CN115333919A - Side-hung information safety monitoring method - Google Patents
Side-hung information safety monitoring method Download PDFInfo
- Publication number
- CN115333919A CN115333919A CN202210951715.XA CN202210951715A CN115333919A CN 115333919 A CN115333919 A CN 115333919A CN 202210951715 A CN202210951715 A CN 202210951715A CN 115333919 A CN115333919 A CN 115333919A
- Authority
- CN
- China
- Prior art keywords
- expected
- request
- response
- accord
- fusing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 29
- 238000000034 method Methods 0.000 title claims abstract description 24
- 230000002159 abnormal effect Effects 0.000 claims abstract description 62
- 238000001514 detection method Methods 0.000 claims abstract description 10
- 230000001960 triggered effect Effects 0.000 claims description 21
- 238000007689 inspection Methods 0.000 claims description 6
- 230000000694 effects Effects 0.000 claims description 3
- 230000009286 beneficial effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0823—Errors, e.g. transmission errors
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Environmental & Geological Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Maintenance And Management Of Digital Transmission (AREA)
Abstract
The invention provides a side-hung information safety monitoring method, which comprises the steps of establishing system interfaces according to different interfaces of different monitored service systems, and establishing an abnormal early warning rule and a fusing rule for the established system interfaces; installing Luajit plug-ins and Confd plug-ins for Nginx of different monitored service systems, acquiring request data and return data, classifying the request data and the return data according to system interface paths, acquiring classified system interfaces, and performing safety detection on the classified system interfaces. According to the invention, on the premise of not modifying the original service system code, by collecting the request data record of the Nginx interface of the service system, and referring to the preset abnormal early warning rule, the fusing rule and the IPTV supervisory system interface specification, various parameters of the system interface request are analyzed, unstable, non-compliant and unsafe system interfaces are counted, and whether the service system is safe or not is laterally reflected through the abnormal constant of the service system interface.
Description
Technical Field
The invention relates to a side-hung information safety monitoring method.
Background
With the development of IPTV services, multiple service systems are accessed to meet the increasing service requirements. The system comprises a large number of interfaces, and the stability and the compliance of the interfaces can directly influence a service system, so whether the interfaces are available or not and whether the interfaces are in compliance or not are necessary conditions for safe broadcasting.
In view of the importance of interface quality monitoring, a method which does not affect a service system and has controllable and early warning interfaces is urgently needed for ensuring the safe broadcasting of the existing network.
Disclosure of Invention
In order to solve the technical problems, the invention provides a side-hung information safety monitoring method, which realizes side-hung access to a service system on the premise of not influencing the existing architecture of the service system, and supervises, controls, pre-warns and fuses the stability and the compliance of a service system interface.
The invention is realized by the following technical scheme.
The invention provides a side-hung information safety monitoring method, which comprises the following steps:
(1) establishing system interfaces according to different interfaces of different monitored service systems, and establishing an abnormal early warning rule and a fusing rule for the established system interfaces; installing Luajit plug-ins and Confd plug-ins for Nginx of different monitored service systems, acquiring request data and return data, classifying the request data and the return data according to system interface paths, and acquiring classified system interfaces;
(2) carrying out safety detection on the classified system interface;
(3) in the safety detection, if an abnormity early warning rule is triggered, a corresponding abnormity early warning message is sent to a system interface responsible person; if the fusing rule is triggered, sending a corresponding fusing message to a system interface responsible person; if the abnormal early warning rule and the fusing rule are not triggered, safety compliance inspection is carried out on the system interface according to the IPTV monitoring system interface specification, and the fusing processing is not passed after the inspection is finished.
