CN115603993A - White list processing method and device and electronic equipment - Google Patents

White list processing method and device and electronic equipment Download PDF

Info

Publication number
CN115603993A
CN115603993A CN202211227711.3A CN202211227711A CN115603993A CN 115603993 A CN115603993 A CN 115603993A CN 202211227711 A CN202211227711 A CN 202211227711A CN 115603993 A CN115603993 A CN 115603993A
Authority
CN
China
Prior art keywords
target
white list
determining
white
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211227711.3A
Other languages
Chinese (zh)
Inventor
迟爽
高建华
骆更
李保昌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202211227711.3A priority Critical patent/CN115603993A/en
Publication of CN115603993A publication Critical patent/CN115603993A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/29Flow control; Congestion control using a combination of thresholds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a white list processing method and device and electronic equipment. Relates to the field of artificial intelligence, and the method comprises the following steps: acquiring a white list used by each target application in a target unit to obtain a plurality of white lists, wherein the white lists comprise information of objects allowing access to the current target application, and the target unit consists of a plurality of gray servers corresponding to the target applications; determining a target white list based on the service type of the target service and a plurality of white lists; and screening the flow for accessing the target service based on the target white list to obtain the target flow, and routing the target flow to the target unit. The invention solves the technical problem of low application working efficiency caused by different white lists adopted by different applications in the same service scene when the gray scale is released in the related technology.

Description

White list processing method and device and electronic equipment
Technical Field
The invention relates to the field of artificial intelligence, in particular to a white list processing method and device and electronic equipment.
Background
With the transition of the IT architecture, the operation and maintenance unitization is the key to the promotion of the operation and maintenance system. The unitized architecture is an enterprise-level application deployment architecture which is gradually popular in the internet industry, the architecture is oriented to a group of users, main business services required by the users are cohesively deployed in a deployment unit, the related flow of customer transaction can be closed to the maximum extent in the unit, unnecessary cross-unit and cross-park access can be greatly reduced, the fault explosion radius can be effectively controlled in a regional fault scene, the switching flexibility is improved while the switching granularity is reduced, the network delay loss caused by the distance of a data center is effectively overcome, and the adaptability of the application to the position of the data center is greatly improved. The wider the service coverage of the unitized architecture, the larger the transaction amount of the closed loop in the unit, and the more remarkable the gains in fault isolation and emergency switching.
The scenes of gray release are largely used in IT operation and maintenance, so that the application can be quickly online, and the application white list plays an irreplaceable role in gray release. The unitized background relates to a long data link scene of multiple applications, each application realizes and manages a white list independently, the realization efficiency is low, complex and disordered data links are easily caused, the switching configuration management is difficult, and the operation and maintenance difficulty is greatly increased.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The embodiment of the invention provides a white list processing method and device and electronic equipment, and aims to at least solve the technical problem of low application working efficiency caused by different white lists adopted by different applications in the same service scene when gray scale release is performed in the related art.
According to an aspect of the embodiments of the present invention, a white list processing method is provided, in which a plurality of target applications corresponding to a target service adopt a unitized architecture, including: the method comprises the steps of obtaining a white list used by each target application in a target unit to obtain a plurality of white lists, wherein the white lists comprise information of objects allowing access to the current target application, and the target unit is composed of a plurality of gray servers corresponding to the target applications; determining a target white list based on the service type of the target service and a plurality of white lists; and screening the flow for accessing the target service based on the target white list to obtain the target flow, and routing the target flow to the target unit.
Further, the white list processing method further includes: carrying out format conversion on the object identification contained in each white list to obtain at least one object identification to be processed, and determining the converted white list based on the at least one object identification to be processed; and determining the target white list based on the service type of the target service and the converted white list.
Further, the white list processing method further includes: determining a target screening rule based on the service type of the target service; determining at least one target object identifier based on the target screening rule and the converted white list; a target white list is determined based on at least one target object identification.
Further, the white list processing method further includes at least one of the following steps: taking a union set of the identifiers of the objects to be processed contained in the white lists after the conversion; taking intersection of the identifications of the objects to be processed contained in the converted white lists; and acquiring a priority value corresponding to each object identifier to be processed, and screening at least one object identifier to be processed based on the priority value, wherein the priority value represents the importance degree of the object corresponding to the object identifier to be processed to the target service.
