CN103117997A - Method and system achieving communication safety control - Google Patents

Method and system achieving communication safety control Download PDF

Info

Publication number
CN103117997A
CN103117997A CN2012104679421A CN201210467942A CN103117997A CN 103117997 A CN103117997 A CN 103117997A CN 2012104679421 A CN2012104679421 A CN 2012104679421A CN 201210467942 A CN201210467942 A CN 201210467942A CN 103117997 A CN103117997 A CN 103117997A
Authority
CN
China
Prior art keywords
control table
service process
instruction
process server
command adapted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2012104679421A
Other languages
Chinese (zh)
Inventor
谢静宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SUZHOU YIBEI INFORMATION TECHNOLOGY Co Ltd
Original Assignee
SUZHOU YIBEI INFORMATION TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SUZHOU YIBEI INFORMATION TECHNOLOGY Co Ltd filed Critical SUZHOU YIBEI INFORMATION TECHNOLOGY Co Ltd
Priority to CN2012104679421A priority Critical patent/CN103117997A/en
Publication of CN103117997A publication Critical patent/CN103117997A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Computer And Data Communications (AREA)

Abstract

The invention provides a method and a system achieving communication safety control. The method includes the following steps;a business processing server receives different types of instruction requests sent by a client and obtains number of the instruction requests received in a first preset interval; the business processing server determines the receiving degree and the danger grade of corresponding instructions according to the number of the received different types of instruction requests and a stored first control table; the business processing server obtains the umber of different types of instruction requests in a second preset interval, determines the number of corresponding instructions in the preset danger stage according to the first control table, and enables the number of the corresponding instructions in the preset danger stage to be noticed to the controller; and the controller regulates the importance grate of corresponding instructions according to the number of the received corresponding instructions in the preset danger grate and a stored second control table, and update of the first control table is completed through the business processing server.

Description

A kind of method and system that realize that communication security is controlled
Technical field
The invention belongs to network communication field, relate in particular to a kind of method and system that realize that communication security is controlled.
Background technology
At present, the hacker carries out malicious attack by sending a large amount of legitimate request to server, so, easily causes server resource to exhaust, and can not make response to normal service request.
Summary of the invention
The invention provides a kind of method and system that realize that communication security is controlled, to address the above problem.
The invention provides a kind of method that realizes that communication security is controlled.Said method comprises the following steps: Service Process Server receives the dissimilar instruction request that client sends, and obtains the number of the dissimilar instruction request that receives in the first Preset Time section; Service Process Server is determined acceptance and the danger classes of command adapted thereto according to the first control table of the number of dissimilar instruction request and storage; Service Process Server obtains the number of dissimilar instruction request in the second Preset Time section, and determine that according to the first control table command adapted thereto is in the number of times of default danger classes, and command adapted thereto is in the number of times notification controller of default danger classes; Importance rate and the informing business processing server of command adapted thereto adjusted in the second control table that controller is in the number of times of default danger classes and storage according to the command adapted thereto that receives, and completed the renewal of the first control table by Service Process Server.
The present invention also provides a kind of system that realizes that communication security is controlled, and comprises client, Service Process Server and controller.Client connects Service Process Server, and Service Process Server connects controller.Service Process Server is used for receiving the dissimilar instruction request that client sends, and obtains the number of the dissimilar instruction request that receives in the first Preset Time section.Service Process Server is used for determining according to the first control table of the number of dissimilar instruction request and storage acceptance and the danger classes of command adapted thereto.Service Process Server, be used for obtaining the number of dissimilar instruction request in the second Preset Time section, and determine that according to the first control table command adapted thereto is in the number of times of default danger classes, and command adapted thereto is in the number of times notification controller of default danger classes.Controller is used for adjusting according to the second control table that the command adapted thereto that receives is in the number of times of default danger classes and storage the importance rate of command adapted thereto.Service Process Server, the importance rate of the command adapted thereto after the adjustment that is used for sending according to controller is completed the renewal of the first control table.
Compared to prior art, according to the method and system that realize that communication security is controlled provided by the invention, Service Process Server obtains the number of dissimilar instruction request in the second Preset Time section, and determine that according to the first control table command adapted thereto is in the number of times of default danger classes, and command adapted thereto is in the number of times notification controller of default danger classes.And the importance rate of command adapted thereto is adjusted in the second control table that controller is in the number of times of default danger classes and storage according to the command adapted thereto that receives.So, by adjusting the importance rate of command adapted thereto, realize the reasonable distribution of system resource.And, by the setting of danger classes, realize monitoring and the processing of assault.
Description of drawings
Accompanying drawing described herein is used to provide a further understanding of the present invention, consists of the application's a part, and illustrative examples of the present invention and explanation thereof are used for explaining the present invention, do not consist of improper restriction of the present invention.In the accompanying drawings:
Figure 1 shows that the flow chart of realizing the method that communication security is controlled that preferred embodiment according to the present invention provides;
Figure 2 shows that the schematic diagram of realizing the system that communication security is controlled that preferred embodiment according to the present invention provides.
Embodiment
Hereinafter also describe in conjunction with the embodiments the present invention in detail with reference to accompanying drawing.Need to prove, in the situation that do not conflict, embodiment and the feature in embodiment in the application can make up mutually.
Figure 1 shows that the flow chart of realizing the method that communication security is controlled that preferred embodiment according to the present invention provides.As shown in Figure 1, the method that communication security is controlled that realizes that preferred embodiment of the present invention provides comprises step 101~104.
In step 101, Service Process Server receives the dissimilar instruction request that client sends, and obtains the number of the dissimilar instruction request that receives in the first Preset Time section.In this, the type of instruction is such as comprising login instruction, logout instruction, Text instruction and Group instruction etc.Yet the present invention does not limit this.
In step 102, described Service Process Server is determined acceptance and the danger classes of command adapted thereto according to the first control table of the number of described dissimilar instruction request and storage.
In the present embodiment, Service Process Server storage the first control table, the corresponding relation of instruction request number, danger classes and instruction accepting degree in the first control table storage instruction type, instruction importance rate, the first Preset Time section.In this, take login instruction, logout instruction, Text instruction and Group instruction as example, the first control table example is as shown in table 1.
Figure BSA00000807636200021
Figure BSA00000807636200031
Table 1
In this, as shown in table 1, the instruction importance rate is from high to low successively: Group instruction (fourth estate), Text instruction (tertiary gradient), logout instruction (the second grade), login instruction (the first estate).In addition, danger classes order from low to high is: the first estate, the second grade, the tertiary gradient.Yet the present invention is not limited thereto.In practical application, can set as required.In addition, definite mode of instruction accepting degree is as follows: determines median according to two endpoint values of instruction request number range in each first Preset Time section, adds that on the basis of median added value obtains corresponding instruction accepting degree, and, along with danger classes raises, added value reduces gradually.Take the login instruction as example, in the first Preset Time section, the scope of instruction request number is greater than 10,000 and is not more than at 30,000 o'clock, corresponding median is 20,000, and added value is 0.5 ten thousand, therefore, the instruction accepting degree is 2.5 ten thousand, when scope for greater than 30,000 and when being not more than 50,000, corresponding median 40,000, added value is 0.4 ten thousand, therefore, the instruction accepting degree is 4.4 ten thousand.
Particularly, after Service Process Server obtains the number of the dissimilar instruction request that receives in the first Preset Time section, determine acceptance and the danger classes of dissimilar instruction according to table 1.For example, it is as follows that Service Process Server obtains the dissimilar instruction request number that receives in the first Preset Time section (for example, 20 minutes): the login number of instructions is that 0.8 ten thousand, logout number of instructions is 4.5 ten thousand, the Text number of instructions is that 4.7 ten thousand, Group number of instructions is 70,000.Wherein, if the number of command adapted thereto is not contained in table 1 in corresponding scope, represent that this instruction is not in the hole, this instruction of Service Process Server normal process.In this, with reference to table 1 as can be known, the login number of instructions does not belong in table 1 in corresponding number range, and therefore, the login instruction is not in the hole.The number of logout instruction is corresponding to greater than 40,000 and be not more than 60,000 scope, and therefore, danger classes is the second grade, and the instruction accepting degree is for being no more than 5.4 ten thousand, and so, Service Process Server still can be processed 4.5 ten thousand logout instructions.The number of Text instruction is corresponding to greater than 30,000 and be not more than 50,000 scope, and therefore, danger classes is the first estate, and the instruction accepting degree is for being no more than 4.5 ten thousand, so, Service Process Server is processed at most 4.5 ten thousand Text instruction, abandons 0.2 ten thousand unnecessary instructions.The number of Group instruction is corresponding to greater than 60,000 and be not more than 80,000 scope, and therefore, danger classes is the second grade, and the instruction accepting degree is for being no more than 7.4 ten thousand, and so, Service Process Server still can be processed 70,000 Group instructions.
In step 103, described Service Process Server obtains the number of dissimilar instruction request in the second Preset Time section, and determine that according to described the first control table command adapted thereto is in the number of times of default danger classes, and described command adapted thereto is in the number of times notification controller of default danger classes.
In step 104, described controller is in the number of times of default danger classes according to the described command adapted thereto that receives and the second control table of storage is adjusted the importance rate of described command adapted thereto and notifies described Service Process Server, is completed the renewal of described the first control table by described Service Process Server.
In the present embodiment, controller is regularly adjusted the importance rate of command adapted thereto according to the second control table.In this, the second control table example of controller storage is as shown in table 2.Yet the present invention is not limited thereto.In practical application, accommodation the second control table as required.
In the second Preset Time section, command adapted thereto is in the number of times of the tertiary gradient (danger classes) The instruction importance rate is adjusted strategy
Number of times is 0 The instruction importance rate reduces one-level
Greater than 0 time and be not more than 3 times Instruction importance rate rising one-level
Greater than 3 times and be not more than 6 times Instruction importance rate rising two-stage
Greater than 6 times The instruction importance rate raises three grades
Table 2
Particularly, the second Preset Time section is greater than the first Preset Time section.For example, the first Preset Time section is 20 minutes, the second Preset Time section is 3 hours, namely comprises 9 the first Preset Time sections in the second Preset Time section, and Service Process Server number take the first Preset Time section as the dissimilar instruction request of interval stats in the second Preset Time section.Take the login instruction as example, if in the second Preset Time section (for example, 3 hours) in, Service Process Server with the first Preset Time section (for example, 20 minutes) be the number of interval stats login instruction request, and determine the danger classes of login instruction in each first Preset Time section according to table 1.When reaching the second Preset Time section, the login instruction that Service Process Server obtains statistics is in the number of times notification controller of the tertiary gradient (danger classes).When if controller receives number of times that the login instruction is in the tertiary gradient (danger classes) and is 4 times from Service Process Server, controller is determined the instruction importance rate needs rising two-stage of login instruction according to table 2, that is, the instruction importance rate of login instruction is increased to the tertiary gradient.At this moment, the instruction importance rate of login instruction in controller informing business processing server updating form 1, the notice of the importance rate of login instruction after the adjustment that Service Process Server sends according to controller, the instruction importance rate of login instruction is updated to the tertiary gradient, and the Data Update that login instruction in table 1 is corresponding is instruction request number, danger classes and instruction accepting degree in the first Preset Time section corresponding to the tertiary gradient (instruction importance rate) simultaneously.
Figure 2 shows that the schematic diagram of realizing the system that communication security is controlled that preferred embodiment according to the present invention provides.As shown in Figure 2, the system that communication security is controlled that realizes that preferred embodiment of the present invention provides comprises client 10, Service Process Server 12 and controller 14.Client 10 connects Service Process Server 12, and Service Process Server 12 connects controller 14.
In the present embodiment, Service Process Server 12 is used for receiving the dissimilar instruction request that client 10 sends, and obtains the number of the dissimilar instruction request that receives in the first Preset Time section.Service Process Server 12 is used for determining according to the first control table of the number of dissimilar instruction request and storage acceptance and the danger classes of command adapted thereto.Service Process Server 12, be used for obtaining the number of dissimilar instruction request in the second Preset Time section, and determine that according to the first control table command adapted thereto is in the number of times of default danger classes, and command adapted thereto is in the number of times notification controller 14 of default danger classes.Controller 14 is used for adjusting according to the second control table that the command adapted thereto that receives is in the number of times of default danger classes and storage importance rate and the informing business processing server 12 of command adapted thereto.Service Process Server 12, the importance rate of the command adapted thereto after the adjustment that is used for sending according to controller 14 is completed the renewal of the first control table.Concrete operations about described system are described with above-mentioned method, therefore repeat no more in this.
In sum, the method and system that realize communication security control that preferred embodiment provides according to the present invention, Service Process Server obtains the number of dissimilar instruction request in the second Preset Time section, and determine that according to the first control table command adapted thereto is in the number of times of default danger classes, and command adapted thereto is in the number of times notification controller of default danger classes.And the importance rate of command adapted thereto is adjusted in the second control table that controller is in the number of times of default danger classes and storage according to the command adapted thereto that receives.So, by adjusting the importance rate of command adapted thereto, realize the reasonable distribution of system resource.And, by the setting of danger classes, realize monitoring and the processing of assault.
The above is only the preferred embodiments of the present invention, is not limited to the present invention, and for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any modification of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.

Claims (8)

1. a method that realizes that communication security is controlled, is characterized in that, comprises the following steps:
Service Process Server receives the dissimilar instruction request that client sends, and obtains the number of the dissimilar instruction request that receives in the first Preset Time section;
Described Service Process Server is determined acceptance and the danger classes of command adapted thereto according to the first control table of the number of described dissimilar instruction request and storage;
Described Service Process Server obtains the number of dissimilar instruction request in the second Preset Time section, and determine that according to described the first control table command adapted thereto is in the number of times of default danger classes, and described command adapted thereto is in the number of times notification controller of default danger classes;
Described controller is in the number of times of default danger classes according to the described command adapted thereto that receives and the second control table of storage is adjusted the importance rate of described command adapted thereto and notifies described Service Process Server, is completed the renewal of described the first control table by described Service Process Server.
2. method according to claim 1, is characterized in that, the corresponding relation of instruction request number, danger classes and instruction accepting degree in described the first control table storage instruction type, instruction importance rate, the first Preset Time section.
3. method according to claim 1, is characterized in that, described controller is regularly adjusted the importance rate of command adapted thereto according to described the second control table.
4. method according to claim 1, is characterized in that, described the second Preset Time section is greater than described the first Preset Time section.
5. a system that realizes that communication security is controlled, is characterized in that, comprises client, Service Process Server and controller, and described client connects described Service Process Server, and described Service Process Server connects described controller,
Described Service Process Server is used for receiving the dissimilar instruction request that described client sends, and obtains the number of the dissimilar instruction request that receives in the first Preset Time section,
Described Service Process Server is used for determining according to the first control table of the number of described dissimilar instruction request and storage acceptance and the danger classes of command adapted thereto,
Described Service Process Server, be used for obtaining the number of dissimilar instruction request in the second Preset Time section, and determine that according to described the first control table command adapted thereto is in the number of times of default danger classes, and notify described controller with the number of times that described command adapted thereto is in default danger classes
Described controller is adjusted the importance rate of described command adapted thereto and notifies described Service Process Server for the number of times that is in default danger classes according to the described command adapted thereto that receives and the second control table of storage,
Described Service Process Server, the importance rate of the command adapted thereto after the adjustment that is used for sending according to described controller is completed the renewal of described the first control table.
6. system according to claim 5, is characterized in that, the corresponding relation of instruction request number, danger classes and instruction accepting degree in described the first control table storage instruction type, instruction importance rate, the first Preset Time section.
7. system according to claim 5, is characterized in that, described controller is regularly adjusted the importance rate of command adapted thereto according to described the second control table.
8. system according to claim 5, is characterized in that, described the second Preset Time section is greater than described the first Preset Time section.
CN2012104679421A 2012-11-19 2012-11-19 Method and system achieving communication safety control Pending CN103117997A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2012104679421A CN103117997A (en) 2012-11-19 2012-11-19 Method and system achieving communication safety control

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2012104679421A CN103117997A (en) 2012-11-19 2012-11-19 Method and system achieving communication safety control

Publications (1)

Publication Number Publication Date
CN103117997A true CN103117997A (en) 2013-05-22

Family

ID=48416271

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2012104679421A Pending CN103117997A (en) 2012-11-19 2012-11-19 Method and system achieving communication safety control

Country Status (1)

Country Link
CN (1) CN103117997A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102624677A (en) * 2011-01-27 2012-08-01 阿里巴巴集团控股有限公司 Method and server for monitoring network user behavior
CN102769549A (en) * 2011-05-05 2012-11-07 腾讯科技(深圳)有限公司 Network security monitoring method and device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102624677A (en) * 2011-01-27 2012-08-01 阿里巴巴集团控股有限公司 Method and server for monitoring network user behavior
CN102769549A (en) * 2011-05-05 2012-11-07 腾讯科技(深圳)有限公司 Network security monitoring method and device

Similar Documents

Publication Publication Date Title
CN107948284B (en) Service offline method, device and system based on micro-service architecture
CN102982141B (en) A kind of method and device realizing distributed data base agency
CN105825122B (en) A kind of weak passwurd is verified and crack method and device
US9565145B2 (en) Information sharing management on an instant messaging platform
US20170187793A1 (en) Distributing Application Traffic to Servers Based on Dynamic Service Response Time
CN104579627B (en) A kind of data ciphering method and system
CN103164202B (en) A kind of gray scale dissemination method and device
CN111736853A (en) Gray scale distribution method, device, equipment and storage medium
CN109672711B (en) Reverse proxy server Nginx-based http request processing method and system
US10212194B2 (en) Server controlled throttling of client to server requests
US9451388B1 (en) Framework and method for processing commands for controlling electronic devices
CN104283643A (en) Message speed limiting method and device
CN102594727A (en) Distributed instant communication system and communication method thereof
CN105005500A (en) Remote procedure calling method, server side and client
CN109388655A (en) A kind of method and apparatus of dynamic control of data access
CN108011870B (en) A kind of remote software online upgrading information automatic identification management method
WO2011041080A4 (en) Method for using recording rules and previous value selection rules for presence information in a communications system
CN103117994A (en) Processing method and system of communication safety
CN103117995A (en) Method and system achieving communication safety
CN105391758B (en) The method and apparatus of resource allocation in a kind of local area network
CN103117996A (en) Implementation method and system of communication safety
CN103117997A (en) Method and system achieving communication safety control
EP3010200B1 (en) Method for controlling service data flow and network device
CN102685227A (en) Message scheduling method and message scheduling system for cloud conference
KR101696520B1 (en) Secure access system and operating method thereof

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
AD01 Patent right deemed abandoned

Effective date of abandoning: 20160608

C20 Patent right or utility model deemed to be abandoned or is abandoned