The step (1) is divided into the following steps:
(1.1) inputting system interface information and corresponding expected values and system interface responsible persons according to different interfaces of different monitored service systems, and creating a system interface;
(1.2) setting an abnormal early warning rule and a fusing rule for the created system interface, and sending an abnormal early warning message to a system interface responsible person when an expected value meets the abnormal early warning rule; when the expected value meets the fusing rule, directly fusing the system interface and sending a fusing message to a system interface responsible person;
(1.3) installing Luajit plug-ins and Confd plug-ins for Nginx of different monitored service systems, outputting complete request data and return data of system interfaces, and monitoring Nacos configuration;
(1.4) continuously acquiring request data and return data output by Nginx through a Filebeat component, delivering the request data and the return data to a Kafka message queue after acquisition, and storing the request data and the return data of the Kafka message queue into a cache;
and (1.5) acquiring corresponding request data and return data from the cache according to unit time configured in the Nacos, classifying according to the path of the system interface, and then carrying out system interface security check.
The expected values comprise expected request parameters, expected response time, expected response status, sensitive word matching, expected visitor IP, expected request type, expected request header, expected request protocol, expected response header;
the request data comprises a request head, a request path, a request type, a visitor IP, a request protocol and a request parameter; the return data comprises a response host IP, a response header, response parameters, a response state and response time.
When the expected value satisfies the fusing rule, all subsequent requests are rejected.
The abnormity early warning rule and the fusing rule are as follows:
triggering abnormal early warning for N times when the request parameters do not accord with the expected request parameters in unit time, and triggering fusing for M times when the request parameters do not accord with the expected request parameters;
triggering abnormal early warning for N times when the response parameters do not accord with the expected response parameters in unit time, and triggering fusing for M times when the response parameters do not accord with the expected response parameters;
triggering abnormal early warning for N times when the response time exceeds the expected response time within unit time, and triggering fusing for M times;
triggering abnormal early warning for N times when the response state does not accord with the expected response state in unit time, and triggering fusing for M times when the response state does not accord with the expected response state;
response parameters in unit time comprise sensitive words, abnormal early warning is triggered for N times, and triggering fusing is triggered for M times;
triggering abnormal early warning for N times when the IP of the visitor does not accord with the IP of the expected visitor in unit time, and triggering and fusing for M times when the IP of the visitor does not accord with the IP of the expected visitor;
triggering abnormal early warning for N times when the request type does not accord with the expected request type in unit time, and triggering fusing for M times when the request type does not accord with the expected request type;
triggering abnormal early warning for N times if the request head does not accord with the expected request head in unit time, and triggering fusing for M times if the request head does not accord with the expected request head;
triggering abnormal early warning for N times when the request protocol does not accord with the expected request protocol in unit time, and triggering fusing for M times when the request protocol does not accord with the expected request protocol;
the response head in unit time is not suitable for N times of triggering abnormal early warning of the expected response head, and is not suitable for M times of triggering fusing.
The unit time is configured in the Nacos.
The N must be less than M and N cannot equal M.
The abnormal early warning and fusing message sending modes can be configured, and can be configured as a nail message, a mail, a telephone and a short message.
The safety detection in the step (2) is performed in the following sequence:
a. judging whether the request parameters do not accord with the expected request parameters for N times or not and whether the request parameters do not accord with the expected request parameters for M times or not in the unit time period;
b. judging whether the response parameters in the unit time period are inconsistent with the expected response parameters for N times or not and judging whether the response parameters are inconsistent with the expected response parameters for M times or not;
c. judging whether the response time in the unit time period exceeds the expected response time for N times or not and whether the response time exceeds the expected response time for M times or not;
d. judging whether the response state in the unit time period does not accord with the expected response state for N times or not and whether the response state does not accord with the expected response state for M times or not;
e. judging whether the response parameters in the unit time period contain the sensitive words for N times or not and whether the response parameters contain the sensitive words for M times or not;
f. judging whether the IP of the visitor in the unit time period does not accord with the IP of the expected visitor for N times or not and whether the IP of the visitor does not accord with the IP of the expected visitor for M times or not;
g. judging whether the request type does not accord with the expected request type for N times or not and whether the request type does not accord with the expected request type for M times or not in the unit time period;
h. judging whether the request head does not conform to the expected request head for N times or not and whether the request head does not conform to the expected request head for M times or not in the unit time period;
i. judging whether the request protocol in the unit time period does not conform to the expected request protocol for N times or not and whether the request protocol does not conform to the expected request protocol for M times or not;
j. judging whether the response head does not accord with the expected response head for N times or not in a unit time period and judging whether the response head does not accord with the expected response head for M times or not;
the above unit time is the unit time configured in Nacos, and the above N and M are the number of times set in claim 5.
