CN112702321B - Distributed transaction current limiting method, device, equipment and storage medium - Google Patents
Distributed transaction current limiting method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN112702321B CN112702321B CN202011482247.3A CN202011482247A CN112702321B CN 112702321 B CN112702321 B CN 112702321B CN 202011482247 A CN202011482247 A CN 202011482247A CN 112702321 B CN112702321 B CN 112702321B
- Authority
- CN
- China
- Prior art keywords
- transaction
- current limiting
- preset
- behavior
- flow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention belongs to the technical field of computer security, and discloses a distributed transaction current limiting method, a distributed transaction current limiting device, distributed transaction current limiting equipment and a storage medium. The method comprises the steps of obtaining transaction behavior statistical parameters of a user according to a transaction request data packet; judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not, and generating a defense request and sending the defense request to a defense request server when the transaction behavior statistical parameters do not accord with the preset transaction behavior parameters so that the defense request server can determine a current limiting node through the defense request and a preset current limiting decision; and receiving a current limiting node fed back by the defense request server, and controlling the transaction flow of the user according to the current limiting node. In the invention, the transaction flow of the user on the financial platform is controlled by adopting a flow rate limiting technology, the limited network resources of the financial platform are ensured not to be consumed by the attack flow, the flow is controlled within the bearing capacity range of the limited resources, and the distributed transaction flow limiting method can effectively resist DDoS attack.
Description
Technical Field
The invention relates to the technical field of computer security, in particular to a distributed transaction current limiting method, a distributed transaction current limiting device, distributed transaction current limiting equipment and a storage medium.
Background
With the rapid development of modern financial platforms, the requirements of users on the network service capability of the financial platforms are increasingly increased. Due to the limitation of network bandwidth, network facilities and other factors, the efficiency of financial platform network service can be improved through a distributed network at present, a typical distributed network can realize that a user can visit the content of a financial platform nearby, and the transaction efficiency of the financial platform is greatly improved.
However, a Denial of Service (DoS) attack is an attack form that makes a legitimate user unable to obtain a normal Service response, and an attacker generally uses a large amount of illegal attack packets to occupy too many Service resources, so that the Distributed Denial of Service (DDoS) attack is more powerful, and the attacker uses a large amount of puppet hosts to complete a larger-scale Denial of Service attack. Because the existing attack tools are flooded on the network, the attack is easier to launch, and the network worm virus which is heavily abused in recent years also plays a role in promoting the development of DDoS attack.
The above is only for the purpose of assisting understanding of the technical aspects of the present invention, and does not represent an admission that the above is prior art.
Disclosure of Invention
The invention mainly aims to provide a distributed transaction current limiting method, a distributed transaction current limiting device, distributed transaction current limiting equipment and a storage medium, and aims to solve the technical problem that a financial platform transaction network has great transaction risk due to existing distributed denial of service attacks.
In order to achieve the above object, the present invention provides a distributed transaction current limiting method, which comprises the following steps:
when a transaction request data packet of a user is received, acquiring transaction behavior statistical parameters of the user according to the transaction request data packet;
judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not;
when the transaction behavior statistical parameters do not accord with the preset transaction behavior parameters, generating a defense request and sending the defense request to a defense request server so that the defense request server determines a current limiting node through the defense request and a preset current limiting decision;
and receiving the current limiting node fed back by the defense request server, and controlling the transaction flow of the user according to the current limiting node.
Optionally, the step of determining whether the transaction behavior statistical parameter meets a preset transaction behavior parameter includes:
acquiring a predicted normal behavior flow value according to the preset transaction behavior parameters, and acquiring a current transaction behavior flow value according to the transaction behavior statistical parameters;
comparing the predicted normal behavior flow value with the current transaction behavior flow value to obtain a transaction flow innovation sequence;
and analyzing the transaction flow innovation sequence, and judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not according to the analysis result.
Optionally, the step of analyzing the transaction flow information sequence and judging whether the transaction behavior statistical parameter meets a preset transaction behavior parameter according to the analysis result includes:
determining corresponding statistical characteristics according to the transaction flow innovation sequence;
analyzing the statistical characteristics based on a preset multivariate sequential analysis algorithm to obtain sample statistics;
performing correlation analysis on the sample statistics according to a preset correlation test algorithm to obtain a correlation analysis result;
and judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not according to the correlation analysis result.
Optionally, the step of obtaining the transaction behavior statistical parameter of the user according to the transaction request data packet includes:
acquiring a data packet header and time sequence information according to the transaction request data packet;
acquiring the header of the data packet and the characteristic information of the time sequence information, and generating a current transaction behavior flow value according to the characteristic information;
and generating a transaction behavior statistical parameter of the user according to the current transaction behavior flow value.
Optionally, before the step of determining whether the transaction behavior statistical parameter meets a preset transaction behavior parameter, the method further includes:
constructing a normal transaction flow model;
acquiring a predicted normal behavior flow value through the transaction normal flow model based on a preset time sequence analysis algorithm;
and generating a preset transaction behavior parameter according to the predicted normal behavior flow value.
Optionally, the step of generating a defense request and sending the defense request to a defense request server so that the defense request server determines a current limiting node through the defense request and a preset current limiting decision includes:
generating a defense request and sending the defense request to a defense request server so that the defense request server constructs a flow tree through the defense request and a preset attack source tracking strategy, determining a target attack sub-tree according to the flow tree, and determining a current limiting node through the target attack sub-tree according to a preset current limiting decision.