Further, the white list processing method further includes: determining a target threshold value based on a first target data volume and a preset threshold value, wherein the first target data volume is a data volume corresponding to the traffic received by a target unit in a target time range, and the maximum time length of the target time range from the current time is less than the target time length; and determining the object identifier to be processed corresponding to the priority value smaller than the target threshold as the target object identifier.
Further, the processing method of the white list further includes any one of the following: determining a target threshold value based on a first threshold value, a first target data volume and a second target data volume, wherein the second target data volume is a data volume corresponding to the highest flow rate allowed to be received by a target unit in a preset time range, the preset threshold value comprises the first threshold value and a second threshold value, and the second threshold value is greater than the first threshold value; determining a target threshold based on the second threshold and the first target data amount; the target threshold is determined based on the first threshold, the second threshold, the first target amount of data, and the second target amount of data.
Further, the white list processing method further includes: setting a target label for the target flow to obtain the processed target flow; and routing the processed target traffic to the target unit.
According to another aspect of the embodiments of the present invention, there is also provided a white list processing apparatus, including: the system comprises an acquisition module, a display module and a display module, wherein the acquisition module is used for acquiring a white list used by each target application in a target unit to obtain a plurality of white lists, the white lists comprise information of objects allowing access to the current target application, and the target unit consists of a plurality of gray servers corresponding to the target applications; the determining module is used for determining a target white list based on the service type of the target service and a plurality of white lists; and the processing module is used for screening the flow for accessing the target service based on the target white list to obtain the target flow and routing the target flow to the target unit.
According to another aspect of the embodiments of the present invention, there is also provided a computer-readable storage medium, in which a computer program is stored, where the computer program is configured to execute the white list processing method described above when the computer program runs.
According to another aspect of the embodiments of the present invention, there is also provided an electronic device, including one or more processors; a memory for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement a processing method for running the program, wherein the program is arranged to perform the white-listing processing method described above when run.
In the embodiment of the invention, a unified white list is adopted to check the flow entering the target unit, a plurality of white lists are obtained by obtaining the white list used by each target application in the target unit, and then the target white list is determined based on the service type of the target service and the white lists, so that the flow accessing the target service is screened based on the target white list, the target flow is obtained, and the target flow is routed to the target unit. The white list comprises information of objects allowing access to the current target application, and the target unit is composed of a plurality of gray servers corresponding to the target application.
In the above process, in the related art, different target applications have respective white lists in the same unit (i.e., the same data link dimension), and the flow for accessing the target applications is checked through the respective white lists, so that the target white lists are determined based on the service type of the target service and the white lists corresponding to the target applications, and the uniformity of the white lists used by the applications corresponding to the target service is realized, that is, the objects recorded in the target white lists can access all the applications in the target unit. Furthermore, before the flow accessing the target service enters the target unit, the flow is screened through the target white list, so that the operation that each application in the target unit needs to be subjected to white list check is avoided, the data full link of the target unit is checked at one time through single calculation, the operation steps of each application are reduced, and the working efficiency of each application is improved.
Therefore, the scheme provided by the application achieves the purpose of checking the flow entering the target unit by adopting the uniform white list, thereby realizing the technical effect of improving the working efficiency of the application, and further solving the technical problem of low working efficiency of the application caused by different white lists adopted by different applications in the same service scene when the gray scale is released in the related technology.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention and do not constitute a limitation of the invention. In the drawings:
FIG. 1 is a schematic diagram of an alternative white list processing method according to an embodiment of the present invention;
FIG. 2 is a flow chart of an alternative method of processing a white list according to an embodiment of the present invention;
FIG. 3 is a diagram illustrating an alternative white list processing method according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of an alternative apparatus for processing a white list according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of an alternative electronic device according to an embodiment of the invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in other sequences than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
First, some terms or terms appearing in the description of the embodiments of the present application are applicable to the following explanations:
a unit: the deployment unit of the unitized application service product layer refers to a self-contained set capable of completing all business operations, and all services required by all businesses and data allocated to the unit are contained in the set.
The unit structure comprises: the unit is used as a basic unit for deployment, a plurality of units are deployed in all the total stations, the number of the units in each station is not fixed, any unit deploys all applications required by the system, and data is a part of the total data divided according to a certain dimension.
It should be noted that, the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data for presentation, analyzed data, etc.) referred to in the present disclosure are information and data authorized by the user or sufficiently authorized by each party.