In the step (3), the processing steps for triggering the fusing rule are as follows:
A. calling a Nacos updating method, and automatically modifying the Nacos configuration of the monitored system;
B. after monitoring the change of the Nacos configuration, a Confd plug-in of the monitored system immediately backs up a current Nginx configuration file;
C. and modifying the Nginx configuration according to a preset Nginx configuration template, enabling the configuration to take effect, realizing the fusing of the system interface, and simultaneously sending a corresponding fusing message to a system interface responsible person according to a notification mode of the fusing rule configuration.
The invention has the beneficial effects that:
1. the stability and the compliance of an IPTV service system interface are ensured to the maximum extent, and the side-hung access service is realized on the premise of not influencing the existing architecture of a service system;
2. the method comprises the steps that original service system codes are not modified, request data records of a Nginx interface of a service system are collected, various parameters of the system interface request are analyzed according to a preset abnormal early warning rule, a fusing rule and an IPTV supervision system interface specification, unstable, non-compliant and unsafe system interfaces are counted, and whether the service system is safe or not is reflected on the side face through an abnormal constant of the service system interface;
3. and the service system interface which reaches the preset abnormal early warning rule threshold value can send abnormal early warning to corresponding staff, and the system interface which reaches the preset fusing rule threshold value and does not meet the IPTV supervision system interface specification is automatically fused and processed and notified to the corresponding staff, so that the IPTV service is prevented from being influenced by the abnormal system interface, and the IPTV broadcasting safety is ensured to the maximum extent.
Drawings
FIG. 1 is a flow chart of the present invention.
Detailed Description
The technical solution of the present invention is further described below, but the scope of the claimed invention is not limited to the described.
Example 1
As shown in fig. 1, a side-hung information security monitoring method includes the following steps:
(1) establishing system interfaces according to different interfaces of different monitored service systems, and establishing an abnormal early warning rule and a fusing rule for the established system interfaces; installing Luajit plug-ins and Confd plug-ins for Nginx of different monitored service systems, acquiring request data and return data, classifying the request data and the return data according to system interface paths, and acquiring classified system interfaces;
(2) carrying out safety detection on the classified system interface;
(3) in the safety detection, if an abnormity early warning rule is triggered, a corresponding abnormity early warning message is sent to a system interface responsible person; if the fusing rule is triggered, sending a corresponding fusing message to a system interface responsible person; if the abnormal early warning rule and the fusing rule are not triggered, safety compliance inspection is carried out on the system interface according to IPTV monitoring system interface specifications (technical document GD/J122-2021 in the broadcasting television and network audio-visual industry of the people's republic of China), and the fusing processing is not carried out after the inspection is finished.
The step (1) is divided into the following steps:
(1.1) inputting system interface information and corresponding expected values and system interface responsible persons according to different interfaces of different monitored service systems, and creating a system interface;
(1.2) setting an abnormal early warning rule and a fusing rule for the created system interface, and sending an abnormal early warning message to a system interface responsible person when an expected value meets the abnormal early warning rule; when the expected value meets the fusing rule, directly fusing the system interface and sending a fusing message to a system interface responsible person;
(1.3) installing Luajit plug-ins and Confd plug-ins for Nginx of different monitored service systems, outputting complete request data and return data of system interfaces, and monitoring Nacos configuration;
(1.4) continuously acquiring request data and return data output by Nginx through a Filebeat component, delivering the request data and the return data to a Kafka message queue after acquisition, and storing the request data and the return data of the Kafka message queue into a cache;
and (1.5) acquiring corresponding request data and return data from the cache according to unit time configured in the Nacos, classifying according to the path of the system interface, and then carrying out system interface security check.