Optionally, the step of controlling the user transaction flow according to the flow limiting node, where the flow limiting node receives the feedback of the defense request server, includes:
receiving a current limiting node fed back by the defense request server, and determining leaf node information corresponding to the current limiting node;
determining a current limit corresponding to a current limit node according to the leaf node information, and determining a preset packet loss probability according to the preset current limit decision;
and controlling the transaction flow of the user according to the current limit and the preset packet loss probability.
In addition, to achieve the above object, the present invention further provides a distributed transaction current limiting device, including:
the acquisition module is used for acquiring transaction behavior statistical parameters of a user according to a transaction request data packet when the transaction request data packet of the user is received;
the judging module is used for judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not;
the decision module is used for generating a defense request and sending the defense request to a defense request server when the transaction behavior statistical parameter does not accord with the preset transaction behavior parameter, so that the defense request server determines a current limiting node through the defense request and a preset current limiting decision;
and the control module is used for receiving the current limiting node fed back by the defense request server and controlling the transaction flow of the user according to the current limiting node.
In addition, to achieve the above object, the present invention further provides a distributed transaction current limiting device, which is characterized in that the distributed transaction current limiting device includes: a memory, a processor, and a distributed transaction current limiting program stored on the memory and executable on the processor, the distributed transaction current limiting program configured to implement the steps of the distributed transaction current limiting method as described above.
In addition, to achieve the above object, the present invention further provides a storage medium, wherein the storage medium stores a distributed transaction current limiting program, and the distributed transaction current limiting program, when executed by a processor, implements the steps of the distributed transaction current limiting method as described above.
When a transaction request data packet of a user is received, acquiring transaction behavior statistical parameters of the user according to the transaction request data packet; judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not; when the transaction behavior statistical parameters do not accord with the preset transaction behavior parameters, generating a defense request and sending the defense request to a defense request server so that the defense request server determines a current limiting node through the defense request and a preset current limiting decision; and receiving the current limiting node fed back by the defense request server, and controlling the transaction flow of the user according to the current limiting node. In the invention, the transaction flow of a user on a financial platform is controlled by adopting a flow rate limiting technology, the limited network resources of the financial platform are ensured not to be consumed by attack flows, and the flow is controlled within the bearing capacity range of the limited resources.
Drawings
Fig. 1 is a schematic structural diagram of a distributed transaction current limiting device of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flow chart illustrating a first embodiment of a distributed transaction throttling method according to the present invention;
FIG. 3 is a flow chart illustrating a distributed transaction throttling method according to a second embodiment of the present invention;
FIG. 4 is a flowchart illustrating a distributed transaction throttling method according to a third embodiment of the present invention;
fig. 5 is a block diagram illustrating a first embodiment of a distributed transaction current limiting apparatus according to the present invention.
The implementation, functional features and advantages of the present invention will be further described with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a distributed transaction current limiting device in a hardware operating environment according to an embodiment of the present invention.
As shown in fig. 1, the distributed transaction current limiting device may include: a processor 1001, such as a Central Processing Unit (CPU), a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a WIreless interface (e.g., a WIreless-FIdelity (WI-FI) interface). The Memory 1005 may be a Random Access Memory (RAM) Memory, or may be a Non-Volatile Memory (NVM), such as a disk Memory. The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the configuration shown in fig. 1 does not constitute a limitation of the distributed transaction current limiting device and may include more or fewer components than shown, or some components in combination, or a different arrangement of components.
As shown in fig. 1, the memory 1005, which is a storage medium, may include therein an operating system, a network communication module, a user interface module, and a distributed transaction throttling program.
In the distributed transaction throttling device shown in fig. 1, the network interface 1004 is mainly used for data communication with a network server; the user interface 1003 is mainly used for data interaction with a user; the processor 1001 and the memory 1005 in the distributed transaction current limiting device of the present invention may be disposed in the distributed transaction current limiting device, and the distributed transaction current limiting device invokes the distributed transaction current limiting program stored in the memory 1005 through the processor 1001 and executes the distributed transaction current limiting method provided by the embodiment of the present invention.
An embodiment of the present invention provides a distributed transaction current limiting method, and referring to fig. 2, fig. 2 is a schematic flow diagram of a first embodiment of a distributed transaction current limiting method according to the present invention.
In this embodiment, the distributed transaction current limiting method includes the following steps:
step S10: and when a transaction request data packet of a user is received, acquiring transaction behavior statistical parameters of the user according to the transaction request data packet.
It should be noted that the execution main body of this embodiment is the distributed transaction current limiting device, and the distributed transaction current limiting device may be an electronic device such as a personal computer or a server, which is not limited in this embodiment. When a transaction request data packet of a user is received, the transaction behavior statistical parameters of the user are obtained according to the transaction request data packet, and the method can be implemented in various ways, and two ways are described below as an example, and certainly, the method can also be implemented by combining at least two ways. In addition, the manner of obtaining the transaction behavior statistical parameter of the user according to the transaction request data packet may also be other manners according to actual needs, which is not limited in this embodiment. The transaction request of the user may be operations such as registration, transaction, transfer, and transfer of financial assets performed by the user on the financial platform, and this embodiment does not limit a specific transaction operation.
Specifically, one of the ways to obtain the transaction behavior statistical parameter of the user according to the transaction request data packet is as follows: acquiring a data packet header and time sequence information according to the transaction request data packet; acquiring the header of the data packet and the characteristic information of the time sequence information, and generating a current transaction behavior flow value according to the characteristic information; and generating a transaction behavior statistical parameter of the user according to the current transaction behavior flow value. The method comprises the steps of obtaining a transaction request data packet of a current system network, carrying out characteristic data acquisition on behavior characteristics of the transaction request data packet, obtaining a data packet header and time sequence information, mainly focusing on the time variation trend of specific parameters in the transaction request data packet, and extracting the time sequence of the specific parameters to obtain the time sequence information. Further, detection analysis may be performed using time-series characteristic changes of a plurality of parameters, and a wider range of flow rate abnormalities can be detected.
