CN115037554A - Network security protection method and system based on big data - Google Patents
Network security protection method and system based on big data Download PDFInfo
- Publication number
- CN115037554A CN115037554A CN202210798197.2A CN202210798197A CN115037554A CN 115037554 A CN115037554 A CN 115037554A CN 202210798197 A CN202210798197 A CN 202210798197A CN 115037554 A CN115037554 A CN 115037554A
- Authority
- CN
- China
- Prior art keywords
- request source
- identity
- blacklist
- request
- repository
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- 238000012795 verification Methods 0.000 claims abstract description 4
- 238000004891 communication Methods 0.000 claims description 29
- 230000008569 process Effects 0.000 claims description 24
- 230000002596 correlated effect Effects 0.000 claims description 23
- 238000012913 prioritisation Methods 0.000 claims description 19
- 230000002427 irreversible effect Effects 0.000 claims description 8
- 238000010586 diagram Methods 0.000 description 8
- 230000000694 effects Effects 0.000 description 5
- 238000005192 partition Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000002411 adverse Effects 0.000 description 3
- 238000000429 assembly Methods 0.000 description 1
- 230000000712 assembly Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000000875 corresponding effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a network security protection method and system based on big data, and relates to the technical field of network security. The invention relates to a network security protection method based on big data, which comprises the steps of obtaining an access request sent by a request source; sending an identity authentication request to a request source sending an access request, wherein the identity authentication request requires the request source to generate and send identity characteristics; receiving identity characteristics sent by a request source; the identity characteristics of the request source are compared with the blacklist library in a consistent manner; if the comparison is consistent, judging that the request source is an illegal request source, and refusing the access request; if the comparison is not consistent, the request source is judged to be a legal request source, and the access request is responded. According to the invention, through establishing the blacklist library based on the identity characteristics of the request source, effective anti-malicious reading can be provided for the internet information which does not need login verification.
Description
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a network security protection method and system based on big data.
Background
The public information stored on the server may be frequently read maliciously, which causes the bandwidth pressure and storage pressure of the server to be too large, and thus, the network service provided for normal users is affected.
A traditional mode establishes a blacklist mechanism based on a user name, and the user name which meets the condition of black pulling is black pulled. But for internet information which faces all internet users and does not need login authentication, effective malicious-resistant reading is difficult to realize.
Disclosure of Invention
The invention aims to provide a network security protection method and system based on big data, which can provide effective malicious-proof reading for internet information which does not need login verification by establishing a blacklist base based on identity characteristics of a request source.
In order to solve the technical problems, the invention is realized by the following technical scheme:
the invention provides a network security protection method based on big data, which comprises the following steps,
acquiring an access request sent by a request source;
sending an authentication request to the request source which sends the access request, wherein the authentication request requires the request source to generate and send identity characteristics;
receiving the identity characteristics sent by the request source;
carrying out consistency comparison on the identity characteristics of the request source and a blacklist library;
if the comparison is consistent, judging that the request source is an illegal request source, and refusing the access request;
if the comparison is not consistent, the request source is judged to be a legal request source, and the access request is responded.
In an embodiment of the present invention, the step of comparing the identity of the request source with the blacklist library consistently includes,
establishing the blacklist library, wherein the blacklist library comprises a first blacklist library and a second blacklist library;
sending the identity characteristics of the request source to the first blacklist base for consistency comparison;
if the comparison is consistent, judging that the request source is an illegal request source, and refusing the access request;
if the comparison is inconsistent, the identity characteristics of the request source are sent to the second blacklist base for consistency comparison;
if the comparison is consistent, judging that the request source is an illegal request source, refusing to access the request, and recording the identity characteristic of the request source to the first blacklist library;
if the comparison is not consistent, the request source is judged to be a legal request source, and the access request is responded.
In one embodiment of the present invention, the step of recording the identity of the request source to the first blacklist repository includes,
acquiring a retrieval sequence in the process of carrying out consistency comparison on the first blacklist library;
acquiring the times of the identity characteristics of the request source appearing in the first blacklist base;
adding one to the number of times the identity of the request source appears in the first blacklist base;
and arranging the sequence of the identity features of the request source in the first blacklist library, which is obtained by adding one to the times of appearance in the first blacklist library, according to the retrieval sequence in the consistency comparison process of the first blacklist library, so that the times of appearance of the identity features of the request source in the first blacklist library are positively correlated with the sequence in the first blacklist library.