The expected values include an expected request parameter, an expected response time, an expected response status, a sensitive word match, an expected visitor IP, an expected request type, an expected request header, an expected request protocol, an expected response header;
the request data comprises a request head, a request path, a request type, a visitor IP, a request protocol and a request parameter; the return data comprises a response host IP, a response header, response parameters, a response state and response time.
When the expected value satisfies the fusing rule, all subsequent requests are rejected.
The abnormity early warning rule and the fusing rule are as follows:
triggering abnormal early warning for N times when the request parameters do not accord with the expected request parameters in unit time, and triggering fusing for M times when the request parameters do not accord with the expected request parameters;
triggering abnormal early warning for N times when the response parameters do not accord with the expected response parameters in unit time, and triggering fusing for M times when the response parameters do not accord with the expected response parameters;
triggering abnormal early warning for N times when the response time exceeds the expected response time within unit time, and triggering fusing for M times;
triggering abnormal early warning for N times when the response state does not accord with the expected response state in unit time, and triggering fusing for M times when the response state does not accord with the expected response state;
response parameters in unit time comprise sensitive words, abnormal early warning is triggered N times, and triggering fusing is triggered M times;
triggering abnormal early warning for N times when the IP of the visitor does not accord with the IP of the expected visitor in unit time, and triggering and fusing for M times when the IP does not accord with the IP of the expected visitor;
triggering abnormal early warning for N times when the request type does not accord with the expected request type in unit time, and triggering fusing for M times when the request type does not accord with the expected request type;
triggering abnormal early warning for N times when the request head does not accord with the expected request head in unit time, and triggering fusing for M times when the request head does not accord with the expected request head;
triggering abnormal early warning for N times when the request protocol does not conform to the expected request protocol in unit time, and triggering and fusing for M times when the request protocol does not conform to the expected request protocol;
the response head does not accord with the expected response head in unit time, triggers abnormal early warning for N times, and does not accord with triggering fusing for M times.
The unit time is configured in the Nacos.
The N must be less than M and N cannot equal M.
The abnormal early warning and fusing message sending modes can be configured, and can be configured as a nail message, a mail, a telephone and a short message.
The safety detection in the step (2) is performed in the following sequence:
a. judging whether the request parameters do not accord with the expected request parameters for N times or not and whether the request parameters do not accord with the expected request parameters for M times or not in the unit time period;
b. judging whether the response parameters in the unit time period do not accord with the expected response parameters for N times or not and whether the response parameters do not accord with the expected response parameters for M times or not;
c. judging whether the response time in the unit time period exceeds the expected response time for N times or not and whether the response time exceeds the expected response time for M times or not;
d. judging whether the response state in the unit time period is inconsistent with the expected response state for N times or not, and judging whether the response state is inconsistent with the expected response state for M times or not;
e. judging whether the response parameters in the unit time period contain the sensitive words for N times or not and whether the response parameters contain the sensitive words for M times or not;
f. judging whether the IP of the visitor does not accord with the IP of the expected visitor for N times or not in the unit time period, and judging whether the IP of the visitor does not accord with the IP of the expected visitor for M times or not;
g. judging whether the request type does not accord with the expected request type for N times or not and whether the request type does not accord with the expected request type for M times or not in the unit time period;
h. judging whether the request head does not conform to the expected request head for N times or not and whether the request head does not conform to the expected request head for M times or not in the unit time period;
i. judging whether the request protocol in the unit time period does not conform to the expected request protocol for N times or not and whether the request protocol does not conform to the expected request protocol for M times or not;
j. judging whether the response head does not accord with the expected response head for N times or not in a unit time period and judging whether the response head does not accord with the expected response head for M times or not;
the above unit time is the unit time configured in Nacos, and the above N and M are the number of times set in claim 5.
