CN1558601A - Web server load control method for resisting rejection service attack - Google Patents
Web server load control method for resisting rejection service attack Download PDFInfo
- Publication number
- CN1558601A CN1558601A CNA2004100139612A CN200410013961A CN1558601A CN 1558601 A CN1558601 A CN 1558601A CN A2004100139612 A CNA2004100139612 A CN A2004100139612A CN 200410013961 A CN200410013961 A CN 200410013961A CN 1558601 A CN1558601 A CN 1558601A
- Authority
- CN
- China
- Prior art keywords
- service
- user
- request
- web server
- dispatch
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 24
- 238000012544 monitoring process Methods 0.000 claims abstract description 25
- 230000002159 abnormal effect Effects 0.000 claims abstract description 14
- 238000004458 analytical method Methods 0.000 claims abstract description 9
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 claims description 3
- 230000005856 abnormality Effects 0.000 claims description 2
- 230000005764 inhibitory process Effects 0.000 claims description 2
- 238000012423 maintenance Methods 0.000 claims description 2
- 230000000977 initiatory effect Effects 0.000 abstract 1
- 206010033799 Paralysis Diseases 0.000 description 2
- 230000001681 protective effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
Landscapes
- Computer And Data Communications (AREA)
Abstract
A Web server service dispatching and load control method for resisting rejection service attacks comprising the steps of, (1) initiating monitoring control function and starting state monitoring control, (2) receiving network service request, (3) subjecting service request to characteristic acquisition, (4) if the system is under abnormal condition transferring a number, (5) proceeding normal network service processing, (6) if the system continuing operation, transferring to step 2, otherwise transferring to step 9, (7) proceeding user type analysis in accordance with system status and user service request characteristics, (8) proceeding dispatching service in accordance with user type, transferring to step 6, (9) stopping system status monitoring control function, (10) ending. The invention realizes the identification and protection capacity of the Web server to service attacks.
Description
Technical field
The present invention relates to Web server, the method for particularly a kind of service dispatch that can resist Denial of Service attack and load control.
Background technology
Web server is the vitals in the information system, can be widely used in the application such as portal website, E-Government, ecommerce of network environments such as Internet.Along with Web server is used to various important information system, also more and more higher to the requirement of its anti-attack performance.Denial of Service attack is one of common attack at Web server, and attack can cause server performance to descend significantly even can not effectively play a role.Because identification and protection to Denial of Service attack have big difficulty, present Web server often is faced with under attack and sinks into inoperable threat.
Summary of the invention
Main purpose of the present invention is weak, easy because of being attacked the problem that service can not effectively be provided to the identification and the protective capacities of Denial of Service attack at present Web server, provide a kind of and can more accurately discern the load control method of attacking and avoiding server service to paralyse, to improve the service performance of server.
For realizing described purpose of the present invention, the invention provides a kind of Web server service dispatch and load control method of anti-Denial of Service attack, this method may further comprise the steps: (1) starts monitoring function and begins system status monitoring; (2) accept network service request; (3) service request is carried out collection apparatus; (4) if system is in abnormal condition, then forward step 7 to; (5) carry out the proper network service processing; (6) if system continues operation, then forward step 2 to, otherwise forward step 9 to; (7) carry out the user type analysis according to system mode and user's service request feature; (8) carry out dispatch service according to user type; Forward step 6 to; (9) halt system condition monitoring function; (10) finish.
Characteristics of the present invention are: strengthen identification and the protective capacities of Web server to Denial of Service attack, being unlikely to can not effectively be provided service because of attacking, can more accurately discern the load control method of attacking and avoiding server service to paralyse, improve the work service ability of server.
Below in conjunction with accompanying drawing most preferred embodiment is elaborated.
Description of drawings
Fig. 1 Web server load control system workflow diagram
The flow chart of Fig. 2 the inventive method
The flow chart of Fig. 3 system monitoring process
Embodiment
As shown in Figure 1, the Web server load control system is by asking to accept control, asking to accept, ask modules such as collection apparatus, system state monitoring, abnormal user identification, load dispatch control and service processing to be formed.It is the basic function structure of Web service system that control is accepted in request acceptance, service processing and request.For realizing the defence capability to DDoS, this method has added modules such as request collection apparatus, system state monitoring, abnormal user identification and load dispatch control.Request collection apparatus module real time monitoring record service request is given abnormal user identification module and system state monitoring module with analysis result.The system state monitoring module judges according to service request whether system is in a safe condition, and notifies abnormal user identification module and load dispatch control module with precarious position.The abnormal user identification module detects dystropic user according to the analysis result of request collection apparatus module, and the notification payload dispatching control module.What kind of service processing the decision of load dispatch module is carried out and whether is received its later service request the user, according to system load state and class of subscriber, service request is dispatched and is controlled.
Method of the present invention as shown in Figure 2.Step 10 is initial actuatings.Step 11 start-up system monitoring function is safeguarded system mode.The system monitoring method will be specifically introduced in the part of back in conjunction with Fig. 3.Step 12 receives service request from network.Step 13 pair requested feature is gathered, record.Step 14 judges whether system is in normal condition, if execution in step 15 then; Otherwise execution in step 16.Step 16 is carried out the class of subscriber analysis.The inventive method recording user is categorized as normal users, suspicious user and malicious user in the service history of server and with the user.Usually the user is a normal users.New user when system is in abnormal condition and request speed are higher to be suspicious user as the user greater than 50 times/second.Suspicious user still keeps the high-speed requests state through intervening indicative service, then is malicious user; Otherwise be normal users.Step 17 is carried out classified service according to system mode and class of subscriber.Normal users is carried out service processing; Suspicious user is intervened indicative service, and it changes the warning of request rate promptly to send indication.Do not provide service to malicious user, and malicious user is charged to the blacklist set that control is accepted in request.
Step 15 process user service request.Step 18 judges whether system service finishes, if execution in step 19 then, otherwise forward step 12 to.Step 19 halt system status monitoring function performs and finishes to prepare.Step 20 is done states.
Fig. 3 describes Fig. 2 step 11 in detail, and its effect is the load condition of monitoring and maintenance system.The step 110 of Fig. 3 is an initial state.Step 111 acquisition system service scenario, the Adjustment System state.4 kinds of states such as the inventive method definition is normal, unusual, danger and overload: be generally normal condition; When system load surpasses prescribed limit, as greater than 80% o'clock of maximum service ability, system is an overload condition; When new user advances the speed above prescribed limit, as greater than 30/second the time, system is a precarious position; When request is advanced the speed above prescribed limit, as greater than 3000/second the time, system is an abnormality.Step 112 is carried out service dispatch control according to system mode.When system is in overload condition, accept the highest hypervelocity user's of control module inhibition request speed request visit by request.Malicious user in the blacklist set is accepted control module by request forbid its request visit.Step 113 is adjusted access control according to strategy.To the visit of malicious user permanent ban, unless the special user is forbidden by the manual process releasing.To common hypervelocity user, forbidding a period of time, after 10 minutes, remove its request and forbid.Step 114 judges whether system monitoring finishes, if execution in step 115 then; Otherwise forwarding step 111 to continues to carry out.Step 115 is the done state of Fig. 3.
Claims (7)
1, a kind of Web server service dispatch and load control method of anti-Denial of Service attack is characterized in that may further comprise the steps: (1) starts monitoring function and begins system status monitoring; (2) accept network service request; (3) service request is carried out collection apparatus; (4) if system is in abnormal condition, then forward step 7 to; (5) carry out the proper network service processing; (6) if system continues operation, then forward step 2 to, otherwise forward step 9 to; (7) carry out the user type analysis according to system mode and user's service request feature; (8) carry out dispatch service according to user type; Forward step 6 to; (9) halt system condition monitoring function; (10) finish.
2,, it is characterized in that described Web server load control is by asking to accept control, asking to accept, ask modules such as collection apparatus, system state monitoring, abnormal user identification, load dispatch control and service processing to be formed by the Web server service dispatch and the load control method of the described anti-Denial of Service attack of claim 1.
3, by the Web server service dispatch and the load control method of the described anti-Denial of Service attack of claim 2, it is characterized in that described request collection apparatus module real time monitoring record service request, give abnormal user identification module and system state monitoring module analysis result; The system state monitoring module judges according to service request whether system is in a safe condition, and notifies abnormal user identification module and load dispatch control module with precarious position; The abnormal user identification module detects dystropic user according to the analysis result of request collection apparatus module, and the notification payload dispatching control module; What kind of service processing the decision of load dispatch module is carried out and whether is received its later service request the user, according to system load state and class of subscriber, service request is dispatched and is controlled.
4, by the Web server service dispatch and the load control method of the described anti-Denial of Service attack of claim 2, when it is characterized in that carrying out class of subscriber analytical procedure 16, recording user is categorized as normal users, suspicious user and malicious user in the service history of server and with the user; New user when system is in abnormal condition and request speed are higher to be suspicious user as the user greater than 50 times/second; Suspicious user still keeps the high-speed requests state through intervening indicative service, then is malicious user; Carry out classified service according to system mode and class of subscriber, normal users is carried out service processing; Suspicious user is intervened indicative service, and it changes the warning of request rate promptly to send indication.Do not provide service to malicious user, and malicious user is charged to the blacklist set that control is accepted in request.
5, by the Web server service dispatch and the load control method of the described anti-Denial of Service attack of claim 2, it is characterized in that monitoring the load condition step 111 acquisition system service scenario with maintenance system, 4 kinds of states such as definition is normal, unusual, danger and overload: be generally normal condition; When system load surpasses prescribed limit, system is an overload condition; When new user advances the speed above prescribed limit, system is a precarious position; When request is advanced the speed above prescribed limit, system is an abnormality; According to system mode, carry out service dispatch control, when system is in overload condition, accept the highest hypervelocity user's of control module inhibition request speed request visit by request.
6,, it is characterized in that malicious user in the blacklist set is accepted control module by request forbids its request visit by the Web server service dispatch and the load control method of the described anti-Denial of Service attack of claim 2.
7,, it is characterized in that adjusting access control according to strategy by the Web server service dispatch and the load control method of the described anti-Denial of Service attack of claim 2; To the visit of malicious user permanent ban, unless the special user is forbidden by the manual process releasing; To common hypervelocity user, forbidding a period of time, remove its request and forbid.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100139612A CN100411344C (en) | 2004-01-19 | 2004-01-19 | Web server load control method for resisting rejection service attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100139612A CN100411344C (en) | 2004-01-19 | 2004-01-19 | Web server load control method for resisting rejection service attack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1558601A true CN1558601A (en) | 2004-12-29 |
| CN100411344C CN100411344C (en) | 2008-08-13 |
Family
ID=34351213
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100139612A Expired - Fee Related CN100411344C (en) | 2004-01-19 | 2004-01-19 | Web server load control method for resisting rejection service attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100411344C (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010020152A1 (en) * | 2008-08-21 | 2010-02-25 | 腾讯科技(深圳)有限公司 | Method, system and domain name solution server for realizing network server load balance |
| CN101072106B (en) * | 2006-05-12 | 2010-08-11 | 国际商业机器公司 | Method and system for protecting against denial of service attacks |
| CN107026851A (en) * | 2017-03-22 | 2017-08-08 | 西安电子科技大学 | A kind of real-time system guard method based on stream data processing |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6789203B1 (en) * | 2000-06-26 | 2004-09-07 | Sun Microsystems, Inc. | Method and apparatus for preventing a denial of service (DOS) attack by selectively throttling TCP/IP requests |
| US7028179B2 (en) * | 2001-07-03 | 2006-04-11 | Intel Corporation | Apparatus and method for secure, automated response to distributed denial of service attacks |
| CN1156762C (en) * | 2001-12-04 | 2004-07-07 | 上海复旦光华信息科技股份有限公司 | By-pass investigation and remisson method for rejecting service attack |
-
2004
- 2004-01-19 CN CNB2004100139612A patent/CN100411344C/en not_active Expired - Fee Related
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101072106B (en) * | 2006-05-12 | 2010-08-11 | 国际商业机器公司 | Method and system for protecting against denial of service attacks |
| WO2010020152A1 (en) * | 2008-08-21 | 2010-02-25 | 腾讯科技(深圳)有限公司 | Method, system and domain name solution server for realizing network server load balance |
| US8510434B2 (en) | 2008-08-21 | 2013-08-13 | Tencent Technology (Shenzhen) Company Limited | Method, system and DNS server for load balancing network servers |
| CN107026851A (en) * | 2017-03-22 | 2017-08-08 | 西安电子科技大学 | A kind of real-time system guard method based on stream data processing |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100411344C (en) | 2008-08-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR100609170B1 (en) | system of network security and working method thereof | |
| CN101136922B (en) | Service stream recognizing method, device and distributed refusal service attack defending method, system | |
| CN101147143B (en) | Methods and apparatus providing security to computer systems and networks | |
| US20020184362A1 (en) | System and method for extending server security through monitored load management | |
| US20090013407A1 (en) | Intrusion detection system/intrusion prevention system with enhanced performance | |
| CN107508831B (en) | Bus-based intrusion detection method | |
| CN101150586A (en) | CC attack prevention method and device | |
| CN101505302A (en) | Dynamic regulating method and system for security policy | |
| CN101547187B (en) | Network attack protection method for broadband access equipment | |
| WO2006032028A2 (en) | Metric-based monitoring and control of a limited resource | |
| CN1175621C (en) | Method of detecting and monitoring malicious user host machine attack | |
| CN101902348A (en) | Network security system and system load automatic adjusting method thereof | |
| CN103916387A (en) | DDOS attack protection method and system | |
| CN111327615A (en) | CC attack protection method and system | |
| CN115001812B (en) | Internet-based data center online supervision safety early warning system | |
| CN100346248C (en) | Method and arrangement for automatically controlling access between a computer and a communication network | |
| US20030084344A1 (en) | Method and computer readable medium for suppressing execution of signature file directives during a network exploit | |
| US10171492B2 (en) | Denial-of-service (DoS) mitigation based on health of protected network device | |
| CN100411344C (en) | Web server load control method for resisting rejection service attack | |
| CN108229164A (en) | Decompress the judgment method and device of bomb | |
| CN101795277A (en) | Flow detection method and equipment in unidirectional flow detection mode | |
| KR20070119382A (en) | Intrusion prevention system and controlling method | |
| CN101415000B (en) | Method for preventing Dos aggression of business support system | |
| CN111835719A (en) | Computer network firewall system based on multi-terminal inspection and working method thereof | |
| CN111083704A (en) | 5G network security defense system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20080813 Termination date: 20120119 |