Example 1
While certain embodiments of the invention may be described in terms of a method for white list processing, it should be appreciated that steps illustrated in the flowcharts of the figures may be implemented in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowcharts, in some cases, steps illustrated or described may be performed in an order different than presented herein.
Fig. 1 is a schematic diagram of a processing method for a selectable white list according to an embodiment of the present invention, and as shown in fig. 1, a plurality of target applications corresponding to a target service in the method adopt a unitized architecture, including the following steps:
step S101, a white list used by each target application in a target unit is obtained, a plurality of white lists are obtained, wherein the white lists comprise information of objects allowing access to the current target application, and the target unit is composed of a plurality of gray servers corresponding to the target applications.
Optionally, the present invention performs unified management of an intelligent algorithm on a long-link different white list related to multiple application interactions in a unitized background. Specifically, the foregoing unitized architecture will first be described. The unitized architecture is to deploy a plurality of units in all total stations by using the unit as a basic unit for deployment, where the number of units in each station may be one or more, and in terms of another, all servers in the station may be used as one unit, or all servers in the station may be divided into a plurality of units. In a popular way, the applications deployed in each unit are the same, each unit has the capability of completing the related service, and each unit only bears a part of service flow of the whole service during operation.
In step S101, a white list used in the target unit by each target application may be obtained through an electronic device, a server, an application system, and the like, and in this embodiment, a white list used in the target unit by each target application is obtained through a white list processing system. Optionally, the target service may be processed based on multiple machine rooms, where multiple applications corresponding to the target service are deployed in the multiple machine rooms, and each machine room may be used as a unit, where each unit processes a part of service traffic of the target service, and different units process different parts of service traffic of the target service. The white list comprises information of objects allowing access to the current target application, the information of the objects at least comprises object identifications of the objects, and the object identifications are used for representing the identities of the objects.
Optionally, in the related art, in the same unit (that is, the same data link dimension), different target applications have respective white lists, and the flow accessing the target applications is respectively checked through the respective white lists, so that the white list processing system may obtain the white list used by each target application sent by the target unit in the target unit. The target unit is a gray scale unit in a plurality of units corresponding to the target service, is composed of a plurality of gray scale servers corresponding to the target application, namely is composed of servers with gray scale versions of the target application, and is used for processing the flow of gray scale users of the target service to perform gray scale testing and realize quick online of the new version of the target application. The information about the grayscale user is recorded in the white list. It should be noted that the target service may correspond to a plurality of gray scale units, and the target unit may be any one of the plurality of gray scale units, and in addition, the present application may also be applicable to other scenes that also need a user white list, and is not limited to a gray scale distribution scene, that is, according to different actual scenes, the target unit may also be a non-gray scale unit.
Step S102, based on the service type of the target service and a plurality of white lists, determining a target white list.
In step S102, the white list processing system may determine a corresponding intelligent policy algorithm based on the service type of the target service, so as to filter the objects recorded in the multiple white lists, to obtain filtered objects, and thereby determine the target white list based on the filtered objects, where the target white list includes information of objects that allow access to multiple target applications in the target unit, that is, the objects recorded in the target white list may access all applications in the target unit. The intelligent policy algorithm may be to extract a union set or an intersection set from objects recorded in the multiple white lists to generate a static white list in the following, or to filter the objects recorded in the multiple white lists according to the traffic monitoring in the unit to generate a dynamic adjustment white list in the following.
It should be noted that the target white list is determined based on the service type of the target service and the plurality of white lists, so that the white lists used by the applications corresponding to the target service are unified.
Step S103, the flow of the access target service is screened based on the target white list to obtain the target flow, and the target flow is routed to the target unit.
In step S103, after the target white list is determined, as shown in fig. 2, the white list processing system may perform inspection at a traffic entrance of the target unit based on the target white list to screen traffic accessing the target service, so as to obtain the target traffic, so as to route the target traffic into the target unit, and implement a grayscale server forwarding function in grayscale publishing. The target flow consists of access requests initiated by objects recorded by a target white list.
It should be noted that, since the object recorded in the target white list can access all applications in the target unit, the traffic accessing the target service is screened through the target white list before entering the target unit, so that the operation that each application in the target unit needs to perform white list check is avoided, thereby reducing the operation steps of each application, improving the work efficiency of each application, and realizing the data full link of the target unit checked once through single calculation.
Based on the solutions defined in steps S101 to S103, it can be known that, in the embodiment of the present invention, a unified white list is used to check traffic entering a target unit, a plurality of white lists are obtained by obtaining a white list used by each target application in the target unit, and then the target white list is determined based on the service type of the target service and the plurality of white lists, so that traffic accessing the target service is screened based on the target white list, a target traffic is obtained, and the target traffic is routed to the target unit. The white list comprises information of objects allowing access to the current target application, and the target unit is composed of a plurality of gray servers corresponding to the target application.
It is easy to note that, in the above process, in the related art, different target applications have respective white lists in the same unit (i.e., the same data link dimension), and the flow for accessing the target applications is checked through the respective white lists, so that the target white lists are determined based on the service types of the target services and the white lists corresponding to the target applications, so that the white lists used by the applications corresponding to the target services are unified, that is, the objects recorded in the target white lists can access all the applications in the target unit. Furthermore, before the traffic accessing the target service enters the target unit, the traffic is screened through the target white list, so that the operation that each application in the target unit needs to be checked through the white list is avoided, the data full link of the target unit is checked at one time through single calculation, the operation steps of each application are reduced, and the working efficiency of each application is improved.
Therefore, the scheme provided by the application achieves the purpose of checking the flow entering the target unit by adopting the uniform white list, thereby realizing the technical effect of improving the working efficiency of the application, and further solving the technical problem of low working efficiency of the application caused by different white lists adopted by different applications in the same service scene when the gray scale is released in the related technology.
In an optional embodiment, in the process of determining the target white list based on the service type of the target service and the plurality of white lists, the white list processing system may perform format conversion on the object identifier included in each white list to obtain at least one object identifier to be processed, determine the converted white list based on the at least one object identifier to be processed, and then determine the target white list based on the service type of the target service and the converted white list.
Optionally, since the white lists of different applications originally have different forms, that is, the types of the object identifiers included in the white lists are different, for example, the types may be a client number, an ip, an application account, and the like, as shown in fig. 2, after the white list used by each target application in the target unit is obtained, the white lists of different forms need to be unified first. In particular, since the route forwarding function in the unitized scenario is mainly based on the form of the customer code, the white lists of different applications are all converted into customer codes. For example, a white list is an application account, and may be based on a related application (e.g., unified authentication number application and personal client information application), perform fast matching calculation using (hash mapping) HashMap, obtain a client code (i.e., the foregoing to-be-processed object identifier), determine a new white list (i.e., the foregoing converted white list) based on the queried client code, and place the converted white list into a related cache application (e.g., redis (Remote Dictionary service) of the white list processing system. The related application at least is used for determining the corresponding relation between the client code and other forms of client identifications.
Further, the target white list may be determined based on the service type of the target service and the converted white list.
It should be noted that, because the white lists of different applications have different forms, the data in the white list is subjected to format conversion first, and then the target white list is determined based on the white list with a unified format, so that data redundancy caused by the fact that different identifiers of the same user appear in the target white list at the same time is avoided, and meanwhile, the target white list is convenient to use subsequently, thereby further improving the working efficiency.
In an alternative embodiment, in the process of determining the target white list based on the service type of the target service and the converted white list, the white list processing system may determine the target screening rule based on the service type of the target service, and then determine at least one target object identifier based on the target screening rule and the converted white list, so as to determine the target white list based on the at least one target object identifier.
Optionally, as shown in fig. 2, a plurality of filtering rules (that is, the foregoing intelligent policy algorithm) may be preset in the white list processing system, and different filtering rules correspond to different service types, and the white list processing system may determine, based on a service type of a target service, a target filtering rule corresponding to the target service from the plurality of filtering rules, then determine, based on the target filtering rule, at least one target object identifier from the identifiers of the objects to be processed included in the converted white list, and further determine the target white list based on the at least one target object identifier. Wherein the plurality of screening rules may be managed based on a policy Manager (Strategy Manager) in the white list processing system.
It should be noted that, the target white list is determined by determining the target screening rule based on the service type of the target service, so that the white list for different service applications can be processed in a targeted manner, and the accuracy of determining the target white list in the present application is improved.