In the step (3), the processing steps for triggering the fusing rule are as follows:
A. calling a Nacos updating method, and automatically modifying the Nacos configuration of the monitored system;
B. after monitoring the change of the Nacos configuration, a Confd plug-in of the monitored system immediately backs up a current Nginx configuration file;
C. and modifying the Nginx configuration according to a preset Nginx configuration template, enabling the configuration to take effect, realizing the fusing of the system interface, and simultaneously sending a corresponding fusing message to a system interface responsible person according to a notification mode of the fusing rule configuration.
Example 2
The technical solution of example 1 is adopted, and:
when the system interface is in a dangerous state, the fusing rule is triggered, and all subsequent requests are rejected.
Example 3
The technical solution of example 1 is adopted, and:
the request parameter in unit time is not in accordance with the expected request parameter, triggers abnormal early warning for N times, and is not in accordance with triggering fusing for M times, for example: and the request parameters are not in accordance with the abnormal expected request parameters within 10 seconds, and the abnormal early warning is triggered for 3 times, and the fusing is triggered for 10 times.
Example 4
The technical solution of embodiment 1 is adopted, and:
the response parameter in unit time is not in accordance with the expected response parameter, and the abnormal early warning is triggered for N times, and is not in accordance with the triggering fusing for M times, for example: and the response parameters are not in accordance with the expected response parameters within 30 seconds, 5 times of trigger abnormal early warning is carried out, and 50 times of trigger fusing is not performed.
Example 5
The technical solution of example 1 is adopted, and:
the response time in unit time exceeds the expected response time N times to trigger abnormal early warning, and exceeds M times to trigger fusing, for example: and the response time exceeds the expected response time within 1 minute, the abnormity early warning is triggered for 10 times, and the fusing is triggered for 30 times.
Example 6
The technical solution of example 1 is adopted, and:
the method comprises the steps of installing Luajit plug-ins for Nginx of a monitored service system, realizing Nginx reverse proxy, outputting complete request content (comprising a request head, a request path, a request type, a visitor IP, a request protocol and a request parameter) and return content (comprising a response host IP, a response head, a response parameter, a response state and response time) of a system interface, installing Confd plug-ins for the monitored service system, and monitoring Nacos configuration, thereby realizing side-hanging monitoring.
And the request content and the return content are in a JSON format.
Claims (10)
1. A side-hung information safety monitoring method is characterized in that: the method comprises the following steps:
(1) establishing system interfaces according to different interfaces of different monitored service systems, and establishing an abnormal early warning rule and a fusing rule for the established system interfaces; installing Luajit plug-ins and Confd plug-ins for Nginx of different monitored service systems, acquiring request data and return data, classifying the request data and the return data according to system interface paths, and acquiring classified system interfaces;
(2) carrying out safety detection on the classified system interface;
(3) in the safety detection, if an abnormity early warning rule is triggered, a corresponding abnormity early warning message is sent to a system interface responsible person; if the fusing rule is triggered, sending a corresponding fusing message to a system interface responsible person; if the abnormal early warning rule and the fusing rule are not triggered, safety compliance inspection is carried out on the system interface according to the IPTV monitoring system interface specification, and the fusing processing is not passed after the inspection is finished.
2. The side-hung information security monitoring method as claimed in claim 1, wherein: the step (1) is divided into the following steps:
(1.1) inputting system interface information and corresponding expected values and system interface responsible persons according to different interfaces of different monitored service systems, and creating a system interface;
(1.2) setting an abnormal early warning rule and a fusing rule for the created system interface, and sending an abnormal early warning message to a system interface responsible person when an expected value meets the abnormal early warning rule; when the expected value meets the fusing rule, directly fusing the system interface and sending a fusing message to a system interface responsible person;
(1.3) installing Luajit plug-ins and Confd plug-ins for Nginx of different monitored service systems, outputting complete request data and return data of system interfaces, and monitoring Nacos configuration;
(1.4) continuously acquiring request data and return data output by Nginx through a Filebeat component, delivering the request data and the return data to a Kafka message queue after acquisition, and storing the request data and the return data of the Kafka queue into a cache;
and (1.5) acquiring corresponding request data and return data from the cache according to unit time configured in the Nacos, classifying according to the path of the system interface, and then carrying out system interface security check.