Specifically, another way of obtaining the transaction behavior statistical parameter of the user according to the transaction request data packet is as follows: acquiring a transaction request data packet of a current system network, performing characteristic data acquisition on behavior characteristics of the transaction request data packet, extracting network behavior statistical parameters by analyzing the acquired characteristic data, and taking the network behavior statistical parameters as transaction behavior statistical parameters of a user.
Step S20: and judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters.
It should be understood that, before performing distributed transaction throttling on a transaction request of a user, a preset transaction behavior parameter needs to be set, and the manner of setting the preset transaction behavior parameter may be implemented in various manners, which is described below by taking one manner as an example, of course, the manner of setting the preset transaction behavior parameter may also be other manners according to actual needs, which is not limited in this embodiment. Specifically, one of the ways to obtain the transaction behavior statistical parameter of the user according to the transaction request data packet is as follows: constructing a normal transaction flow model; acquiring a predicted normal behavior flow value through the transaction normal flow model based on a preset time sequence analysis algorithm; and generating a preset transaction behavior parameter according to the predicted normal behavior flow value.
It is easy to understand that the typical distributed network can realize that the user can visit the financial platform content nearby, and greatly improves the financial platform transaction efficiency. However, the distributed network is widely distributed on a plurality of links in the financial platform communication network, which causes attack influence on the financial platform communication network at the same time, the network is abnormally distributed on a plurality of links in the financial platform communication network, and a single branch link has small abnormal flow and is not easy to be noticed, but the plurality of links are summarized, so that the total abnormal flow is large, which can cause great influence on the operation of the financial platform communication network. In this embodiment, a predicted normal behavior flow value is obtained by using a preset time sequence analysis algorithm in combination with characteristic information of a distributed network traffic anomaly in a financial platform communication network, and the predicted normal behavior flow value is compared with a current transaction behavior flow value to generate a transaction traffic innovation sequence of network traffic.
Specifically, a predicted normal behavior flow value is obtained according to the preset transaction behavior parameters, and a current transaction behavior flow value is obtained according to the transaction behavior statistical parameters; comparing the predicted normal behavior flow value with the current transaction behavior flow value to obtain a transaction flow innovation sequence; and analyzing the transaction flow innovation sequence, and judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not according to the analysis result. The characteristics of transaction flow information sequences of a plurality of links can be analyzed through a sequential analysis method to judge whether the transaction behavior statistical parameters meet preset transaction behavior parameters, namely whether abnormal behavior of distributed network flow occurs or not is analyzed, and then the transaction flow of a user is controlled.
Step S30: and when the transaction behavior statistical parameters do not accord with the preset transaction behavior parameters, generating a defense request and sending the defense request to a defense request server so that the defense request server determines a current limiting node through the defense request and a preset current limiting decision.
It should be noted that when the statistical transaction behavior parameters are judged to be not in accordance with the preset transaction behavior parameters, the distributed abnormal network traffic behavior is analyzed, the current limiting node needs to be determined, and then the user transaction traffic is controlled according to the current limiting node. Specifically, a defense request is generated and sent to a defense request server, so that the defense request server constructs a flow tree through the defense request and a preset attack source tracking strategy, a target attack sub-tree is determined according to the flow tree, and a current limiting node is determined through the target attack sub-tree according to a preset current limiting decision. The defense request server DSP selects an attack source tracking (IP trace back) technology according to specific conditions, can reconstruct a flow tree taking network flow abnormal behaviors as a root, can separate attack subtrees from the flow tree, can obtain the most appropriate current limiting position, namely a current limiting node, according to an attack source tracking result, wherein the current limiting node is a leaf node of the flow tree, and can know which current limiters the attack flow passes through according to the attack source tracking result, so that the current limiting node can be selected in a targeted manner to limit the current, and the current limiting effect is improved.
Step S40: and receiving the current limiting node fed back by the defense request server, and controlling the transaction flow of the user according to the current limiting node.
It should be understood that the current limiting node fed back by the defense request server is received, and the leaf node information corresponding to the current limiting node is determined; determining a current limit corresponding to a current limit node according to the leaf node information, and determining a preset packet loss probability according to the preset current limit decision; and controlling the transaction flow of the user according to the current limit and the preset packet loss probability. The leaf node information is basic information of each leaf node, the basic information may include, for example, a node IP address, a node state (whether current limiting is being performed, a current limiting limit, a current limiting time limit, whether an attack flow passes through), traffic information collected from the node, and the like, the leaf node information is an important basis for controlling a user transaction traffic, and the leaf node information may also store a current limiting result obtained by a preset current limiting decision.
In the embodiment, when a transaction request data packet of a user is received, transaction behavior statistical parameters of the user are obtained according to the transaction request data packet; judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not; when the transaction behavior statistical parameters do not accord with the preset transaction behavior parameters, generating a defense request and sending the defense request to a defense request server so that the defense request server determines a current limiting node through the defense request and a preset current limiting decision; and receiving the current limiting node fed back by the defense request server, and controlling the transaction flow of the user according to the current limiting node. In the embodiment, the transaction flow of the user on the financial platform is controlled by adopting a flow rate limiting technology, the limited network resources of the financial platform are guaranteed not to be consumed by the attack flow, the flow is controlled within the bearing capacity range of the limited resources, the DDoS attack can be effectively resisted by the distributed transaction flow limiting method, and the technical problem that the transaction network of the financial platform has great transaction risk due to the existing distributed denial of service attack is solved.
Referring to fig. 3, fig. 3 is a flowchart illustrating a distributed transaction current limiting method according to a second embodiment of the present invention. Based on the first embodiment, in step S20, the distributed transaction current limiting method in this embodiment specifically includes:
step S201: and acquiring a predicted normal behavior flow value according to the preset transaction behavior parameters, and acquiring a current transaction behavior flow value according to the transaction behavior statistical parameters.
It should be noted that, before performing distributed transaction current limiting on a transaction request of a user, a preset transaction behavior parameter needs to be set, and the manner of setting the preset transaction behavior parameter may be: constructing a normal transaction flow model; acquiring a predicted normal behavior flow value through the transaction normal flow model based on a preset time sequence analysis algorithm; and generating a preset transaction behavior parameter according to the predicted normal behavior flow value. And acquiring a predicted normal behavior flow value according to the preset transaction behavior parameters.
It is easy to understand that, the data packet header and the timing information are obtained according to the transaction request data packet; acquiring the header of the data packet and the characteristic information of the time sequence information, and generating a current transaction behavior flow value according to the characteristic information; and generating a transaction behavior statistical parameter of the user according to the current transaction behavior flow value. The current transaction behavior flow value can be obtained according to the transaction behavior statistical parameters.
Step S202: and comparing the predicted normal behavior flow value with the current transaction behavior flow value to obtain a transaction flow innovation sequence.
It should be appreciated that comparing the predicted normal behavior traffic value with the current transaction behavior traffic value produces a predicted interest sequence of network traffic, which is a transaction traffic interest sequence. In this embodiment, a predicted normal behavior flow value is obtained by using a preset time sequence analysis algorithm in combination with characteristic information of a distributed network traffic anomaly in a financial platform communication network, and the predicted normal behavior flow value is compared with a current transaction behavior flow value to generate a transaction traffic innovation sequence of network traffic. The characteristics of transaction flow information sequences of a plurality of links can be analyzed through a sequential analysis method to judge whether the transaction behavior statistical parameters meet preset transaction behavior parameters, namely whether abnormal behavior of distributed network flow occurs or not is analyzed, and then the transaction flow of a user is controlled.
Step S203: and analyzing the transaction flow innovation sequence, and judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not according to the analysis result.
It should be noted that, the process of analyzing the transaction flow information sequence and judging whether the transaction behavior statistical parameter meets the preset transaction behavior parameter according to the analysis result may be: determining corresponding statistical characteristics according to the transaction flow innovation sequence; analyzing the statistical characteristics based on a preset multivariate sequential analysis algorithm to obtain sample statistics; performing correlation analysis on the sample statistics according to a preset correlation test algorithm to obtain a correlation analysis result; and judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not according to the correlation analysis result. The method comprises the steps of analyzing statistical characteristics of transaction flow information sequences corresponding to a plurality of links based on a preset sequential analysis method, and constructing a log probability likelihood ratio judgment function to obtain sample statistics. The method comprises the steps of utilizing the characteristics that the characteristics of the distributed network abnormity are similar on a plurality of links, analyzing whether the distributed network flow abnormal behavior occurs or not by carrying out correlation analysis on the mutation values of the sample statistics corresponding to the links based on a preset correlation test algorithm, and judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not.
It is easy to understand that the network abnormal behavior sequence can be constructed by presetting a multi-sequential analysis algorithm, so that specific fine components in a network can be prevented from being analyzed, and abnormal spatial features in a network link are extracted for analysis, so that the flow detection is simpler and more convenient. By respectively and sequentially analyzing the transaction flow information sequences in different links on the same node in the network, the log probability likelihood ratio statistic can be obtained, namely the sample statistic is obtained. And reflecting the characteristic information of the transaction flow innovation sequence by using the analysis variable of the mutation value of the maximum likelihood ratio in the sequential probability ratio test, and indirectly analyzing whether distributed abnormality exists in the transaction behavior statistical parameters by analyzing the correlation characteristics of the mutation values of the maximum likelihood ratio in two different links.
In the embodiment, a predicted normal behavior flow value is obtained according to the preset transaction behavior parameters, and a current transaction behavior flow value is obtained according to the transaction behavior statistical parameters; comparing the predicted normal behavior flow value with the current transaction behavior flow value to obtain a transaction flow innovation sequence; and analyzing the transaction flow innovation sequence, and judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not according to the analysis result. In the embodiment, the transaction flow of the user on the financial platform is controlled by adopting a flow rate limiting technology, the limited network resources of the financial platform are guaranteed not to be consumed by the attack flow, the flow is controlled within the bearing capacity range of the limited resources, the DDoS attack can be effectively resisted by the distributed transaction flow limiting method, and the technical problem that the transaction network of the financial platform has great transaction risk due to the existing distributed denial of service attack is solved.
Referring to fig. 4, fig. 4 is a flowchart illustrating a distributed transaction current limiting method according to a third embodiment of the present invention. Based on the first embodiment, in step S40, the distributed transaction current limiting method in this embodiment specifically includes:
step S401: and receiving the current limiting node fed back by the defense request server, and determining the leaf node information corresponding to the current limiting node.
It should be noted that, the defense request server DSP selects an attack source tracing (IP trace back) technology according to specific situations, may reconstruct a traffic tree with network traffic abnormal behavior as the root, and may separate an attack sub-tree from the traffic tree, may obtain the most appropriate current limiting position, i.e. a current limiting node, according to the attack source tracing result, the current limiting node is a leaf node of the traffic tree, and may also know which current limiters the attack flow passes through according to the attack source tracing result, so that the current limiting node may be selected in a targeted manner for current limiting, and the current limiting effect may be improved.
