memory is to store one or more computer instructions;

the processor is to execute the one or more computer instructions to: performing the steps of the method of any one of claims 6-9.

12. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, is adapted to carry out the steps of the method of any one of claims 1 to 9.