3. The side-hung information security monitoring method as claimed in claim 2, characterized in that: the expected values include an expected request parameter, an expected response time, an expected response status, a sensitive word match, an expected visitor IP, an expected request type, an expected request header, an expected request protocol, an expected response header;
the request data comprises a request head, a request path, a request type, a visitor IP, a request protocol and a request parameter; the return data includes response host IP, response header, response parameters, response status and response time.
4. A side-hung information security monitoring method as claimed in claim 1, characterized in that: when the expected value satisfies the fusing rule, all subsequent requests are rejected.
5. A side-hung information security monitoring method as claimed in claim 1, characterized in that: the abnormity early warning rule and the fusing rule are as follows:
triggering abnormal early warning for N times when the request parameters do not accord with the expected request parameters in unit time, and triggering fusing for M times when the request parameters do not accord with the expected request parameters;
triggering abnormal early warning for N times when the response parameters do not accord with the expected response parameters in unit time, and triggering fusing for M times when the response parameters do not accord with the expected response parameters;
triggering abnormal early warning for N times when the response time exceeds the expected response time within unit time, and triggering fusing for M times;
triggering abnormal early warning for N times when the response state does not accord with the expected response state in unit time, and triggering fusing for M times when the response state does not accord with the expected response state;
response parameters in unit time comprise sensitive words, abnormal early warning is triggered N times, and triggering fusing is triggered M times;
triggering abnormal early warning for N times when the IP of the visitor does not accord with the IP of the expected visitor in unit time, and triggering and fusing for M times when the IP does not accord with the IP of the expected visitor;
triggering abnormal early warning for N times when the request type does not accord with the expected request type in unit time, and triggering fusing for M times when the request type does not accord with the expected request type;
triggering abnormal early warning for N times when the request head does not accord with the expected request head in unit time, and triggering fusing for M times when the request head does not accord with the expected request head;
triggering abnormal early warning for N times when the request protocol does not accord with the expected request protocol in unit time, and triggering fusing for M times when the request protocol does not accord with the expected request protocol;
the response head does not accord with the expected response head in unit time, triggers abnormal early warning for N times, and does not accord with triggering fusing for M times.
6. The side-hung information security monitoring method as claimed in claim 5, wherein: the unit time is configured in the Nacos.
7. A side-hung information security monitoring method as claimed in claim 5, characterized in that: the N must be less than M and N cannot equal M.
8. A side-hung information security monitoring method as claimed in claim 1, characterized in that: the abnormal early warning and fusing message sending modes can be configured and can be configured as a nail message, a mail, a telephone and a short message.
9. The side-hung information security monitoring method as claimed in claim 1, wherein: the safety detection in the step (2) is performed in the following sequence:
a. judging whether the request parameters do not accord with the expected request parameters for N times or not and whether the request parameters do not accord with the expected request parameters for M times or not in the unit time period;
b. judging whether the response parameters in the unit time period do not accord with the expected response parameters for N times or not and whether the response parameters do not accord with the expected response parameters for M times or not;
c. judging whether the response time in the unit time period exceeds the expected response time for N times or not and whether the response time exceeds the expected response time for M times or not;
d. judging whether the response state in the unit time period does not accord with the expected response state for N times or not and whether the response state does not accord with the expected response state for M times or not;
e. judging whether the response parameters in the unit time period contain the sensitive words for N times or not and whether the response parameters contain the sensitive words for M times or not;
f. judging whether the IP of the visitor does not accord with the IP of the expected visitor for N times or not in the unit time period, and judging whether the IP of the visitor does not accord with the IP of the expected visitor for M times or not;
g. judging whether the request type does not accord with the expected request type for N times or not and whether the request type does not accord with the expected request type for M times or not in the unit time period;
h. judging whether the request head does not conform to the expected request head for N times or not and whether the request head does not conform to the expected request head for M times or not in the unit time period;
i. judging whether the request protocol in unit time period does not conform to the expected request protocol for N times or not and whether the request protocol does not conform to the expected request protocol for M times or not;
j. judging whether the response head does not accord with the expected response head for N times or not in a unit time period and judging whether the response head does not accord with the expected response head for M times or not;
the above unit time is the unit time configured in Nacos, and the above N and M are the number of times set in claim 5.
10. The side-hung information security monitoring method as claimed in claim 1, wherein: in the step (3), the processing steps for triggering the fusing rule are as follows:
A. calling a Nacos updating method, and automatically modifying the Nacos configuration of the monitored system;
B. after monitoring the change of the Nacos configuration, a Confd plug-in of the monitored system immediately backs up a current Nginx configuration file;
C. according to a preset Nginx configuration template, modifying Nginx configuration, enabling the configuration to take effect, achieving fusing of a system interface, and meanwhile, according to a notification mode of fusing rule configuration, sending a corresponding fusing message to a system interface principal.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210951715.XA CN115333919B (en) | 2022-08-09 | 2022-08-09 | Side-hanging type information safety monitoring method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210951715.XA CN115333919B (en) | 2022-08-09 | 2022-08-09 | Side-hanging type information safety monitoring method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115333919A true CN115333919A (en) | 2022-11-11 |
CN115333919B CN115333919B (en) | 2023-11-07 |
Family
ID=83921189
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210951715.XA Active CN115333919B (en) | 2022-08-09 | 2022-08-09 | Side-hanging type information safety monitoring method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115333919B (en) |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH05146038A (en) * | 1991-11-19 | 1993-06-11 | Toshiba Corp | Interface power supply monitoring device |
JPH05176370A (en) * | 1991-12-24 | 1993-07-13 | Matsushita Electric Works Ltd | Multiplex transmission interface circuit |
JP2001258145A (en) * | 2000-03-10 | 2001-09-21 | Toshiba Corp | Protective relay system |
JP2003044324A (en) * | 2001-07-30 | 2003-02-14 | Fujitsu Access Ltd | Method, device and program for confirming abnormality detection |
CN108345527A (en) * | 2017-12-29 | 2018-07-31 | 广州品唯软件有限公司 | A kind of interface enters the analysis monitoring method and system of ginseng |
CN110445688A (en) * | 2019-08-12 | 2019-11-12 | 珠海格力电器股份有限公司 | Interface service function monitoring method and system based on data collection |
CN110569178A (en) * | 2019-09-12 | 2019-12-13 | 成都中科大旗软件股份有限公司 | interface early warning method and system based on big data platform |
CN111104213A (en) * | 2019-12-25 | 2020-05-05 | 上海众源网络有限公司 | Method and device for adjusting fusing |
CN111274094A (en) * | 2020-02-04 | 2020-06-12 | 上海携程商务有限公司 | Interface early warning method, system, equipment and storage medium |
CN111787073A (en) * | 2020-06-18 | 2020-10-16 | 多加网络科技(北京)有限公司 | Current-limiting fusing platform and method for unified service |
CN112783730A (en) * | 2021-01-29 | 2021-05-11 | 好活(昆山)网络科技有限公司 | Interface monitoring method, device, medium and electronic equipment |
-
2022
- 2022-08-09 CN CN202210951715.XA patent/CN115333919B/en active Active
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH05146038A (en) * | 1991-11-19 | 1993-06-11 | Toshiba Corp | Interface power supply monitoring device |
JPH05176370A (en) * | 1991-12-24 | 1993-07-13 | Matsushita Electric Works Ltd | Multiplex transmission interface circuit |
JP2001258145A (en) * | 2000-03-10 | 2001-09-21 | Toshiba Corp | Protective relay system |
JP2003044324A (en) * | 2001-07-30 | 2003-02-14 | Fujitsu Access Ltd | Method, device and program for confirming abnormality detection |