Specifically, a current limiting node fed back by the defense request server is received, and leaf node information corresponding to the current limiting node is determined; the leaf node information is basic information of each leaf node, the basic information may include, for example, a node IP address, a node state (whether current limiting is being performed, a current limiting limit, a current limiting time limit, whether an attack flow passes through), traffic information collected from the node, and the like, the leaf node information is an important basis for controlling a user transaction traffic, and the leaf node information may also store a current limiting result obtained by a preset current limiting decision.
Step S402: and determining a current limit corresponding to the current limit node according to the leaf node information, and determining a preset packet loss probability according to the preset current limit decision.
It should be understood that, the current limit amount corresponding to the current limit node is determined according to the leaf node information, and there may be a plurality of specific current limit methods, and in this embodiment, a random packet loss manner is adopted, and a preset packet loss probability is determined according to the preset current limit decision.
It is easy to understand that, according to the tracing result of the attack source, it can be determined which restrictors the attack flows pass through, if only the legal flows pass through the restrictors, the defense request server DSP can allocate the resources to the restrictors preferentially, after allocating the resources to the restrictors that only the legal flows pass through, the remaining resources can be allocated to those restrictors contaminated by the attack flows fairly according to the maximum and minimum criteria, wherein the contamination does not represent that only the attack flows pass through, and there is also a possibility that the legal flows are mixed, and the preset flow limiting decision can effectively protect the legal flows.
Step S403: and controlling the transaction flow of the user according to the current limit and the preset packet loss probability.
It should be noted that, in order to prevent a forged current limiting request, after receiving the current limiting request, firstly verifying the validity, and then performing a current limiting operation, a specific current limiting method may be multiple, in this embodiment, a random packet loss manner is adopted, the transaction traffic of the user is controlled according to the current Limit and the preset packet loss probability, and the preset packet loss probability P may be determined by P = (0,1-Limit/Rate), where Limit refers to the current Limit of the current limiting node, and Rate refers to the current traffic of the current limiting node fed back by the defense request server, and if Limit is greater than or equal to Rate, the packet loss probability is 0, that is, the current limiting is not necessary, the transaction traffic of the user is controlled according to the current Limit of the current limiting node itself, and the current limiting node can control the transaction traffic of the user within a certain range by the random packet loss manner.
It is easy to understand that the preset current limit decision needs to be updated periodically to adapt to the dynamic change of the environment, otherwise, a deviation is caused in the current limit, and the preset current limit decision updating process: and recalculating the current limit according to a decision algorithm, and issuing a new current limit command according to a decision result, wherein the current limit command can comprise adjusting the current limit, activating a new current limit node and the like.
In this embodiment, a current limiting node fed back by the defense request server is received, and leaf node information corresponding to the current limiting node is determined; determining a current limit corresponding to a current limit node according to the leaf node information, and determining a preset packet loss probability according to the preset current limit decision; and controlling the transaction flow of the user according to the current limit and the preset packet loss probability. In the embodiment, the transaction flow of the user on the financial platform is controlled by adopting the flow rate limiting technology, the limited network resources of the financial platform are ensured not to be consumed by the attack flow, and the flow is controlled within the bearing capacity range of the limited resources.
In addition, an embodiment of the present invention further provides a storage medium, where a distributed transaction current limiting program is stored on the storage medium, and the distributed transaction current limiting program is executed by a processor to perform the steps of the distributed transaction current limiting method described above.
Since the storage medium adopts all technical solutions of all the embodiments, at least all the beneficial effects brought by the technical solutions of the embodiments are achieved, and no further description is given here.
Referring to fig. 5, fig. 5 is a block diagram illustrating a first exemplary embodiment of a distributed transaction current limiting device according to the present invention.
As shown in fig. 5, the distributed transaction current limiting apparatus according to the embodiment of the present invention includes:
the obtaining module 10 is configured to obtain a transaction behavior statistical parameter of a user according to a transaction request data packet when the transaction request data packet of the user is received.
It should be noted that, when a transaction request data packet of a user is received, obtaining a transaction behavior statistical parameter of the user according to the transaction request data packet may be implemented in multiple ways, and two ways are described below as an example, and of course, at least two ways may also be implemented in combination. In addition, the manner of obtaining the transaction behavior statistical parameter of the user according to the transaction request data packet may also be other manners according to actual needs, which is not limited in this embodiment. The transaction request of the user may be operations of registering, trading, transferring, passing through the account of the financial asset on the financial platform, and the like, and the specific transaction operation is not limited in this embodiment.
Specifically, one of the ways to obtain the transaction behavior statistical parameter of the user according to the transaction request data packet is as follows: acquiring a data packet header and time sequence information according to the transaction request data packet; acquiring the header of the data packet and the characteristic information of the time sequence information, and generating a current transaction behavior flow value according to the characteristic information; and generating a transaction behavior statistical parameter of the user according to the current transaction behavior flow value. The method comprises the steps of obtaining a transaction request data packet of a current system network, carrying out characteristic data acquisition on behavior characteristics of the transaction request data packet, obtaining a data packet header and time sequence information, mainly focusing on the time variation trend of specific parameters in the transaction request data packet, and extracting the time sequence of the specific parameters to obtain the time sequence information. Further, detection analysis may be performed using time-series characteristic changes of a plurality of parameters, and a wider range of flow rate abnormalities can be detected.
Specifically, another way of obtaining the transaction behavior statistical parameter of the user according to the transaction request data packet is as follows: acquiring a transaction request data packet of a current system network, performing characteristic data acquisition on behavior characteristics of the transaction request data packet, extracting network behavior statistical parameters by analyzing the acquired characteristic data, and taking the network behavior statistical parameters as transaction behavior statistical parameters of a user.
And the judging module 20 is configured to judge whether the transaction behavior statistical parameter meets a preset transaction behavior parameter.
It should be understood that, before performing distributed transaction throttling on a transaction request of a user, a preset transaction behavior parameter needs to be set, and the manner of setting the preset transaction behavior parameter may be implemented in various manners, which is described below by taking one manner as an example, of course, the manner of setting the preset transaction behavior parameter may also be other manners according to actual needs, which is not limited in this embodiment. Specifically, one of the ways to obtain the transaction behavior statistical parameter of the user according to the transaction request data packet is as follows: constructing a normal transaction flow model; acquiring a predicted normal behavior flow value through the transaction normal flow model based on a preset time sequence analysis algorithm; and generating a preset transaction behavior parameter according to the predicted normal behavior flow value.
It is easy to understand that the typical distributed network can realize that the user can visit the financial platform content nearby, and greatly improves the financial platform transaction efficiency. However, the distributed network is widely distributed on a plurality of links in the financial platform communication network, which causes attack influence on the financial platform communication network at the same time, the network is abnormally distributed on a plurality of links in the financial platform communication network, and a single branch link has small abnormal flow and is not easy to be noticed, but the plurality of links are summarized, so that the total abnormal flow is large, which can cause great influence on the operation of the financial platform communication network. In this embodiment, a predicted normal behavior flow value is obtained by using a preset time sequence analysis algorithm in combination with characteristic information of a distributed network traffic anomaly in a financial platform communication network, and the predicted normal behavior flow value is compared with a current transaction behavior flow value to generate a transaction traffic innovation sequence of network traffic.
Specifically, a predicted normal behavior flow value is obtained according to the preset transaction behavior parameters, and a current transaction behavior flow value is obtained according to the transaction behavior statistical parameters; comparing the predicted normal behavior flow value with the current transaction behavior flow value to obtain a transaction flow innovation sequence; and analyzing the transaction flow innovation sequence, and judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not according to the analysis result. The characteristics of transaction flow information sequences of a plurality of links can be analyzed through a sequential analysis method to judge whether the transaction behavior statistical parameters meet preset transaction behavior parameters, namely whether abnormal behavior of distributed network flow occurs or not is analyzed, and then the transaction flow of a user is controlled.
And the decision module 30 is configured to generate a defense request and send the defense request to a defense request server when the transaction behavior statistical parameter does not conform to the preset transaction behavior parameter, so that the defense request server determines a current limiting node through the defense request and a preset current limiting decision.
It should be noted that when the statistical transaction behavior parameters are judged to be not in accordance with the preset transaction behavior parameters, the distributed abnormal network traffic behavior is analyzed, the current limiting node needs to be determined, and then the user transaction traffic is controlled according to the current limiting node. Specifically, a defense request is generated and sent to a defense request server, so that the defense request server constructs a flow tree through the defense request and a preset attack source tracking strategy, a target attack sub-tree is determined according to the flow tree, and a current limiting node is determined through the target attack sub-tree according to a preset current limiting decision. The defense request server DSP selects an attack source tracking (IP trace back) technology according to specific conditions, can reconstruct a flow tree taking network flow abnormal behaviors as a root, can separate attack subtrees from the flow tree, can obtain the most appropriate current limiting position, namely a current limiting node, according to an attack source tracking result, wherein the current limiting node is a leaf node of the flow tree, and can know which current limiters the attack flow passes through according to the attack source tracking result, so that the current limiting node can be selected in a targeted manner to limit the current, and the current limiting effect is improved.
And the control module 40 is used for receiving the current limiting node fed back by the defense request server and controlling the transaction flow of the user according to the current limiting node.
It should be understood that the current limiting node fed back by the defense request server is received, and the leaf node information corresponding to the current limiting node is determined; determining a current limit amount corresponding to a current limit node according to the leaf node information, and determining a preset packet loss probability according to the preset current limit decision; and controlling the transaction flow of the user according to the current limit and the preset packet loss probability. The leaf node information is basic information of each leaf node, the basic information may include, for example, a node IP address, a node state (whether current limiting is being performed, a current limiting limit, a current limiting time limit, whether an attack flow passes through), traffic information collected from the node, and the like, the leaf node information is an important basis for controlling a user transaction traffic, and the leaf node information may also store a current limiting result obtained by a preset current limiting decision.
The distributed transaction current limiting device in this embodiment includes an obtaining module 10, configured to obtain a transaction behavior statistical parameter of a user according to a transaction request data packet when the transaction request data packet of the user is received; the judging module 20 is configured to judge whether the transaction behavior statistical parameter meets a preset transaction behavior parameter; the decision module 30 is configured to generate a defense request and send the defense request to a defense request server when the transaction behavior statistical parameter does not conform to the preset transaction behavior parameter, so that the defense request server determines a current limiting node through the defense request and a preset current limiting decision; and the control module 40 is used for receiving the current limiting node fed back by the defense request server and controlling the transaction flow of the user according to the current limiting node.
In an embodiment, the determining module 20 is further configured to obtain a predicted normal behavior flow value according to the preset transaction behavior parameter, and obtain a current transaction behavior flow value according to the transaction behavior statistical parameter;
comparing the predicted normal behavior flow value with the current transaction behavior flow value to obtain a transaction flow innovation sequence;
and analyzing the transaction flow innovation sequence, and judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not according to the analysis result.
In an embodiment, the determining module 20 is further configured to determine a corresponding statistical characteristic according to the transaction flow information sequence;
analyzing the statistical characteristics based on a preset multivariate sequential analysis algorithm to obtain sample statistics;
performing correlation analysis on the sample statistics according to a preset correlation test algorithm to obtain a correlation analysis result;
and judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not according to the correlation analysis result.
In an embodiment, the obtaining module 10 is further configured to obtain a packet header and timing information according to the transaction request packet;
acquiring the header of the data packet and the characteristic information of the time sequence information, and generating a current transaction behavior flow value according to the characteristic information;
and generating a transaction behavior statistical parameter of the user according to the current transaction behavior flow value.
In an embodiment, the obtaining module 10 is further configured to construct a normal transaction flow model;
acquiring a predicted normal behavior flow value through the transaction normal flow model based on a preset time sequence analysis algorithm;
and generating a preset transaction behavior parameter according to the predicted normal behavior flow value.
In an embodiment, the decision module 30 is further configured to generate a defense request and send the defense request to a defense request server, so that the defense request server constructs a traffic tree through the defense request and a preset attack source tracking policy, determines a target attack sub-tree according to the traffic tree, and determines a current limiting node through the target attack sub-tree according to a preset current limiting decision.
In an embodiment, the control module 40 is further configured to receive a current limiting node fed back by the defense request server, and determine leaf node information corresponding to the current limiting node;
determining a current limit corresponding to a current limit node according to the leaf node information, and determining a preset packet loss probability according to the preset current limit decision;
and controlling the transaction flow of the user according to the current limit and the preset packet loss probability.
Other embodiments or specific implementation manners of the distributed transaction current limiting device according to the present invention may refer to the above embodiments of the distributed transaction current limiting method, and are not described herein again.
It should be understood that the above is only an example, and the technical solution of the present invention is not limited in any way, and in a specific application, a person skilled in the art may set the technical solution as needed, and the present invention is not limited thereto.
It should be noted that the above-described work flows are only exemplary, and do not limit the scope of the present invention, and in practical applications, a person skilled in the art may select some or all of them to achieve the purpose of the solution of the embodiment according to actual needs, and the present invention is not limited herein.
In addition, the technical details that are not described in detail in this embodiment may refer to the distributed transaction current limiting method provided in any embodiment of the present invention, and are not described herein again.
Further, it is to be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention or portions thereof that contribute to the prior art may be embodied in the form of a software product, where the computer software product is stored in a storage medium (e.g. Read Only Memory (ROM)/RAM, magnetic disk, optical disk), and includes several instructions for enabling a terminal device (e.g. a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (8)
1. A distributed transaction current limiting method is characterized in that the distributed transaction current limiting method comprises the following steps:
when a transaction request data packet of a user is received, acquiring a data packet header and time sequence information according to the transaction request data packet, acquiring characteristic information of the data packet header and the time sequence information, generating a current transaction behavior flow value according to the characteristic information, and generating a transaction behavior statistical parameter of the user according to the current transaction behavior flow value;
judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not;
when the transaction behavior statistical parameters do not accord with the preset transaction behavior parameters, generating a defense request and sending the defense request to a defense request server so that the defense request server constructs a flow tree through the defense request and a preset attack source tracking strategy, determining a target attack sub-tree according to the flow tree, and determining a current limiting node through the target attack sub-tree according to a preset current limiting decision;
and receiving the current limiting node fed back by the defense request server, and controlling the transaction flow of the user according to the current limiting node.
2. The distributed transaction current limiting method of claim 1, wherein the step of determining whether the transaction behavior statistical parameter meets a preset transaction behavior parameter comprises:
acquiring a predicted normal behavior flow value according to the preset transaction behavior parameters, and acquiring a current transaction behavior flow value according to the transaction behavior statistical parameters;
comparing the predicted normal behavior flow value with the current transaction behavior flow value to obtain a transaction flow innovation sequence;
and analyzing the transaction flow innovation sequence, and judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not according to the analysis result.
3. The distributed transaction current limiting method according to claim 2, wherein the step of analyzing the transaction flow information sequence and determining whether the transaction behavior statistical parameter meets a preset transaction behavior parameter according to the analysis result comprises:
determining corresponding statistical characteristics according to the transaction flow innovation sequence;
analyzing the statistical characteristics based on a preset multivariate sequential analysis algorithm to obtain sample statistics;
performing correlation analysis on the sample statistics according to a preset correlation test algorithm to obtain a correlation analysis result;
and judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not according to the correlation analysis result.
4. The distributed transaction current limiting method of claim 1, wherein before the step of determining whether the transaction behavior statistical parameter meets a preset transaction behavior parameter, the method further comprises:
constructing a normal transaction flow model;
acquiring a predicted normal behavior flow value through the transaction normal flow model based on a preset time sequence analysis algorithm;
and generating a preset transaction behavior parameter according to the predicted normal behavior flow value.
5. The distributed transaction throttling method of any of claims 1 to 4, wherein the step of the throttling node receiving the defensive request server feedback controlling the user transaction traffic according to the throttling node comprises:
receiving a current limiting node fed back by the defense request server, and determining leaf node information corresponding to the current limiting node;
determining a current limit corresponding to a current limit node according to the leaf node information, and determining a preset packet loss probability according to the preset current limit decision;
and controlling the transaction flow of the user according to the current limit and the preset packet loss probability.
6. A distributed transaction current limiting device, the distributed transaction current limiting device comprising:
the acquisition module is used for acquiring transaction behavior statistical parameters of a user according to a transaction request data packet when the transaction request data packet of the user is received;
the judging module is used for judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not;
the decision module is used for generating a defense request and sending the defense request to a defense request server when the transaction behavior statistical parameter does not accord with the preset transaction behavior parameter, so that the defense request server determines a current limiting node through the defense request and a preset current limiting decision;
the control module is used for receiving the current limiting node fed back by the defense request server and controlling the transaction flow of the user according to the current limiting node;
the acquisition module is further configured to acquire a data packet header and timing information according to the transaction request data packet, acquire feature information of the data packet header and the timing information, generate a current transaction behavior flow value according to the feature information, and generate a transaction behavior statistical parameter of the user according to the current transaction behavior flow value;
the decision module is further used for generating a defense request and sending the defense request to a defense request server, so that the defense request server constructs a flow tree through the defense request and a preset attack source tracking strategy, a target attack sub-tree is determined according to the flow tree, and a current limiting node is determined through the target attack sub-tree according to a preset current limiting decision.
7. A distributed transaction current limiting device, the distributed transaction current limiting device comprising: a memory, a processor, and a distributed transaction current limiting program stored on the memory and executable on the processor, the distributed transaction current limiting program configured to implement the steps of the distributed transaction current limiting method of any of claims 1 to 5.
8. A storage medium having stored thereon a distributed transaction current limiting program which, when executed by a processor, performs the steps of the distributed transaction current limiting method of any of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011482247.3A CN112702321B (en) | 2020-12-15 | 2020-12-15 | Distributed transaction current limiting method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011482247.3A CN112702321B (en) | 2020-12-15 | 2020-12-15 | Distributed transaction current limiting method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112702321A CN112702321A (en) | 2021-04-23 |
| CN112702321B true CN112702321B (en) | 2023-04-07 |
Family
ID=75508287
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011482247.3A Active CN112702321B (en) | 2020-12-15 | 2020-12-15 | Distributed transaction current limiting method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112702321B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114338811B (en) * | 2021-12-30 | 2024-01-30 | 中国农业银行股份有限公司 | Transaction flow limiting method, device, server, storage medium and product |
| CN115134301B (en) * | 2022-06-29 | 2024-04-05 | 中国工商银行股份有限公司 | Flow control method, flow control device, computer equipment and storage medium |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109831453A (en) * | 2019-03-07 | 2019-05-31 | 北京华安普特网络科技有限公司 | A kind of ddos attack defence method |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9231965B1 (en) * | 2014-07-23 | 2016-01-05 | Cisco Technology, Inc. | Traffic segregation in DDoS attack architecture |
| CN107645478B (en) * | 2016-07-22 | 2020-12-22 | 阿里巴巴集团控股有限公司 | Network attack defense system, method and device |
| CN110138756B (en) * | 2019-04-30 | 2021-05-25 | 网宿科技股份有限公司 | Current limiting method and system |
| CN110149321A (en) * | 2019-05-06 | 2019-08-20 | 长沙市智为信息技术有限公司 | A kind of detection and defence method and device applied to DDOS attack in SDN network |
| CN110380985B (en) * | 2019-08-02 | 2023-05-09 | 中国工商银行股份有限公司 | Traffic control method, device, equipment and storage medium based on transaction link |
| CN110430141B (en) * | 2019-08-08 | 2022-08-09 | 北京字节跳动网络技术有限公司 | Current limiting method and device |
| CN111181932B (en) * | 2019-12-18 | 2022-09-27 | 广东省新一代通信与网络创新研究院 | DDOS attack detection and defense method, device, terminal equipment and storage medium |
-
2020
- 2020-12-15 CN CN202011482247.3A patent/CN112702321B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109831453A (en) * | 2019-03-07 | 2019-05-31 | 北京华安普特网络科技有限公司 | A kind of ddos attack defence method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112702321A (en) | 2021-04-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3588898B1 (en) | Defense against apt attack | |
| EP2863611B1 (en) | Device for detecting cyber attack based on event analysis and method thereof | |
| US8935785B2 (en) | IP prioritization and scoring system for DDoS detection and mitigation | |
| CN107465648B (en) | Abnormal equipment identification method and device | |
| US9386036B2 (en) | Method for detecting and preventing a DDoS attack using cloud computing, and server | |
| CN103179132B (en) | A kind of method and device detecting and defend CC attack | |
| CN107645478B (en) | Network attack defense system, method and device | |
| CN110650142B (en) | Access request processing method, device, system, storage medium and computer equipment | |
| CN105939350B (en) | Network access control method and system | |
| CN112702321B (en) | Distributed transaction current limiting method, device, equipment and storage medium | |
| US20070289014A1 (en) | Network security device and method for processing packet data using the same | |
| CN110336835A (en) | Detection method, user equipment, storage medium and the device of malicious act | |
| KR101528928B1 (en) | Apparatus and method for managing network traffic based on flow and session | |
| KR102134898B1 (en) | System and method for providing integrated security service for web server based on cloud | |
| KR101072981B1 (en) | Protection system against DDoS | |
| CN112671736B (en) | Attack flow determination method, device, equipment and storage medium | |
| CN114301711B (en) | Anti-riot brushing method, device, equipment, storage medium and computer program product | |
| CN113938312B (en) | Method and device for detecting violent cracking flow | |
| Halagan et al. | Syn flood attack detection and type distinguishing mechanism based on counting bloom filter | |
| Sivabalan et al. | Detecting IoT zombie attacks on web servers | |
| CN106254375A (en) | The recognition methods of a kind of hotspot equipment and device | |
| CN114338216B (en) | Multidimensional brushing attack prevention and control method, device, equipment and medium | |
| CN117938962B (en) | Network request scheduling method, device, equipment and medium for CDN | |
| CN116232702A (en) | Malicious encryption server identification method and system based on active detection | |
| Jadhav et al. | Hidden semi-markov model for detecting application layer DDoS attacks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |