CN103117997A - Method and system achieving communication safety control - Google Patents
Method and system achieving communication safety control Download PDFInfo
- Publication number
- CN103117997A CN103117997A CN2012104679421A CN201210467942A CN103117997A CN 103117997 A CN103117997 A CN 103117997A CN 2012104679421 A CN2012104679421 A CN 2012104679421A CN 201210467942 A CN201210467942 A CN 201210467942A CN 103117997 A CN103117997 A CN 103117997A
- Authority
- CN
- China
- Prior art keywords
- control table
- service process
- instruction
- process server
- command adapted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention provides a method and a system achieving communication safety control. The method includes the following steps;a business processing server receives different types of instruction requests sent by a client and obtains number of the instruction requests received in a first preset interval; the business processing server determines the receiving degree and the danger grade of corresponding instructions according to the number of the received different types of instruction requests and a stored first control table; the business processing server obtains the umber of different types of instruction requests in a second preset interval, determines the number of corresponding instructions in the preset danger stage according to the first control table, and enables the number of the corresponding instructions in the preset danger stage to be noticed to the controller; and the controller regulates the importance grate of corresponding instructions according to the number of the received corresponding instructions in the preset danger grate and a stored second control table, and update of the first control table is completed through the business processing server.
Description
Technical field
The invention belongs to network communication field, relate in particular to a kind of method and system that realize that communication security is controlled.
Background technology
At present, the hacker carries out malicious attack by sending a large amount of legitimate request to server, so, easily causes server resource to exhaust, and can not make response to normal service request.
Summary of the invention
The invention provides a kind of method and system that realize that communication security is controlled, to address the above problem.
The invention provides a kind of method that realizes that communication security is controlled.Said method comprises the following steps: Service Process Server receives the dissimilar instruction request that client sends, and obtains the number of the dissimilar instruction request that receives in the first Preset Time section; Service Process Server is determined acceptance and the danger classes of command adapted thereto according to the first control table of the number of dissimilar instruction request and storage; Service Process Server obtains the number of dissimilar instruction request in the second Preset Time section, and determine that according to the first control table command adapted thereto is in the number of times of default danger classes, and command adapted thereto is in the number of times notification controller of default danger classes; Importance rate and the informing business processing server of command adapted thereto adjusted in the second control table that controller is in the number of times of default danger classes and storage according to the command adapted thereto that receives, and completed the renewal of the first control table by Service Process Server.
The present invention also provides a kind of system that realizes that communication security is controlled, and comprises client, Service Process Server and controller.Client connects Service Process Server, and Service Process Server connects controller.Service Process Server is used for receiving the dissimilar instruction request that client sends, and obtains the number of the dissimilar instruction request that receives in the first Preset Time section.Service Process Server is used for determining according to the first control table of the number of dissimilar instruction request and storage acceptance and the danger classes of command adapted thereto.Service Process Server, be used for obtaining the number of dissimilar instruction request in the second Preset Time section, and determine that according to the first control table command adapted thereto is in the number of times of default danger classes, and command adapted thereto is in the number of times notification controller of default danger classes.Controller is used for adjusting according to the second control table that the command adapted thereto that receives is in the number of times of default danger classes and storage the importance rate of command adapted thereto.Service Process Server, the importance rate of the command adapted thereto after the adjustment that is used for sending according to controller is completed the renewal of the first control table.
Compared to prior art, according to the method and system that realize that communication security is controlled provided by the invention, Service Process Server obtains the number of dissimilar instruction request in the second Preset Time section, and determine that according to the first control table command adapted thereto is in the number of times of default danger classes, and command adapted thereto is in the number of times notification controller of default danger classes.And the importance rate of command adapted thereto is adjusted in the second control table that controller is in the number of times of default danger classes and storage according to the command adapted thereto that receives.So, by adjusting the importance rate of command adapted thereto, realize the reasonable distribution of system resource.And, by the setting of danger classes, realize monitoring and the processing of assault.
Description of drawings
Accompanying drawing described herein is used to provide a further understanding of the present invention, consists of the application's a part, and illustrative examples of the present invention and explanation thereof are used for explaining the present invention, do not consist of improper restriction of the present invention.In the accompanying drawings:
Figure 1 shows that the flow chart of realizing the method that communication security is controlled that preferred embodiment according to the present invention provides;
Figure 2 shows that the schematic diagram of realizing the system that communication security is controlled that preferred embodiment according to the present invention provides.
Embodiment
Hereinafter also describe in conjunction with the embodiments the present invention in detail with reference to accompanying drawing.Need to prove, in the situation that do not conflict, embodiment and the feature in embodiment in the application can make up mutually.
Figure 1 shows that the flow chart of realizing the method that communication security is controlled that preferred embodiment according to the present invention provides.As shown in Figure 1, the method that communication security is controlled that realizes that preferred embodiment of the present invention provides comprises step 101~104.
In step 101, Service Process Server receives the dissimilar instruction request that client sends, and obtains the number of the dissimilar instruction request that receives in the first Preset Time section.In this, the type of instruction is such as comprising login instruction, logout instruction, Text instruction and Group instruction etc.Yet the present invention does not limit this.
In step 102, described Service Process Server is determined acceptance and the danger classes of command adapted thereto according to the first control table of the number of described dissimilar instruction request and storage.
In the present embodiment, Service Process Server storage the first control table, the corresponding relation of instruction request number, danger classes and instruction accepting degree in the first control table storage instruction type, instruction importance rate, the first Preset Time section.In this, take login instruction, logout instruction, Text instruction and Group instruction as example, the first control table example is as shown in table 1.
Table 1
In this, as shown in table 1, the instruction importance rate is from high to low successively: Group instruction (fourth estate), Text instruction (tertiary gradient), logout instruction (the second grade), login instruction (the first estate).In addition, danger classes order from low to high is: the first estate, the second grade, the tertiary gradient.Yet the present invention is not limited thereto.In practical application, can set as required.In addition, definite mode of instruction accepting degree is as follows: determines median according to two endpoint values of instruction request number range in each first Preset Time section, adds that on the basis of median added value obtains corresponding instruction accepting degree, and, along with danger classes raises, added value reduces gradually.Take the login instruction as example, in the first Preset Time section, the scope of instruction request number is greater than 10,000 and is not more than at 30,000 o'clock, corresponding median is 20,000, and added value is 0.5 ten thousand, therefore, the instruction accepting degree is 2.5 ten thousand, when scope for greater than 30,000 and when being not more than 50,000, corresponding median 40,000, added value is 0.4 ten thousand, therefore, the instruction accepting degree is 4.4 ten thousand.
Particularly, after Service Process Server obtains the number of the dissimilar instruction request that receives in the first Preset Time section, determine acceptance and the danger classes of dissimilar instruction according to table 1.For example, it is as follows that Service Process Server obtains the dissimilar instruction request number that receives in the first Preset Time section (for example, 20 minutes): the login number of instructions is that 0.8 ten thousand, logout number of instructions is 4.5 ten thousand, the Text number of instructions is that 4.7 ten thousand, Group number of instructions is 70,000.Wherein, if the number of command adapted thereto is not contained in table 1 in corresponding scope, represent that this instruction is not in the hole, this instruction of Service Process Server normal process.In this, with reference to table 1 as can be known, the login number of instructions does not belong in table 1 in corresponding number range, and therefore, the login instruction is not in the hole.The number of logout instruction is corresponding to greater than 40,000 and be not more than 60,000 scope, and therefore, danger classes is the second grade, and the instruction accepting degree is for being no more than 5.4 ten thousand, and so, Service Process Server still can be processed 4.5 ten thousand logout instructions.The number of Text instruction is corresponding to greater than 30,000 and be not more than 50,000 scope, and therefore, danger classes is the first estate, and the instruction accepting degree is for being no more than 4.5 ten thousand, so, Service Process Server is processed at most 4.5 ten thousand Text instruction, abandons 0.2 ten thousand unnecessary instructions.The number of Group instruction is corresponding to greater than 60,000 and be not more than 80,000 scope, and therefore, danger classes is the second grade, and the instruction accepting degree is for being no more than 7.4 ten thousand, and so, Service Process Server still can be processed 70,000 Group instructions.
In step 103, described Service Process Server obtains the number of dissimilar instruction request in the second Preset Time section, and determine that according to described the first control table command adapted thereto is in the number of times of default danger classes, and described command adapted thereto is in the number of times notification controller of default danger classes.
In step 104, described controller is in the number of times of default danger classes according to the described command adapted thereto that receives and the second control table of storage is adjusted the importance rate of described command adapted thereto and notifies described Service Process Server, is completed the renewal of described the first control table by described Service Process Server.
In the present embodiment, controller is regularly adjusted the importance rate of command adapted thereto according to the second control table.In this, the second control table example of controller storage is as shown in table 2.Yet the present invention is not limited thereto.In practical application, accommodation the second control table as required.
In the second Preset Time section, command adapted thereto is in the number of times of the tertiary gradient (danger classes) | The instruction importance rate is adjusted strategy |
Number of times is 0 | The instruction importance rate reduces one-level |
Greater than 0 time and be not more than 3 times | Instruction importance rate rising one-level |
Greater than 3 times and be not more than 6 times | Instruction importance rate rising two-stage |
Greater than 6 times | The instruction importance rate raises three grades |
Table 2
Particularly, the second Preset Time section is greater than the first Preset Time section.For example, the first Preset Time section is 20 minutes, the second Preset Time section is 3 hours, namely comprises 9 the first Preset Time sections in the second Preset Time section, and Service Process Server number take the first Preset Time section as the dissimilar instruction request of interval stats in the second Preset Time section.Take the login instruction as example, if in the second Preset Time section (for example, 3 hours) in, Service Process Server with the first Preset Time section (for example, 20 minutes) be the number of interval stats login instruction request, and determine the danger classes of login instruction in each first Preset Time section according to table 1.When reaching the second Preset Time section, the login instruction that Service Process Server obtains statistics is in the number of times notification controller of the tertiary gradient (danger classes).When if controller receives number of times that the login instruction is in the tertiary gradient (danger classes) and is 4 times from Service Process Server, controller is determined the instruction importance rate needs rising two-stage of login instruction according to table 2, that is, the instruction importance rate of login instruction is increased to the tertiary gradient.At this moment, the instruction importance rate of login instruction in controller informing business processing server updating form 1, the notice of the importance rate of login instruction after the adjustment that Service Process Server sends according to controller, the instruction importance rate of login instruction is updated to the tertiary gradient, and the Data Update that login instruction in table 1 is corresponding is instruction request number, danger classes and instruction accepting degree in the first Preset Time section corresponding to the tertiary gradient (instruction importance rate) simultaneously.
Figure 2 shows that the schematic diagram of realizing the system that communication security is controlled that preferred embodiment according to the present invention provides.As shown in Figure 2, the system that communication security is controlled that realizes that preferred embodiment of the present invention provides comprises client 10, Service Process Server 12 and controller 14.Client 10 connects Service Process Server 12, and Service Process Server 12 connects controller 14.
In the present embodiment, Service Process Server 12 is used for receiving the dissimilar instruction request that client 10 sends, and obtains the number of the dissimilar instruction request that receives in the first Preset Time section.Service Process Server 12 is used for determining according to the first control table of the number of dissimilar instruction request and storage acceptance and the danger classes of command adapted thereto.Service Process Server 12, be used for obtaining the number of dissimilar instruction request in the second Preset Time section, and determine that according to the first control table command adapted thereto is in the number of times of default danger classes, and command adapted thereto is in the number of times notification controller 14 of default danger classes.Controller 14 is used for adjusting according to the second control table that the command adapted thereto that receives is in the number of times of default danger classes and storage importance rate and the informing business processing server 12 of command adapted thereto.Service Process Server 12, the importance rate of the command adapted thereto after the adjustment that is used for sending according to controller 14 is completed the renewal of the first control table.Concrete operations about described system are described with above-mentioned method, therefore repeat no more in this.
In sum, the method and system that realize communication security control that preferred embodiment provides according to the present invention, Service Process Server obtains the number of dissimilar instruction request in the second Preset Time section, and determine that according to the first control table command adapted thereto is in the number of times of default danger classes, and command adapted thereto is in the number of times notification controller of default danger classes.And the importance rate of command adapted thereto is adjusted in the second control table that controller is in the number of times of default danger classes and storage according to the command adapted thereto that receives.So, by adjusting the importance rate of command adapted thereto, realize the reasonable distribution of system resource.And, by the setting of danger classes, realize monitoring and the processing of assault.
The above is only the preferred embodiments of the present invention, is not limited to the present invention, and for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any modification of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (8)
1. a method that realizes that communication security is controlled, is characterized in that, comprises the following steps:
Service Process Server receives the dissimilar instruction request that client sends, and obtains the number of the dissimilar instruction request that receives in the first Preset Time section;
Described Service Process Server is determined acceptance and the danger classes of command adapted thereto according to the first control table of the number of described dissimilar instruction request and storage;
Described Service Process Server obtains the number of dissimilar instruction request in the second Preset Time section, and determine that according to described the first control table command adapted thereto is in the number of times of default danger classes, and described command adapted thereto is in the number of times notification controller of default danger classes;
Described controller is in the number of times of default danger classes according to the described command adapted thereto that receives and the second control table of storage is adjusted the importance rate of described command adapted thereto and notifies described Service Process Server, is completed the renewal of described the first control table by described Service Process Server.
2. method according to claim 1, is characterized in that, the corresponding relation of instruction request number, danger classes and instruction accepting degree in described the first control table storage instruction type, instruction importance rate, the first Preset Time section.
3. method according to claim 1, is characterized in that, described controller is regularly adjusted the importance rate of command adapted thereto according to described the second control table.
4. method according to claim 1, is characterized in that, described the second Preset Time section is greater than described the first Preset Time section.
5. a system that realizes that communication security is controlled, is characterized in that, comprises client, Service Process Server and controller, and described client connects described Service Process Server, and described Service Process Server connects described controller,
Described Service Process Server is used for receiving the dissimilar instruction request that described client sends, and obtains the number of the dissimilar instruction request that receives in the first Preset Time section,
Described Service Process Server is used for determining according to the first control table of the number of described dissimilar instruction request and storage acceptance and the danger classes of command adapted thereto,
Described Service Process Server, be used for obtaining the number of dissimilar instruction request in the second Preset Time section, and determine that according to described the first control table command adapted thereto is in the number of times of default danger classes, and notify described controller with the number of times that described command adapted thereto is in default danger classes
Described controller is adjusted the importance rate of described command adapted thereto and notifies described Service Process Server for the number of times that is in default danger classes according to the described command adapted thereto that receives and the second control table of storage,
Described Service Process Server, the importance rate of the command adapted thereto after the adjustment that is used for sending according to described controller is completed the renewal of described the first control table.
6. system according to claim 5, is characterized in that, the corresponding relation of instruction request number, danger classes and instruction accepting degree in described the first control table storage instruction type, instruction importance rate, the first Preset Time section.
7. system according to claim 5, is characterized in that, described controller is regularly adjusted the importance rate of command adapted thereto according to described the second control table.
8. system according to claim 5, is characterized in that, described the second Preset Time section is greater than described the first Preset Time section.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2012104679421A CN103117997A (en) | 2012-11-19 | 2012-11-19 | Method and system achieving communication safety control |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2012104679421A CN103117997A (en) | 2012-11-19 | 2012-11-19 | Method and system achieving communication safety control |
Publications (1)
Publication Number | Publication Date |
---|---|
CN103117997A true CN103117997A (en) | 2013-05-22 |
Family
ID=48416271
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2012104679421A Pending CN103117997A (en) | 2012-11-19 | 2012-11-19 | Method and system achieving communication safety control |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103117997A (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102624677A (en) * | 2011-01-27 | 2012-08-01 | 阿里巴巴集团控股有限公司 | Method and server for monitoring network user behavior |
CN102769549A (en) * | 2011-05-05 | 2012-11-07 | 腾讯科技(深圳)有限公司 | Network security monitoring method and device |
-
2012
- 2012-11-19 CN CN2012104679421A patent/CN103117997A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102624677A (en) * | 2011-01-27 | 2012-08-01 | 阿里巴巴集团控股有限公司 | Method and server for monitoring network user behavior |
CN102769549A (en) * | 2011-05-05 | 2012-11-07 | 腾讯科技(深圳)有限公司 | Network security monitoring method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107948284B (en) | Service offline method, device and system based on micro-service architecture | |
CN102982141B (en) | A kind of method and device realizing distributed data base agency | |
CN105825122B (en) | A kind of weak passwurd is verified and crack method and device | |
US9565145B2 (en) | Information sharing management on an instant messaging platform | |
US20170187793A1 (en) | Distributing Application Traffic to Servers Based on Dynamic Service Response Time | |
CN104579627B (en) | A kind of data ciphering method and system | |
CN103164202B (en) | A kind of gray scale dissemination method and device | |
CN111736853A (en) | Gray scale distribution method, device, equipment and storage medium | |
CN109672711B (en) | Reverse proxy server Nginx-based http request processing method and system | |
US10212194B2 (en) | Server controlled throttling of client to server requests | |
US9451388B1 (en) | Framework and method for processing commands for controlling electronic devices | |
CN104283643A (en) | Message speed limiting method and device | |
CN102594727A (en) | Distributed instant communication system and communication method thereof | |
CN105005500A (en) | Remote procedure calling method, server side and client | |
CN109388655A (en) | A kind of method and apparatus of dynamic control of data access | |
CN108011870B (en) | A kind of remote software online upgrading information automatic identification management method | |
WO2011041080A4 (en) | Method for using recording rules and previous value selection rules for presence information in a communications system | |
CN103117994A (en) | Processing method and system of communication safety | |
CN103117995A (en) | Method and system achieving communication safety | |
CN105391758B (en) | The method and apparatus of resource allocation in a kind of local area network | |
CN103117996A (en) | Implementation method and system of communication safety | |
CN103117997A (en) | Method and system achieving communication safety control | |
EP3010200B1 (en) | Method for controlling service data flow and network device | |
CN102685227A (en) | Message scheduling method and message scheduling system for cloud conference | |
KR101696520B1 (en) | Secure access system and operating method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
AD01 | Patent right deemed abandoned |
Effective date of abandoning: 20160608 |
|
C20 | Patent right or utility model deemed to be abandoned or is abandoned |