CN108345527A (en) * | 2017-12-29 | 2018-07-31 | 广州品唯软件有限公司 | A kind of interface enters the analysis monitoring method and system of ginseng |
CN110445688A (en) * | 2019-08-12 | 2019-11-12 | 珠海格力电器股份有限公司 | Interface service function monitoring method and system based on data collection |
CN110569178A (en) * | 2019-09-12 | 2019-12-13 | 成都中科大旗软件股份有限公司 | interface early warning method and system based on big data platform |
CN111104213A (en) * | 2019-12-25 | 2020-05-05 | 上海众源网络有限公司 | Method and device for adjusting fusing |
CN111274094A (en) * | 2020-02-04 | 2020-06-12 | 上海携程商务有限公司 | Interface early warning method, system, equipment and storage medium |
CN111787073A (en) * | 2020-06-18 | 2020-10-16 | 多加网络科技(北京)有限公司 | Current-limiting fusing platform and method for unified service |
CN112783730A (en) * | 2021-01-29 | 2021-05-11 | 好活(昆山)网络科技有限公司 | Interface monitoring method, device, medium and electronic equipment |
Non-Patent Citations (3)
Title |
---|
佘世洲;: "供电企业信息安全集中监测预警体系探索与实践", 计算机安全, no. 12 * |
刘辉1: "一种多方式融合的载人设备运行参数监测方法", 《中国特种设备安全》 * |
赵琦;王丽花;樊丽娟;: "制药企业复杂信息系统信息集成服务接口管理设计", 中国医药工业杂志, no. 02 * |
Also Published As
Publication number | Publication date |
---|---|
CN115333919B (en) | 2023-11-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7657627B2 (en) | System and program product for throttling events in an information technology system | |
US20150120914A1 (en) | Service monitoring system and service monitoring method | |
CN112953971A (en) | Network security traffic intrusion detection method and system | |
CN110705834B (en) | Industrial and mining enterprise dangerous state identification method | |
CN110224865A (en) | A kind of log warning system based on Stream Processing | |
CN108923972B (en) | Weight-reducing flow prompting method, device, server and storage medium | |
CN110598423B (en) | Database account management method | |
CN110929896A (en) | Security analysis method and device for system equipment | |
CN112954031B (en) | Equipment state notification method based on cloud mobile phone | |
CN108600776A (en) | The system and method for safe Broadcast Control | |
CN112329688B (en) | Intelligent risk management and control system for public places | |
CN110035087A (en) | A kind of method, apparatus, equipment and storage medium from flow reduction account information | |
CN113672475B (en) | Alarm processing method and device, computer equipment and storage medium | |
CN111405501A (en) | Video color ring back tone service abnormity detection method and device, electronic equipment and storage medium | |
CN106911510A (en) | The availability monitoring system and method for network admittance system | |
CN113723349A (en) | Elevator real-time monitoring method, device, system and server | |
CN115333919A (en) | Side-hung information safety monitoring method | |
CN111741007B (en) | Financial business real-time monitoring system and method based on network layer message analysis | |
CN114143036A (en) | Alarm method, device, equipment and computer storage medium | |
CN109617795B (en) | Method and system for sending message | |
CN116634093A (en) | Method, system and storage medium for multifunctional online communication and conference | |
CN111498630B (en) | Remote elevator inspection video auxiliary diagnosis method | |
CN111666178A (en) | Safety monitoring method and system | |
CN110213302A (en) | A kind of method, computer-readable medium and system pushing welcome's message | |
CN112583817B (en) | Network oscillation monitoring and early warning method, device and medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |