[go: up one dir, main page]

CN111162930B - Delayed response control method - Google Patents

Delayed response control method Download PDF

Info

Publication number
CN111162930B
CN111162930B CN201911248863.XA CN201911248863A CN111162930B CN 111162930 B CN111162930 B CN 111162930B CN 201911248863 A CN201911248863 A CN 201911248863A CN 111162930 B CN111162930 B CN 111162930B
Authority
CN
China
Prior art keywords
response
time
request
crawling
url
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911248863.XA
Other languages
Chinese (zh)
Other versions
CN111162930A (en
Inventor
邵宛岩
范渊
刘博�
龙文洁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
DBAPPSecurity Co Ltd
Original Assignee
DBAPPSecurity Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by DBAPPSecurity Co Ltd filed Critical DBAPPSecurity Co Ltd
Priority to CN201911248863.XA priority Critical patent/CN111162930B/en
Publication of CN111162930A publication Critical patent/CN111162930A/en
Application granted granted Critical
Publication of CN111162930B publication Critical patent/CN111162930B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0823Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/951Indexing; Web crawling techniques
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0604Management of faults, events, alarms or notifications using filtering, e.g. reduction of information by using priority, element types, position or time

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention provides a delay response control method, which comprises the following steps: configuring an application service IP and a port; crawling a module and a url in the application service by a crawler according to the IP and the port configured in the step 1; crawling a module and url in the application service according to the step 2 to obtain a crawler result; filtering the crawling result obtained in the step 3, removing the crawler result with the access type as the request, and obtaining a response request; generating a response time threshold T of the response request according to the response request and the crawling time acquired in the step 4: setting a response rule according to the response time threshold T obtained in the step 5 to obtain response floating time; and 6, obtaining page indexes according to the response rule and the response floating time obtained in the step 6: and performing response control according to the response time threshold T, the response floating time and the page index. The invention configures reasonable delay response time for abnormal or failed requests without influencing user experience.

Description

延迟响应控制方法Delayed Response Control Method

技术领域technical field

本发明涉及一种网络技术,具体涉及一种延迟响应控制方法。The invention relates to a network technology, in particular to a delayed response control method.

背景技术Background technique

互联网给人们生活带来便捷,与此同时一些给人们带来便利的应用服务,特别部署于网络上的,或因某些特殊需求或因某些攻击者不停请求从而导致应用不能为用户正常提供服务。比如网络上有很多爬虫在对网站的url不停的抓数据或者非正常访问,导致网络拥塞,影响正常的使用。比如数据窃取,尤其是大量下载大文件的请求;比如暴力破解,大量请求登陆。这些非正常使用都越来越高级,越来越难识别。The Internet brings convenience to people's lives, and at the same time, some application services that bring convenience to people are especially deployed on the network, or due to some special needs or constant requests from some attackers, the application cannot be used normally by users. Provide services. For example, there are many crawlers on the Internet that are constantly grabbing data or accessing website URLs abnormally, causing network congestion and affecting normal use. Such as data theft, especially a large number of requests to download large files; such as brute force cracking, a large number of requests for login. These abnormal uses are becoming more and more advanced and difficult to identify.

现有技术存在以下问题:There are following problems in prior art:

1、目前采用都是监测、检测手段发现后进行告警,这些通常是事后发现、事后处理的办法。1. At present, monitoring and detection methods are used to issue alarms after discovery. These are usually methods of post-event discovery and post-event processing.

缺陷:非正常使用都越来越高级,越来越难识别,仍然会造成赌塞,使得应用不能提供正常服务。Disadvantage: Abnormal usage is getting more and more advanced and difficult to identify, and it will still cause congestion, making the application unable to provide normal services.

2、通过策略防火墙匹配成功后,进行阻拦。2. After successfully matching through the policy firewall, block it.

缺陷:可能会造成误判,而影响用户体验。Defect: It may cause misjudgment and affect user experience.

因此,需要对现有技术进行改进。Therefore, it is necessary to improve the prior art.

发明内容Contents of the invention

本发明要解决的技术问题是提供一种高效的延迟响应控制方法。The technical problem to be solved by the present invention is to provide an efficient delayed response control method.

为解决上述技术问题,本发明提供一种延迟响应控制方法,包括以下步骤:In order to solve the above-mentioned technical problems, the present invention provides a delayed response control method, comprising the following steps:

1)、配置应用服务IP、端口;1), configure the application service IP, port;

2)、根据步骤1配置的IP、端口,通过爬虫爬取应用服务中的模块及url;2), according to the IP and port configured in step 1, crawl the module and url in the application service through the crawler;

3)、根据步骤2爬取应用服务中的模块及url得到爬虫结果;3), crawl the module and url in the application service according to step 2 to obtain the crawler result;

4)、将步骤3得到的爬取结果进行过滤,去除访问类型为请求的爬虫结果,获取响应类请求;4), filter the crawling results obtained in step 3, remove the crawler results whose access type is request, and obtain response requests;

5)、根据步骤4中获取到的响应类请求及爬取时间,生成响应类请求的响应时间阈值T:5) According to the response request and crawling time obtained in step 4, generate the response time threshold T of the response request:

6)、根据步骤5得到的响应时间阈值T,设置响应规则,得到响应浮动时间;6), according to the response time threshold T obtained in step 5, set the response rule to obtain the response floating time;

7)、根据步骤6得到的响应规则和响应浮动时间,得到页面指标:7) According to the response rule and response floating time obtained in step 6, the page index is obtained:

8)、根据响应时间阈值T、响应浮动时间、页面指标来进行响应控制。8) Response control is performed according to the response time threshold T, response floating time, and page index.

作为对本发明延迟响应控制方法的改进:As an improvement to the delayed response control method of the present invention:

在步骤3中,爬虫结果包含但不限于url、访问类型、爬取时间、详情;访问类型包含但不限于请求/响应。In step 3, crawler results include but not limited to url, access type, crawling time, details; access type includes but not limited to request/response.

作为对本发明延迟响应控制方法的进一步改进:As a further improvement to the delayed response control method of the present invention:

步骤5包括:Step 5 includes:

5.1)、通过步骤4中获取到的响应类请求及爬取时间,得到以响应类请求为横坐标,爬取时间为纵坐标的分布图;通过观测分布图,以步骤4得到的响应类请求中爬取时间中的最大值,作为最大的响应时间t,能获取到最大的响应时间t;5.1), through the response request and crawling time obtained in step 4, obtain the distribution map with the response request as the abscissa and the crawling time as the ordinate; by observing the distribution map, the response request obtained in step 4 The maximum value in the crawling time, as the maximum response time t, can obtain the maximum response time t;

5.2)、重复执行步骤2-4,获取到n个最大的响应时间t;5.2), repeat steps 2-4 to obtain n maximum response times t;

5.3)、将n个最大的响应时间t,进行均值得到响应时间阈值T。5.3) The n largest response times t are averaged to obtain a response time threshold T.

作为对本发明延迟响应控制方法的进一步改进:As a further improvement to the delayed response control method of the present invention:

步骤6包括:Step 6 includes:

6.1)、配置URL规则:即对步骤4得到的响应类请求的url,设置匹配规则;6.1), configure URL rules: that is, set matching rules for the url of the response class request obtained in step 4;

6.2)、配置响应时间:将响应时间阈值T,作为请求响应时间基准;6.2), configure the response time: use the response time threshold T as the request response time benchmark;

6.3)、配置响应浮动时间:设置对应的响应浮动时间。6.3) Configure response floating time: set the corresponding response floating time.

作为对本发明延迟响应控制方法的进一步改进:As a further improvement to the delayed response control method of the present invention:

在步骤7中,根据步骤6.1配置的URL规则和响应浮动时间,得到页面指标;页面指标包括但不限于响应页面所包含数据的敏感度、响应页面所包含数据的数据量。In step 7, page indicators are obtained according to the URL rules and response floating time configured in step 6.1; page indicators include but are not limited to the sensitivity of the data contained in the response page, and the data volume of the data contained in the response page.

作为对本发明延迟响应控制方法的进一步改进:As a further improvement to the delayed response control method of the present invention:

URL规则为:响应浮动时间与页面指标成正比或反比。The URL rule is: the response floating time is proportional or inversely proportional to the page index.

本发明延迟响应控制方法的技术优势为:The technical advantage of the delay response control method of the present invention is:

本发明在不影响用户体验的情况下,对非常态或失败请求,配置合理的延迟响应时间。通过合理配置控制响应时间,降低整体网络流量,防止非正常流量阻塞业务。The present invention configures a reasonable delayed response time for abnormal or failed requests without affecting user experience. Control the response time through reasonable configuration, reduce the overall network traffic, and prevent abnormal traffic from blocking services.

具体实施方式Detailed ways

下面结合具体实施例对本发明进行进一步描述,但本发明的保护范围并不仅限于此。The present invention will be further described below in conjunction with specific examples, but the protection scope of the present invention is not limited thereto.

实施例1、延迟响应控制方法,具体包括以下步骤:Embodiment 1, delay response control method, specifically comprises the following steps:

1、配置应用服务IP、端口。1. Configure the application service IP and port.

应用服务是指对外提供服务的web应用,需要部署本发明需要的。The application service refers to a web application that provides external services, which needs to be deployed in the present invention.

2、根据步骤1配置的IP、端口,通过爬虫爬取应用服务中的模块及url。2. According to the IP and port configured in step 1, use the crawler to crawl the modules and URLs in the application service.

爬虫包含但不限于开源爬虫工具,本发明采用的是自主开发的web扫描器。Crawlers include but are not limited to open source crawler tools, and what the present invention uses is a self-developed web scanner.

3、步骤2后,得到爬虫结果,爬虫结果包含但不限于url、访问类型、爬取时间、详情。3. After step 2, crawler results are obtained, including but not limited to url, access type, crawling time, and details.

访问类型包含但不限于请求/响应。Access types include but are not limited to request/response.

4、过滤响应请求:将步骤3得到的爬取结果进行过滤,去除访问类型为请求的爬虫结果,获取响应类请求。4. Filter response requests: Filter the crawling results obtained in step 3, remove crawler results whose access type is request, and obtain response requests.

5、生成响应时间阈值T:5. Generate a response time threshold T:

5.1)、通过步骤4中获取到的响应类请求及爬取时间,得到以响应类请求为横坐标,爬取时间为纵坐标的分布图。通过观测分布图,以步骤4得到的响应类请求中爬取时间中的最大值,作为最大的响应时间t,能获取到最大的响应时间t;5.1) Through the response requests and crawling time obtained in step 4, a distribution diagram with response requests as the abscissa and crawling time as the ordinate is obtained. By observing the distribution diagram, the maximum value of the crawling time in the response request obtained in step 4 is used as the maximum response time t, and the maximum response time t can be obtained;

5.2)、通过n次爬取(重复执行步骤2-4),能够获取到n个最大的响应时间t;5.2), through n times of crawling (repeat steps 2-4), the n largest response times t can be obtained;

5.3)、将n个最大的响应时间t,进行均值得到响应时间阈值T;5.3), average the n largest response times t to obtain the response time threshold T;

6、联动应用服务的防护设备,设置响应规则。6. Link the protection equipment of the application service and set the response rules.

6.1)、配置URL规则:即对步骤4得到的响应类请求的url,设置匹配规则(响应浮动时间与页面指标之间的比值,成正比或反比)。6.1), configure URL rules: that is, set matching rules for the url of the response request obtained in step 4 (the ratio between the response floating time and the page index is proportional or inversely proportional).

6.2)、配置响应时间:将响应时间阈值T,作为请求响应时间基准。6.2) Configure response time: use the response time threshold T as the request response time benchmark.

6.3)、配置响应浮动时间:响应URL的配置规则,设置对应的响应浮动时间。6.3) Configure the response floating time: configure the rules for responding to the URL, and set the corresponding response floating time.

7、延迟响应控制:7. Delay response control:

7.1、根据步骤6.1配置的URL规则,响应浮动时间与页面指标成正比或反比。7.1. According to the URL rule configured in step 6.1, the response floating time is proportional or inversely proportional to the page index.

7.2、页面指标包括但不限于响应页面所包含数据的敏感度、响应页面所包含数据的数据量。7.2. Page indicators include but are not limited to the sensitivity of the data contained in the response page and the data volume of the data contained in the response page.

8、根据响应时间阈值T、响应浮动时间、页面指标来进行响应控制。8. Perform response control according to the response time threshold T, response floating time, and page indicators.

规则、指标、响应浮动时间可依据经验自定义。Rules, indicators, and response floating time can be customized based on experience.

最后,还需要注意的是,以上列举的仅是本发明的若干个具体实施例。显然,本发明不限于以上实施例,还可以有许多变形。本领域的普通技术人员能从本发明公开的内容直接导出或联想到的所有变形,均应认为是本发明的保护范围。Finally, it should be noted that the above examples are only some specific embodiments of the present invention. Obviously, the present invention is not limited to the above embodiments, and many variations are possible. All deformations that can be directly derived or associated by those skilled in the art from the content disclosed in the present invention should be considered as the protection scope of the present invention.

Claims (2)

1.延迟响应控制方法,其特征在于:包括以下步骤:1. delay response control method, it is characterized in that: comprise the following steps: 1)、配置应用服务IP、端口;1), configure the application service IP, port; 2)、根据步骤1)配置的IP、端口,通过爬虫爬取应用服务中的模块及url;2) According to the IP and port configured in step 1), the module and url in the application service are crawled through the crawler; 3)、根据步骤2)爬取应用服务中的模块及url得到爬虫结果;3) According to step 2), crawl the module and url in the application service to get the crawler result; 爬虫结果包含但不限于url、访问类型、爬取时间、详情;访问类型包含但不限于请求/响应;Crawler results include but not limited to url, access type, crawling time, details; access type includes but not limited to request/response; 4)、将步骤3)得到的爬取结果进行过滤,去除访问类型为请求的爬虫结果,获取响应类请求;4) Filter the crawling results obtained in step 3), remove the crawler results whose access type is request, and obtain response requests; 5)、根据步骤4)中获取到的响应类请求及爬取时间,生成响应类请求的响应时间阈值T:5) According to the response request and crawling time obtained in step 4), generate the response time threshold T of the response request: 具体如下:details as follows: 5.1)、通过步骤4)中获取到的响应类请求及爬取时间,得到以响应类请求为横坐标,爬取时间为纵坐标的分布图;通过观测分布图,以步骤4)得到的响应类请求中爬取时间中的最大值,作为最大的响应时间t,能获取到最大的响应时间t;5.1), through the response request and crawling time obtained in step 4), get the distribution map with the response request as the abscissa and the crawling time as the ordinate; by observing the distribution map, the response obtained in step 4) The maximum value of crawling time in class requests, as the maximum response time t, can obtain the maximum response time t; 5.2)、重复执行步骤2)~4)n次,获取到n个最大的响应时间t;5.2), repeat steps 2)~4) n times, and obtain n maximum response times t; 5.3)、将n个最大的响应时间t,进行均值得到响应时间阈值T;5.3) Take the n largest response times t and average them to obtain the response time threshold T; 6)、根据步骤5)得到的响应时间阈值T,设置响应规则,得到响应浮动时间;6) According to the response time threshold T obtained in step 5), set the response rule to obtain the response floating time; 具体如下:details as follows: 6.1)、配置URL规则:对步骤4)得到的响应类请求的url,设置匹配规则;匹配规则为响应浮动时间与页面指标之间的比值,成正比或反比;6.1), configure the URL rule: set the matching rule for the URL of the response request obtained in step 4); the matching rule is the ratio between the response floating time and the page index, which is proportional or inversely proportional; 6.2)、配置响应时间:将响应时间阈值T,作为请求响应时间基准;6.2), configure the response time: use the response time threshold T as the request response time benchmark; 6.3)、配置响应浮动时间:设置对应的响应浮动时间;6.3), configure the response floating time: set the corresponding response floating time; 7)、根据步骤6)得到的响应规则和响应浮动时间,得到页面指标:7) According to the response rule and response floating time obtained in step 6), the page index is obtained: 具体如下:details as follows: 根据步骤6.1)配置的URL规则,响应浮动时间与页面指标成正比或反比;According to the URL rule configured in step 6.1), the response floating time is proportional or inversely proportional to the page index; 页面指标包括但不限于响应页面所包含数据的敏感度、响应页面所包含数据的数据量;Page indicators include but are not limited to the sensitivity of the data contained in the response page and the data volume of the data contained in the response page; 8)、根据响应时间阈值T、响应浮动时间、页面指标来进行响应控制。8) Response control is performed according to the response time threshold T, response floating time, and page indicators. 2.根据权利要求1所述的延迟响应控制方法,其特征在于:2. The delayed response control method according to claim 1, characterized in that: 步骤1)中:应用服务是指对外提供服务的web应用;In step 1): application services refer to web applications that provide external services; 步骤2)中:爬虫包含但不限于开源爬虫工具。Step 2): Crawlers include but are not limited to open source crawler tools.
CN201911248863.XA 2019-12-09 2019-12-09 Delayed response control method Active CN111162930B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911248863.XA CN111162930B (en) 2019-12-09 2019-12-09 Delayed response control method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911248863.XA CN111162930B (en) 2019-12-09 2019-12-09 Delayed response control method

Publications (2)

Publication Number Publication Date
CN111162930A CN111162930A (en) 2020-05-15
CN111162930B true CN111162930B (en) 2022-11-11

Family

ID=70555784

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911248863.XA Active CN111162930B (en) 2019-12-09 2019-12-09 Delayed response control method

Country Status (1)

Country Link
CN (1) CN111162930B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113746790B (en) * 2020-07-22 2023-09-05 北京沃东天骏信息技术有限公司 Abnormal flow management method, electronic equipment and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105610728A (en) * 2015-12-28 2016-05-25 湖南蚁坊软件有限公司 Web crawler flow control automatic degradation method based on time window
CN106331108A (en) * 2016-08-25 2017-01-11 北京量科邦信息技术有限公司 Crawler realization method and system capable of breaking through IP limit

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9887933B2 (en) * 2014-10-31 2018-02-06 The Nielsen Company (Us), Llc Method and apparatus to throttle media access by web crawlers

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105610728A (en) * 2015-12-28 2016-05-25 湖南蚁坊软件有限公司 Web crawler flow control automatic degradation method based on time window
CN106331108A (en) * 2016-08-25 2017-01-11 北京量科邦信息技术有限公司 Crawler realization method and system capable of breaking through IP limit

Also Published As

Publication number Publication date
CN111162930A (en) 2020-05-15

Similar Documents

Publication Publication Date Title
US12413553B2 (en) Methods and systems for efficient network protection
CN114465739B (en) Abnormal identification method and system, storage medium and electronic device
US11831609B2 (en) Network security system with enhanced traffic analysis based on feedback loop
US11316878B2 (en) System and method for malware detection
US8955091B2 (en) Systems and methods for integrating cloud services with information management systems
US8578493B1 (en) Botnet beacon detection
CN115134099B (en) Network attack behavior analysis method and device based on full flow
US9912638B2 (en) Systems and methods for integrating cloud services with information management systems
EP2946332B1 (en) Automated forensics of computer systems using behavioral intelligence
EP3270564B1 (en) Distributed security provisioning
US8713682B2 (en) Dynamic learning method and adaptive normal behavior profile (NBP) architecture for providing fast protection of enterprise applications
CN111245793A (en) Anomaly analysis method and device for network data
US20050086502A1 (en) Policy-based network security management
KR101282297B1 (en) The apparatus and method of unity security with transaction pattern analysis and monitoring in network
KR101951730B1 (en) Total security system in advanced persistent threat
US9336396B2 (en) Method and system for generating an enforceable security policy based on application sitemap
CN111162930B (en) Delayed response control method
US11792209B2 (en) Robust learning of web traffic
US12526216B2 (en) Systems and methods for network anomaly detection and policy-based network state restoration
US12488116B2 (en) Systems and methods for detecting abnormal permissions in a cloud environment
CN107181758A (en) Recognize the method and system of hacker's behavior
CN119966715A (en) A safety protection method and device
CN114844667A (en) Intelligent security analysis management decision system and method based on network equipment
CN112788044A (en) Bypass detection method, device and equipment for distributed cluster
Xiao et al. A Large-scale Measurement Study of Mobile Web Security Through Traffic Monitoring

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20200515

Assignee: Hangzhou Anheng Information Security Technology Co.,Ltd.

Assignor: Dbappsecurity Co.,Ltd.

Contract record no.: X2024980043365

Denomination of invention: Delay response control method

Granted publication date: 20221111

License type: Common License

Record date: 20241231