In an embodiment of the present invention, the step of ranking, according to the retrieval sequence in the process of performing consistency comparison on the first blacklist library, the identity characteristics of the request source whose number of times of occurrence in the first blacklist library is added by one in the order of the first blacklist library, so that the number of times of occurrence of the identity characteristics of the request source in the first blacklist library is positively correlated with the order of the identity characteristics in the first blacklist library, includes,
acquiring the updating time of the identity characteristic of the request source in the first blacklist library;
acquiring the occurrence times of the identity characteristics of the request source in the first blacklist library;
arranging an order of the identity feature of the request source in the first blacklist repository according to an update time of the identity feature of the request source in the first blacklist repository and an occurrence number of the identity feature of the request source in the first blacklist repository, so that the occurrence number of the identity feature of the request source in the first blacklist repository is positively correlated with the order in the first blacklist repository, and the update time of the identity feature of the request source in the first blacklist repository is positively correlated with the order in the first blacklist repository.
In one embodiment of the present invention, the step of arranging the order of the identity feature of the request source in the first blacklist repository according to the update time of the identity feature of the request source in the first blacklist repository and the number of occurrences of the identity feature of the request source in the first blacklist repository, such that the number of occurrences of the identity feature of the request source in the first blacklist repository is positively correlated with the order in the first blacklist repository, and the update time of the identity feature of the request source in the first blacklist repository is positively correlated with the order in the first blacklist repository, includes,
dividing a frequency priority sorting area and an updating time priority sorting area in the first blacklist library according to a retrieval sequence in the consistency comparison process of the first blacklist library;
in the frequency priority ordering area, ordering the identity characteristics of the request source according to the occurrence frequency of the identity characteristics of the request source in the first blacklist library;
and in the update time priority ordering area, ordering the identity characteristics of the request sources according to the update time of the identity characteristics of the request sources in the first blacklist library.
In an embodiment of the present invention, the step of dividing the first blacklist bank into a time prioritization region and an update time prioritization region according to the retrieval order in the consistency comparison process performed by the first blacklist bank includes,
dividing the update time priority zone into a first update time priority zone and a second update time priority zone, wherein the first update time priority zone is located before the second update time priority zone according to a retrieval sequence in a consistency comparison process of the first blacklist base;
placing the time prioritization zone between the first update time prioritization subregion and the second update time prioritization subregion;
wherein the time-prioritized area is located between the first update-time-prioritized sub-area and the second update-time-prioritized sub-area.
In one embodiment of the present invention, the step of arranging the order of the identity feature of the request source in the first blacklist repository according to the update time of the identity feature of the request source in the first blacklist repository and the number of occurrences of the identity feature of the request source in the first blacklist repository, such that the number of occurrences of the identity feature of the request source in the first blacklist repository is positively correlated with the order in the first blacklist repository, and the time at which the identity feature of the request source is updated in the first blacklist repository is positively correlated with the order in the first blacklist repository, further comprises,
the byte length of the identity characteristic of the request source is a set fixed length;
dividing a dictionary sorting area in the first blacklist library according to a retrieval sequence in the consistency comparison process of the first blacklist library, wherein the dictionary sorting area is positioned behind the times priority sorting area and the updating time priority sorting area, the identity characteristics of the request source are stored in the dictionary sorting area according to a byte sequence, when the updating time of the identity characteristics of the request source in the dictionary sorting area is later than a set time point, the request source is transferred to the updating time priority sorting area, and when the updating times of the identity characteristics of the request source in the dictionary sorting area are larger than a set numerical value, the request source is transferred to the times priority sorting area;
when the identity characteristics of the request source are obtained, retrieving the identity characteristics of the request source in the times priority ordering area and the updating time priority ordering area;
and if the identity characteristics of the request source are not retrieved in the times priority ordering area and the updating time priority ordering area, retrieving in the dictionary ordering area.
In one embodiment of the invention, the step of the request source generating and sending identity characteristics comprises,
acquiring personalized content of the request source, a communication protocol followed by the request source, a communication encryption mode of the request source and a declaration identity of the request source;
arranging the personalized content of the request source, the communication protocol followed by the request source, the communication encryption mode of the request source and the declared identity of the request source according to a fixed format sequence;
and carrying out one-way irreversible encryption on the personalized content of the request source, the communication protocol followed by the request source, the communication encryption mode of the request source and the declared identity of the request source which are arranged according to a fixed format sequence to obtain the identity characteristics of the request source.
In an embodiment of the present invention, the step of performing unidirectional irreversible encryption on the personalized content of the request source, the communication protocol followed by the request source, the communication encryption manner of the request source, and the declared identity of the request source, which are arranged according to a fixed format sequence, to obtain the identity characteristic of the request source, includes,
acquiring the number of the identity characteristics of the request source in the blacklist library;
obtaining allowable misjudgment probability;
acquiring the byte length of the identity characteristic of the request source according to the number of the identity characteristics of the request source in the blacklist library and the allowable misjudgment probability;
according to the byte length of the identity feature of the request source, respectively carrying out unidirectional irreversible random encryption on the personalized content of the request source, the communication protocol followed by the request source, the communication encryption mode of the request source and/or the declared identity of the request source according to a fixed format sequence, and then combining to obtain the identity feature of the request source.
The invention also discloses a network security protection method and a system based on big data, which is characterized by comprising the following steps,
the server side acquires an access request sent by a request source;
sending an authentication request to the request source which sends the access request, wherein the authentication request requires the request source to generate and send identity characteristics;
receiving the identity characteristics sent by the request source;
the identity characteristics of the request source are compared with the blacklist library in a consistency mode;
if the comparison is consistent, judging that the request source is an illegal request source, and refusing the access request;
if the comparison is inconsistent, judging that the request source is a legal request source, and responding to the access request;
and the user side generates and sends identity characteristics according to the identity authentication request.
In the implementation process of the invention, the server side requires the request source to generate and send the identity characteristics, and then the identity characteristics of the request source are compared with the blacklist library in a consistent manner. The identity characteristics can realize effective identification of the Internet access request source, so that the malicious network access can be effectively intercepted, and the adverse effect of the malicious network access on the normal network access can be avoided.
Of course, it is not necessary for any product in which the invention is practiced to achieve all of the above-described advantages at the same time.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the description below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flowchart illustrating a big data-based network security protection method according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating step S1 according to an embodiment of the present invention;
FIG. 3 is a diagram illustrating step S48 according to an embodiment of the present invention;
FIG. 4 is a diagram illustrating step S484 according to an embodiment of the present invention;
FIG. 5 is a diagram illustrating step S4843 according to an embodiment of the present invention;
FIG. 6 is a diagram illustrating step S48431 according to an embodiment of the present invention;
FIG. 7 is a diagram illustrating the steps of a request source generating and sending identity signatures according to one embodiment of the present invention;
FIG. 8 is a diagram illustrating step S53 according to an embodiment of the present invention;
fig. 9 is a schematic diagram illustrating an information interaction direction of a big data-based network security protection system according to an embodiment of the present invention;
in the drawings, the reference numbers indicate the following list of parts:
1-server side, 2-user side.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
For internet content that does not require a user to log in, the present invention provides the following solutions in order to cope with malicious access.
Referring to fig. 1, when a user accesses data at a server, step S1 is first executed to obtain an access request sent by a request source, where the access request may be a plaintext conforming to an internet encryption communication specification. Step S2 is executed to send an authentication request to the request source that issued the access request, where the authentication request requires the request source to generate and send an identity feature, which may be a string of data without specific meaning. Step S3 is executed to receive the identity sent by the request source. And step S4 is executed to compare the identity of the request source with the blacklist library for consistency, if the identity is consistent with the blacklist library, the request source is determined to be an illegal request source, the access request is rejected, and if the identity is inconsistent with the blacklist library, the request source is determined to be a legal request source, and the access request is responded. By acquiring the identity characteristics generated and sent by the request source, the request source is effectively identified, and adverse effects on normal internet services caused by malicious access are avoided.
Referring to fig. 2, since the number of internet users and various access tools is very large, in order to improve the comparison efficiency of the identity characteristics of the request sources, step S41 may be first executed in step S4 to establish a blacklist library, where the blacklist library includes a first blacklist library and a second blacklist library. Step S42 may be executed to send the identity of the request source to the first blacklist repository for consistency comparison. If the comparison is consistent, step S43 may be executed to determine that the request source is an illegal request source, and deny the access request. If the comparison is inconsistent, step S44 may be executed to send the identity of the request source to the second blacklist library for consistency comparison. If the comparison is consistent, step S47 may be executed to determine that the request source is an illegal request source, and the access request is denied, and step S48 may be executed to record the identity of the request source in the first blacklist repository. If the comparison result is not consistent, step S49 may be executed to determine that the request source is a legal request source, and respond to the access request. The blacklist library is divided into a first blacklist library and a second blacklist library, so that the comparison efficiency of the identity characteristics of the request source is improved.
Referring to fig. 2, in the execution process, after step S44 is executed, if the comparison result is consistent, step S45 is executed to determine that the request source is an illegal request source, and the access request is denied. If the comparison is not consistent, step S46 may be executed to send the identity of the request source to the second blacklist repository for consistency comparison, and if the comparison is consistent, step S47 may be executed to determine that the request source is an illegal request source, reject the access request, and execute step S48 to record the identity of the request source to the first blacklist repository. If the comparison is not consistent, step S49 may be executed to determine that the request source is a legal request source, and respond to the access request. By repeatedly comparing the second blacklist, the comparison accuracy is increased.
Referring to fig. 3, in order to further improve the comparison efficiency, in the step of recording the identity of the request source to the first blacklist library in step S48, step S481 may be first executed to obtain a retrieval sequence in the process of performing consistency comparison on the first blacklist library. Step S482 may then be performed to obtain the number of times the identity of the source of the request appears in the first blacklist repository. Step S483 may be performed to add one to the number of times the identity of the source of the request appears in the first blacklist store. Finally, step S484 may be executed to arrange the order of the identity features of the request source in the first blacklist repository by adding one to the number of times of occurrence in the first blacklist repository according to the retrieval order in the consistency comparison process performed on the first blacklist repository, so that the number of times of occurrence of the identity features of the request source in the first blacklist repository is positively correlated with the order in the first blacklist repository. By sequencing the first blacklist library, the comparison efficiency is improved.
Referring to fig. 4, in order to further improve the comparison efficiency, in the step S484, the identification features of the request source appearing in the first blacklist library plus one are arranged in the first blacklist library according to the retrieval sequence in the consistency comparison process performed on the first blacklist library, so that in the step where the number of times the identification features of the request source appear in the first blacklist library is positively correlated with the sequence in the first blacklist library, the step S4841 may be first performed to obtain the time for updating the identification features of the request source in the first blacklist library. Step S4842 may be executed to obtain the number of occurrences of the identity of the requesting source in the first blacklist repository. Step S4843 may be executed to arrange the order of the identity of the request source in the first blacklist repository according to the update time of the identity of the request source in the first blacklist repository and the occurrence number of the identity of the request source in the first blacklist repository, so that the occurrence number of the identity of the request source in the first blacklist repository is positively correlated with the order in the first blacklist repository, and the update time of the identity of the request source in the first blacklist repository is positively correlated with the order in the first blacklist repository. The first blacklist library is sorted according to the updating time of the identity characteristics of the request source and the occurrence times of the identity characteristics of the request source in the first blacklist library, and the comparison efficiency is further improved.
It should be noted that the step flow in the present solution does not constitute a limitation to the solution, for example, step S484 in the present solution arranges, according to the retrieval sequence in the consistency comparison process performed on the first blacklist library, the order of the identity feature of the request source in the first blacklist library, where the number of times that the identity feature of the request source appears in the first blacklist library is added by one, so that, in the step where the number of times that the identity feature of the request source appears in the first blacklist library is positively correlated with the order in the first blacklist library, step S4842 may be first performed to obtain the number of times that the identity feature of the request source appears in the first blacklist library. Step S481 can be performed next to obtain a time when the update of the identity feature of the source is requested in the first blacklist repository. Step S4843 may be executed to rank the order of the identity features of the request sources in the first blacklist store according to the update time of the identity features of the request sources in the first blacklist store and the occurrence times of the identity features of the request sources in the first blacklist store, so that the occurrence times of the identity features of the request sources in the first blacklist store are positively correlated with the order in the first blacklist store, and the update time of the identity features of the request sources in the first blacklist store is positively correlated with the order in the first blacklist store. The first blacklist library is sorted according to the updating time of the identity characteristics of the request source and the occurrence times of the identity characteristics of the request source in the first blacklist library, and the comparison efficiency is further improved.
Referring to fig. 5, in order to implement the sorting of the first blacklist bank, in step S4843, step S48431 may be first executed to divide the number-of-times-prioritized region and the update-time-prioritized region in the first blacklist bank according to the search order in the consistency comparison process performed by the first blacklist bank. Step S48432 may be executed to sort the identity characteristics of the request sources according to the number of occurrences of the identity characteristics of the request sources in the first blacklist repository in the number-of-occurrences prioritization area. Finally, step S48432 may be executed to sort the identity features of the request sources according to the update time of the identity features of the request sources in the first blacklist repository in the update time prioritization region. Thereby enabling ranking the first blacklist bank.
Referring to fig. 6, in order to further improve the comparison efficiency, in step S48431, step S484311 may be executed to divide the update time prioritized partition into a first update time prioritized partition and a second update time prioritized partition, wherein the first update time prioritized partition is located before the second update time prioritized partition according to the search order in the consistency comparison process performed by the first blacklist library. Step 484312 may be performed first to place the number of times prioritization region between the first update time prioritization subregion and the second update time prioritization subregion. When step S484311 is executed, the holding time prioritization area is located between the first update time prioritization sub-area and the second update time prioritization sub-area. The first updating time priority sub-area, the second updating time priority sub-area and the time priority sub-area are sequenced, and therefore the technical effect of improving the comparison efficiency is achieved.
Referring to fig. 5 and 6, in step S4843, the byte length of the identity of the request source is a set fixed length. According to a retrieval sequence in the consistency comparison process of the first blacklist library, a dictionary sorting area is divided in the first blacklist library and is positioned behind a time priority sorting area and an updating time priority sorting area, the identity characteristics of the request source are stored in the dictionary sorting area according to a byte sequence, when the updating time of the identity characteristics of the request source in the dictionary sorting area is later than a set time point, the dictionary sorting area is transferred to the updating time priority sorting area, and when the updating time of the identity characteristics of the request source in the dictionary sorting area is larger than a set numerical value, the dictionary sorting area is transferred to the time priority sorting area. And when the identity characteristics of the request source are obtained, retrieving the identity characteristics of the request source in the frequency priority ordering area and the updating time priority ordering area. And if the identity characteristics of the request source are not retrieved in the times priority ordering area and the updating time priority ordering area, retrieving in the dictionary ordering area. Not only is the maintenance difficulty of the first blacklist library reduced, but also the comparison efficiency is further improved.
Referring to fig. 7, in order to realize accurate identification of the request source, the step of generating and sending the identity feature by the request source may first perform step S51 to obtain personalized content of the request source, a communication protocol followed by the request source, a communication encryption manner of the request source, and a declared identity of the request source. Step S52 may be executed to arrange the personalized content of the request source, the communication protocol followed by the request source, the communication encryption mode of the request source, and the asserted identity of the request source in a fixed format order. Finally, step S53 may be executed to perform unidirectional irreversible encryption on the personalized content of the request source, the communication protocol followed by the request source, the communication encryption manner of the request source, and the declared identity of the request source, which are arranged according to the fixed format order, to obtain the identity characteristic of the request source. Thereby enabling accurate identification of the source of the request.
Referring to fig. 8, since the nature of the request source may slightly change, in order to achieve more accurate identification of the request source, step S53 may first be executed to obtain the number of identity features of the request source in the blacklist library in step S531. Step S532 may be performed next to obtain the allowable false positive probability. Step S533 may be executed to obtain the byte length of the identity feature of the request source according to the number of the identity features of the request source in the blacklist library and the allowable misjudgment probability; finally, step S534 may be executed to perform, according to the byte length of the identity feature of the request source, the combination of the personalized content of the request source, the communication protocol followed by the request source, the communication encryption manner of the request source, and/or the declared identity of the request source after performing the unidirectional irreversible random encryption respectively according to the fixed format order, so as to obtain the identity feature of the request source. By generating the identity characteristics of the request sources in a segmented manner, the identity characteristics can be compared in a segmented manner, so that adverse effects on comparison caused by slight changes of the properties of the request sources are avoided.
Referring to fig. 9, the present disclosure also provides a method and a system for protecting network security based on big data, which may include a server 1 and a client 2. In the execution process, the server may be configured to obtain an access request sent by a request source, send an authentication request to the request source that sends the access request, where the authentication request requires the request source to generate and send an identity feature, and receive the identity feature sent by the request source. And comparing the identity characteristics of the request source with the blacklist library in a consistent manner, if the identity characteristics of the request source are consistent with the blacklist library, judging that the request source is an illegal request source, rejecting the access request, and if the identity characteristics of the request source are inconsistent with the blacklist library, judging that the request source is a legal request source and responding to the access request. And the user side is used for generating and sending identity characteristics according to the identity authentication request in the execution process.
In summary, by establishing the blacklist library based on the identity characteristics of the request source, for the access request, the server end requests the user end to send the identity characteristics, and compares the identity characteristics sent by the user end with the blacklist library to intercept or reject the access request according with the access request in the blacklist library, thereby achieving the technical effect of providing effective malicious reading resistance for the internet information which does not need login verification.
The above description of illustrated embodiments of the invention, including what is described in the abstract of the specification, is not intended to be exhaustive or to limit the invention to the precise forms disclosed herein. While specific embodiments of, and examples for, the invention are described herein for illustrative purposes only, various equivalent modifications are possible within the spirit and scope of the present invention, as those skilled in the relevant art will recognize and appreciate. As indicated, these modifications may be made to the present invention in light of the foregoing description of illustrated embodiments of the present invention and are to be included within the spirit and scope of the present invention.
The systems and methods have been described herein in general terms as the details aid in understanding the invention. Furthermore, various specific details have been set forth in order to provide a thorough understanding of the embodiments of the invention. One skilled in the relevant art will recognize, however, that an embodiment of the invention can be practiced without one or more of the specific details, or with other apparatus, systems, assemblies, methods, components, materials, parts, and/or the like. In other instances, well-known structures, materials, and/or operations are not specifically shown or described in detail to avoid obscuring aspects of embodiments of the invention.
Thus, although the present invention has been described herein with reference to particular embodiments thereof, a latitude of modification, various changes and substitutions are intended in the foregoing disclosures, and it will be appreciated that in some instances some features of the invention will be employed without a corresponding use of other features without departing from the scope and spirit of the invention as set forth. Thus, many modifications may be made to adapt a particular situation or material to the essential scope and spirit of the present invention. It is intended that the invention not be limited to the particular terms used in following claims and/or to the particular embodiment disclosed as the best mode contemplated for carrying out this invention, but that the invention will include any and all embodiments and equivalents falling within the scope of the appended claims. Accordingly, the scope of the invention is to be determined solely by the appended claims.
Claims (10)
1. A network security protection method based on big data is characterized by comprising the following steps,
acquiring an access request sent by a request source;
sending an authentication request to the request source which sends the access request, wherein the authentication request requires the request source to generate and send identity characteristics;
receiving the identity characteristics sent by the request source;
the identity characteristics of the request source are compared with the blacklist library in a consistency mode;
if the comparison is consistent, judging that the request source is an illegal request source, and refusing the access request;
if the comparison is not consistent, the request source is judged to be a legal request source, and the access request is responded.
2. The method of claim 1, wherein the step of comparing the identity of the source of the request against a blacklist library comprises,
establishing the blacklist library, wherein the blacklist library comprises a first blacklist library and a second blacklist library;
sending the identity characteristics of the request source to the first blacklist library for consistency comparison;
if the comparison is consistent, judging that the request source is an illegal request source, and refusing the access request;
if the comparison is inconsistent, the identity characteristics of the request source are sent to the second blacklist base for consistency comparison;
if the comparison is consistent, judging that the request source is an illegal request source, refusing to access the request, and recording the identity characteristic of the request source to the first blacklist library;
if the comparison is not consistent, the request source is judged to be a legal request source, and the access request is responded.
3. The method of claim 2, wherein the step of recording the identity of the source of the request to the first blacklist repository comprises,
acquiring a retrieval sequence in the process of carrying out consistency comparison on the first blacklist library;
acquiring the frequency of the identity characteristic of the request source appearing in the first blacklist base;
adding one to the number of times the identity of the request source appears in the first blacklist base;
and arranging the sequence of the identity features of the request source in the first blacklist library, which is obtained by adding one to the times of appearance in the first blacklist library, according to the retrieval sequence in the consistency comparison process of the first blacklist library, so that the times of appearance of the identity features of the request source in the first blacklist library are positively correlated with the sequence in the first blacklist library.
4. The method according to claim 3, wherein the step of ranking the identity of the request source with the number of occurrences in the first blacklist bank plus one in the order of retrieval in the consistency comparison process for the first blacklist bank in such a way that the number of occurrences of the identity of the request source in the first blacklist bank is positively correlated with the order in the first blacklist bank comprises,
acquiring the updating time of the identity characteristic of the request source in the first blacklist library;
acquiring the occurrence times of the identity characteristics of the request source in the first blacklist library;
arranging an order of the identity feature of the request source in the first blacklist repository according to an update time of the identity feature of the request source in the first blacklist repository and an occurrence number of the identity feature of the request source in the first blacklist repository, so that the occurrence number of the identity feature of the request source in the first blacklist repository is positively correlated with the order in the first blacklist repository, and the update time of the identity feature of the request source in the first blacklist repository is positively correlated with the order in the first blacklist repository.
5. The method according to claim 4, wherein the step of arranging the order of the identity of the request source in the first blacklist repository according to the update time of the identity of the request source in the first blacklist repository and the occurrence number of the identity of the request source in the first blacklist repository, so that the occurrence number of the identity of the request source in the first blacklist repository is positively correlated with the order in the first blacklist repository, and the update time of the identity of the request source in the first blacklist repository is positively correlated with the order in the first blacklist repository comprises,
dividing a frequency priority sorting area and an updating time priority sorting area in the first blacklist library according to a retrieval sequence in the consistency comparison process of the first blacklist library;
in the frequency priority ordering area, ordering the identity characteristics of the request source according to the occurrence frequency of the identity characteristics of the request source in the first blacklist library;
and in the update time priority ordering area, ordering the identity characteristics of the request sources according to the update time of the identity characteristics of the request sources in the first blacklist library.
6. The method according to claim 5, wherein said step of dividing a time-prioritized region and an update-time-prioritized region in said first blacklist bin according to a search order in said first blacklist bin for consistency comparison comprises,
dividing the update time priority zone into a first update time priority zone and a second update time priority zone, wherein the first update time priority zone is positioned before the second update time priority zone according to a retrieval sequence in a consistency comparison process of the first blacklist library;
placing the time prioritization zone between the first update time prioritization subregion and the second update time prioritization subregion;
wherein the time prioritization zone is located between the first update time prioritization subregion and the second update time prioritization subregion.
7. The method according to any one of claims 5 or 6, wherein the step of arranging the order of the identity of the request source in the first blacklist repository according to the update time of the identity of the request source in the first blacklist repository and the occurrence number of the identity of the request source in the first blacklist repository such that the occurrence number of the identity of the request source in the first blacklist repository is positively correlated with the order in the first blacklist repository and the update time of the identity of the request source in the first blacklist repository is positively correlated with the order in the first blacklist repository further comprises,
the byte length of the identity characteristic of the request source is a set fixed length;
dividing a dictionary sorting area in the first blacklist library according to a retrieval sequence in the consistency comparison process of the first blacklist library, wherein the dictionary sorting area is positioned behind the times priority sorting area and the updating time priority sorting area, the identity characteristics of the request source are stored in the dictionary sorting area according to a byte sequence, when the updating time of the identity characteristics of the request source in the dictionary sorting area is later than a set time point, the request source is transferred to the updating time priority sorting area, and when the updating times of the identity characteristics of the request source in the dictionary sorting area are larger than a set numerical value, the request source is transferred to the times priority sorting area;
when the identity characteristics of the request source are obtained, retrieving the identity characteristics of the request source in the times priority ordering area and the updating time priority ordering area;
and if the identity characteristics of the request source are not retrieved in the times priority ordering area and the updating time priority ordering area, retrieving in the dictionary ordering area.
8. The method of claim 1, wherein the step of the request source generating and sending identity signatures comprises,
acquiring personalized content of the request source, a communication protocol followed by the request source, a communication encryption mode of the request source and a declaration identity of the request source;
arranging the personalized content of the request source, the communication protocol followed by the request source, the communication encryption mode of the request source and the declared identity of the request source according to a fixed format sequence;
and carrying out one-way irreversible encryption on the personalized content of the request source, the communication protocol followed by the request source, the communication encryption mode of the request source and the declared identity of the request source which are arranged according to a fixed format sequence to obtain the identity characteristics of the request source.
9. The method of claim 8, wherein the step of performing one-way irreversible encryption on the personalized content of the request source, the communication protocol followed by the request source, the communication encryption mode of the request source and the declared identity of the request source in a fixed format order to obtain the identity of the request source comprises,
acquiring the number of the identity characteristics of the request source in the blacklist library;
obtaining allowable misjudgment probability;
acquiring the byte length of the identity characteristic of the request source according to the number of the identity characteristics of the request source in the blacklist library and the allowable misjudgment probability;
according to the byte length of the identity feature of the request source, respectively carrying out unidirectional irreversible random encryption on the personalized content of the request source, the communication protocol followed by the request source, the communication encryption mode of the request source and/or the declared identity of the request source according to a fixed format sequence, and then combining to obtain the identity feature of the request source.
10. A network security protection method and system based on big data is characterized in that the method comprises,
the server side acquires an access request sent by a request source;
sending an authentication request to the request source which sends the access request, wherein the authentication request requires the request source to generate and send identity characteristics;
receiving the identity characteristics sent by the request source;
carrying out consistency comparison on the identity characteristics of the request source and a blacklist library;
if the comparison is consistent, judging that the request source is an illegal request source, and refusing the access request;
if the comparison is inconsistent, judging that the request source is a legal request source, and responding to the access request;
and the user side generates and sends the identity characteristics according to the identity verification request.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210798197.2A CN115037554A (en) | 2022-07-06 | 2022-07-06 | Network security protection method and system based on big data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210798197.2A CN115037554A (en) | 2022-07-06 | 2022-07-06 | Network security protection method and system based on big data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115037554A true CN115037554A (en) | 2022-09-09 |
Family
ID=83128388
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210798197.2A Withdrawn CN115037554A (en) | 2022-07-06 | 2022-07-06 | Network security protection method and system based on big data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115037554A (en) |
-
2022
- 2022-07-06 CN CN202210798197.2A patent/CN115037554A/en not_active Withdrawn
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10817603B2 (en) | Computer security system with malicious script document identification | |
| US10965668B2 (en) | Systems and methods to authenticate users and/or control access made by users based on enhanced digital identity verification | |
| US8312521B2 (en) | Biometric authenticaton system and method with vulnerability verification | |
| US11030287B2 (en) | User-behavior-based adaptive authentication | |
| US10574658B2 (en) | Information security apparatus and methods for credential dump authenticity verification | |
| CN108718341B (en) | Method for sharing and searching data | |
| US11271931B2 (en) | Dynamic and private security fingerprinting | |
| CN108023868B (en) | Malicious resource address detection method and device | |
| CN106470204A (en) | User identification method based on request behavior characteristicss, device, equipment and system | |
| CN112367338A (en) | Malicious request detection method and device | |
| WO2019123665A1 (en) | Collation server, collation method, and computer program | |
| CN108683631B (en) | Method and system for preventing scanning of authority file | |
| US7971054B1 (en) | Method of and system for real-time form and content classification of data streams for filtering applications | |
| CN113196265A (en) | Security detection assay | |
| US11622245B2 (en) | Multi-channel caller ID database updates | |
| CN116668157A (en) | API interface identification processing method, device and medium based on zero trust gateway log | |
| CN115037554A (en) | Network security protection method and system based on big data | |
| CN112765588B (en) | Identity recognition method and device, electronic equipment and storage medium | |
| CN114928452A (en) | Access request verification method, device, storage medium and server | |
| CN113783920A (en) | Method and apparatus for identifying web access portal | |
| CN114095936A (en) | Short message verification code request method, attack defense method, device, medium and equipment | |
| CN111209552A (en) | Identity authentication method and device based on user behaviors | |
| WO2016031034A1 (en) | Apparatus and method for detecting unauthorized access | |
| CN110120898B (en) | Remote webpage resource change monitoring and harm detection and identification method | |
| US11528189B1 (en) | Network device identification and categorization using behavioral fingerprints |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20220909 |