In an alternative embodiment, the target screening rule includes at least one of: taking a union set of the identifiers of the objects to be processed contained in the white lists after the conversion; taking intersection from the identifiers of the objects to be processed contained in the converted white lists; and acquiring a priority value corresponding to each object identifier to be processed, and screening at least one object identifier to be processed based on the priority value, wherein the priority value represents the importance degree of the object corresponding to the object identifier to be processed to the target service.
Optionally, according to different service scenarios, the target screening rule may include only one type of rule, or may include multiple types of rules, and when the target screening rule includes multiple types of rules, the usage time of each type of rule may also be different according to different service scenarios.
Alternatively, the target whitelist may be divided into two types, a static whitelist and a dynamic whitelist. The first type of static white list may be obtained in a case where the to-be-processed object identifications included in the plurality of converted white lists are merged, and the second type of static white list may be obtained in a case where the to-be-processed object identifications included in the plurality of converted white lists are merged. And under the condition of obtaining the priority value corresponding to each object identifier to be processed and screening at least one object identifier to be processed based on the priority value, obtaining a static white list or a dynamic white list of a third type.
Specifically, the process of obtaining the priority value corresponding to each identifier of the object to be processed and screening at least one identifier of the object to be processed based on the priority value is specifically described. Optionally, the white list processing system may be preset with a corresponding relationship between each user identifier (i.e., the foregoing object identifier) and a priority value, for example, for a financial institution, the VIP client has a low priority value, the common client has a relatively high priority value, and the priority value of a client not belonging to any white list application is directly set to be greater than a relevant threshold value. Further, after obtaining the priority value corresponding to each identifier of the object to be processed, the white list processing system may compare the priority value corresponding to each identifier of the object to be processed with the relevant threshold, and filter at least one identifier of the object to be processed based on the comparison result. For example, an object identifier having a priority value lower than the correlation threshold is determined as a target object identifier, and an object identifier having a priority value greater than or equal to the correlation threshold is determined as a non-target object identifier. The correlation threshold may be fixed or dynamically adjusted, and optionally, the correlation threshold may be dynamically adjusted according to the flow monitoring in the target unit.
It should be noted that, by setting various rules, enrichment of the target white list determination method is achieved, and therefore the applicability of the application is improved.
In an optional embodiment, in the process of screening at least one to-be-processed object identifier based on priority values, as shown in fig. 3, the method includes the following steps:
step S301: and determining a target threshold value based on the first target data amount and a preset threshold value. The first target data volume is a data volume corresponding to the traffic received by the target unit in the target time range, and the maximum time length of the target time range from the current time is less than the target time length.
Optionally, in step S301, as shown in fig. 2, the white list processing system may monitor traffic entering the target unit in real time, and determine a data amount corresponding to the traffic received by the target unit in each time period, where time lengths corresponding to different time periods are the same. In the current time period, the white list processing system may determine the target threshold value based on the flow rate of the previous time period and the preset threshold value by using the relevant mathematical model, so as to determine the dynamic threshold value. The flow rate of the previous time period is the first target data volume, and the target threshold and the first target data volume are an inverse correlation algorithm, that is, the higher the first target data volume is, the lower the target threshold is. It should be noted that, by calculating the target threshold and the first target data amount through an anti-correlation algorithm, when the traffic of the previous time period is higher, the number of identifiers of the object to be processed satisfying the threshold in the current time period is smaller, so that the traffic put in the white list is smaller, thereby avoiding a phenomenon that the target unit is difficult to process due to retransmitting a large amount of traffic to the target unit when the target unit has not processed the traffic of the previous time period, and thus achieving effective current limiting.
Step S302: and determining the object identifier to be processed corresponding to the priority value smaller than the target threshold as the target object identifier.
Optionally, in step S302, the white list processing system may determine that the object identifier to be processed corresponding to the priority value smaller than the target threshold is the target object identifier, and may determine the target white list based on the target object identifier, and then place the target white list into the cache application redis, so as to facilitate quick update according to the traffic change, and provide the subsequent check service.
It should be noted that, by combining the flow conditions in the target unit, a plurality of white lists with different applications are uniformly managed through relevant rules, so that a uniform white list is dynamically generated, and intelligent current limiting can be performed, thereby rapidly realizing emergency control and facilitating intellectualization of operation and maintenance management.
In an alternative embodiment, the method for determining the target threshold based on the first target data amount and the preset threshold comprises any one of the following steps: determining a target threshold value based on a first threshold value, a first target data volume and a second target data volume, wherein the second target data volume is a data volume corresponding to the highest flow rate allowed to be received by a target unit in a preset time range, the preset threshold value comprises the first threshold value and a second threshold value, and the second threshold value is greater than the first threshold value; determining a target threshold based on the second threshold and the first target data amount; the target threshold is determined based on the first threshold, the second threshold, the first target amount of data, and the second target amount of data.
Optionally, in the process of calculating the dynamic target threshold, the target threshold may be calculated by different methods, such as a lower limit estimation method, an upper and lower limit proportion estimation method, an average value estimation method, and the like. Specifically, the white list processing system may determine the determination method for the target threshold value differently according to the different service types.
Specifically, the lower limit estimation method may be implemented based on the following formula:
A(t)=a*Lowest*trafficMonitor(highest)/trafficMonitor(t-1)
wherein, a (t) represents a target threshold corresponding to the current time period, a represents a preset first coefficient, lowest represents a Lowest threshold of the white list (i.e. the first threshold), trafficMonitor (highest) represents that the system pressure measurement target unit can satisfy the highest flow rate of the external service (i.e. the second target data volume), and trafficMonitor (t-1) represents the first target data volume. The first threshold may be determined based on a priority value corresponding to an object with the highest importance degree for the target service.
The upper limit estimation method can be implemented based on the following formula:
B(t)=Highest-b*trafficMonitor(t-1)
b (t) represents a corresponding target threshold in the current time period, B represents a preset second coefficient, and Highest represents a Highest threshold of the white list (i.e., the aforementioned second threshold).
The upper and lower limit estimation method can be implemented based on the following formula:
C(t)=c*Highest*trafficMonitor(t-1)+d*Lowest*trafficMonitor(highest)/trafficMonitor(t-1)
wherein, C (t) represents a target threshold corresponding to the current time period, C represents a preset third coefficient, and represents a preset fourth coefficient.
It should be noted that, by setting different methods for determining the target threshold, the determination method for the target white list is further enriched, thereby further improving the applicability of the present application.
In an optional embodiment, in the process of routing the target traffic to the target unit, the white list processing system may set a target label to the target traffic to obtain a processed target traffic, so as to route the processed target traffic to the target unit.
Optionally, after the white list processing system determines the target traffic, the white list processing system may print a target label on the target traffic, so as to forward the processed target traffic to the target unit, and the grayscale server in the target unit may identify the target traffic according to the target label on the target traffic, so as to skip the inspection of the target traffic, thereby improving the processing efficiency of the application, where the target label may be a grayscale label, or may be a traffic clearance label or other labels.
It should be noted that the present invention can also be applied to other non-unitized scenarios, and the unitized scenario is only a preferred embodiment of the present invention.
Therefore, the scheme provided by the application achieves the purpose of checking the flow entering the target unit by adopting the uniform white list, thereby realizing the technical effect of improving the working efficiency of the application, and further solving the technical problem of low working efficiency of the application caused by different white lists adopted by different applications in the same service scene when the gray scale is released in the related technology.
Example 2
According to an embodiment of the present invention, an embodiment of a white list processing apparatus is provided, where a plurality of target applications corresponding to a target service adopt a unitized architecture, fig. 4 is a schematic diagram of an optional white list processing apparatus according to an embodiment of the present invention, and as shown in fig. 4, the apparatus includes:
an obtaining module 401, configured to obtain a white list used by each target application in a target unit, to obtain multiple white lists, where the white lists include information of objects that allow access to a current target application, and the target unit is composed of grayscale servers corresponding to multiple target applications;
a determining module 402, configured to determine a target white list based on a service type of a target service and multiple white lists;
the processing module 403 is configured to filter traffic accessing the target service based on the target white list, obtain a target traffic, and route the target traffic to the target unit.
It should be noted that the acquiring module 401, the determining module 402, and the processing module 403 correspond to steps S401 to S403 in the above embodiment, and the three modules are the same as the examples and application scenarios realized by the corresponding steps S101 to S103, but are not limited to the disclosure in embodiment 1.
Optionally, the determining module further includes: the conversion sub-module is used for carrying out format conversion on the object identification contained in each white list to obtain at least one object identification to be processed, and determining the converted white list based on the at least one object identification to be processed; and the determining submodule is used for determining the target white list based on the service type of the target service and the converted white list.
Optionally, the determining sub-module further includes: the first determining unit is used for determining a target screening rule based on the service type of the target service; a second determining unit, configured to determine at least one target object identifier based on the target screening rule and the converted white list; a third determining unit for determining a target white list based on the at least one target object identification.
Optionally, the target screening rule includes at least one of: taking a union set of the identifiers of the objects to be processed contained in the white lists after the conversion; taking intersection of the identifications of the objects to be processed contained in the converted white lists; and acquiring a priority value corresponding to each object identifier to be processed, and screening at least one object identifier to be processed based on the priority value, wherein the priority value represents the importance degree of the object corresponding to the object identifier to be processed to the target service.
Optionally, screening at least one identifier of the object to be processed based on the priority value includes: determining a target threshold value based on a first target data volume and a preset threshold value, wherein the first target data volume is a data volume corresponding to the traffic received by a target unit in a target time range, and the maximum time length of the target time range from the current time is less than the target time length; and determining the object identifier to be processed corresponding to the priority value smaller than the target threshold as the target object identifier.
Optionally, the method for determining the target threshold based on the first target data amount and the preset threshold includes any one of: determining a target threshold value based on a first threshold value, a first target data volume and a second target data volume, wherein the second target data volume is a data volume corresponding to the highest flow allowed to be received by a target unit in a preset time range, the preset threshold value comprises the first threshold value and a second threshold value, and the second threshold value is greater than the first threshold value; determining a target threshold based on the second threshold and the first target data amount; the target threshold is determined based on the first threshold, the second threshold, the first target amount of data, and the second target amount of data.
Optionally, the processing module further includes: the setting submodule is used for setting a target label for the target flow to obtain the processed target flow; and the processing submodule is used for routing the processed target flow to the target unit.
Example 3
According to another aspect of the embodiments of the present invention, there is also provided a computer-readable storage medium, in which a computer program is stored, where the computer program is configured to execute the white list processing method described above when the computer program runs.
Example 4
According to another aspect of the embodiments of the present invention, there is also provided an electronic device, where fig. 5 is a schematic diagram of an alternative electronic device according to the embodiments of the present invention, as shown in fig. 5, the electronic device includes one or more processors; a memory for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement a processing method for running the program, wherein the program is arranged to perform the white-listing processing method described above when run.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed technology can be implemented in other ways. The above-described apparatus embodiments are merely illustrative, and for example, a division of a unit may be a logical division, and in actual implementation, there may be another division, for example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or may not be executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that it is obvious to those skilled in the art that various modifications and improvements can be made without departing from the principle of the present invention, and these modifications and improvements should also be considered as the protection scope of the present invention.

Claims (10)

1. A white list processing method is characterized in that a plurality of target applications corresponding to target services adopt a unitized architecture, and the white list processing method comprises the following steps:
the method comprises the steps of obtaining a white list used by each target application in a target unit to obtain a plurality of white lists, wherein the white lists comprise information of objects allowing access to the current target application, and the target unit is composed of gray servers corresponding to the target applications;
determining a target white list based on the service type of the target service and a plurality of white lists;
and screening the flow for accessing the target service based on the target white list to obtain target flow, and routing the target flow to the target unit.
2. The method of claim 1, wherein determining a target white list based on the traffic type of the target traffic and a plurality of white lists comprises:
carrying out format conversion on the object identification contained in each white list to obtain at least one object identification to be processed, and determining the converted white list based on the at least one object identification to be processed;
and determining a target white list based on the service type of the target service and the converted white list.
3. The method of claim 2, wherein determining a target white list based on the traffic type of the target traffic and the converted white list comprises:
determining a target screening rule based on the service type of the target service;
determining at least one target object identifier based on the target screening rule and the converted white list;
determining the target white list based on the at least one target object identification.
4. The method of claim 3, wherein the target filtering rule comprises at least one of:
taking a union set of the identifiers of the objects to be processed contained in the white lists after the conversion;
taking intersection of the identifications of the objects to be processed contained in the converted white lists;
and acquiring a priority value corresponding to each object identifier to be processed, and screening the at least one object identifier to be processed based on the priority value, wherein the priority value represents the importance degree of an object corresponding to the object identifier to be processed on the target service.
5. The method according to claim 4, wherein the screening the at least one object identifier to be processed based on the priority value comprises:
determining a target threshold value based on a first target data volume and a preset threshold value, wherein the first target data volume is a data volume corresponding to traffic received by a target unit in a target time range, and the maximum time length of the target time range from the current time is less than the target time length;
and determining the object identifier to be processed corresponding to the priority value smaller than the target threshold as the target object identifier.
6. The method of claim 5, wherein the method of determining the target threshold based on the first target amount of data and a preset threshold comprises any one of:
determining a target threshold value based on a first threshold value, the first target data volume and a second target data volume, wherein the second target data volume is a data volume corresponding to the highest traffic allowed to be received by a target unit in a preset time range, the preset threshold value comprises a first threshold value and a second threshold value, and the second threshold value is greater than the first threshold value;
determining the target threshold based on the second threshold and the first target amount of data;
determining the target threshold based on the first threshold, the second threshold, the first target amount of data, and the second target amount of data.
7. The method of claim 1, wherein routing the target traffic to the target unit comprises:
setting a target label for the target flow to obtain a processed target flow;
and routing the processed target traffic to the target unit.
8. A white list processing device, wherein a plurality of target applications corresponding to a target service adopt a unitized architecture, includes:
the system comprises an acquisition module, a processing module and a display module, wherein the acquisition module is used for acquiring a white list used by each target application in a target unit to obtain a plurality of white lists, the white lists comprise information of objects allowing access to the current target application, and the target unit consists of gray servers corresponding to the target applications;
the determining module is used for determining a target white list based on the service type of the target service and a plurality of white lists;
and the processing module is used for screening the flow for accessing the target service based on the target white list to obtain target flow and routing the target flow to the target unit.
9. A computer-readable storage medium, in which a computer program is stored, wherein the computer program is arranged to execute the method for white list processing of any one of claims 1 to 7 when executed.
10. An electronic device, wherein the electronic device comprises one or more processors; memory for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement a method for running a program, wherein the program is arranged to, when run, perform the method of processing a white list as claimed in any one of claims 1 to 7.
CN202211227711.3A 2022-10-09 2022-10-09 White list processing method and device and electronic equipment Pending CN115603993A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211227711.3A CN115603993A (en) 2022-10-09 2022-10-09 White list processing method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211227711.3A CN115603993A (en) 2022-10-09 2022-10-09 White list processing method and device and electronic equipment

Publications (1)

Publication Number Publication Date
CN115603993A true CN115603993A (en) 2023-01-13

Family

ID=84846725

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211227711.3A Pending CN115603993A (en) 2022-10-09 2022-10-09 White list processing method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN115603993A (en)

Similar Documents

Publication Publication Date Title
CN111459986B (en) Data computing system and method
EP3860121B1 (en) Video service quality assessment method and apparatus
CN108062243B (en) Execution plan generation method, task execution method and device
CN110826799B (en) Service prediction method, device, server and readable storage medium
US20130191493A1 (en) System for accessing a set of communication and transaction data associated with a user of interest sourced from multiple different network carriers and for enabling multiple analysts to independently and confidentially access the set of communication and transaction data
CN109245915B (en) Method and system for realizing server set balanced allocation
de QV Lima et al. Performability evaluation of emergency call center
US20200004785A1 (en) Automatic grouping based on user behavior
WO2016119389A1 (en) Management method, device and system for system docking
US20200195676A1 (en) Network telephony anomaly detection images
CN105335362B (en) The processing method and system of real time data, instant disposal system for treating
CN109862070B (en) Incoming line optimization method and device in financial surface signing business and readable access medium
CN115603993A (en) White list processing method and device and electronic equipment
CN106453132A (en) Dispatching method in hybrid cloud environment and flow control equipment
US9967364B2 (en) Apparatus and method for predicting an amount of network infrastructure needed based on demographics
CN111163237B (en) Call service flow control method and related device
CN110554916B (en) Distributed cluster-based risk index calculation method and device
CN116155829A (en) Network traffic processing method and device, medium and electronic equipment
CN106230657A (en) A kind of data push method and supplying system thereof
CN112131267A (en) Counting processing method, device, server and counting processing system
CN112669353A (en) Data processing method, data processing device, computer equipment and storage medium
CN110738571A (en) transaction risk control method and related device
CN112825204B (en) Access control method and device based on 2G network, readable medium and equipment
CN114173382A (en) Method and device for realizing flow control of virtual number provider based on random algorithm
CN115633000A (en) Cloud resource scheduling system, method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination