CN115361170A - Data processing method, device, equipment and storage medium - Google Patents

Data processing method, device, equipment and storage medium Download PDF

Info

Publication number
CN115361170A
CN115361170A CN202210842490.4A CN202210842490A CN115361170A CN 115361170 A CN115361170 A CN 115361170A CN 202210842490 A CN202210842490 A CN 202210842490A CN 115361170 A CN115361170 A CN 115361170A
Authority
CN
China
Prior art keywords
request
service
abnormal
traffic
evaluation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210842490.4A
Other languages
Chinese (zh)
Inventor
刘纯彰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Dajia Internet Information Technology Co Ltd
Original Assignee
Beijing Dajia Internet Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Dajia Internet Information Technology Co Ltd filed Critical Beijing Dajia Internet Information Technology Co Ltd
Priority to CN202210842490.4A priority Critical patent/CN115361170A/en
Publication of CN115361170A publication Critical patent/CN115361170A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The method generates an abnormal evaluation request matched with a service flow request by responding to the service flow request, and sends the abnormal evaluation request to a second service node; the second service node determines abnormal evaluation parameter information corresponding to the service flow request based on the abnormal evaluation request and the acquired historical characteristic parameters corresponding to the abnormal evaluation request; the abnormal evaluation parameter information represents the abnormal degree of the traffic of the service traffic request; and acquiring the abnormal evaluation parameter information, and executing access control on the service flow request based on the abnormal evaluation parameter information. Therefore, the network request corresponding to the normal service is ensured to be smoothly carried out, the service stability of the service server is improved, and the data processing efficiency is improved.

Description

Data processing method, device, equipment and storage medium
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a data processing method, apparatus, device, and storage medium.
Background
For a network request, it is generally determined by a service server whether the network request is an abnormal request, such as a request of an illegal attack. In the case where the network request is determined to be an abnormal request, the request is usually rejected directly. However, once the service server is attacked by a large number of illegal network requests, the network requests corresponding to normal services are seriously affected, and the service stability of the service server is also reduced.
Disclosure of Invention
The present disclosure provides a data processing method, apparatus, device, and storage medium, to at least solve at least one problem in the related art, such as affecting a network request corresponding to a normal service, and reducing service stability of a service server. The technical scheme of the disclosure is as follows:
according to a first aspect of the embodiments of the present disclosure, a data processing method is provided, which is applied to a first service node, and includes:
responding to a service flow request, and generating an abnormal evaluation request matched with the service flow request;
sending the abnormal evaluation request to a second service node; the second service node determines abnormality evaluation parameter information based on the abnormality evaluation request and the acquired historical characteristic parameters corresponding to the abnormality evaluation request; the abnormal evaluation parameter information represents the abnormal degree of the traffic of the service traffic request;
and acquiring the abnormal evaluation parameter information, and executing access control on the service flow request based on the abnormal evaluation parameter information.
In an optional embodiment, the generating, in response to a traffic flow request, an anomaly evaluation request matching the traffic flow request includes:
responding to a service flow request, and determining a target service characteristic parameter corresponding to the service flow request;
and generating an abnormal evaluation request matched with the service flow request based on the target service characteristic parameters.
In an optional implementation manner, the determining, in response to a service traffic request, a target service feature parameter corresponding to the service traffic request includes:
responding to a service flow request, and determining request attribute information and request scene information indicated by the service flow request;
and determining a target service characteristic parameter corresponding to the service flow request based on the request attribute information and the request scene information.
In an optional implementation manner, the determining, based on the request attribute information and the request scenario information, a target service feature parameter corresponding to the service traffic request includes:
inquiring a service exception extraction factor corresponding to the service flow request based on the request attribute information; the service abnormity extraction factor comprises a first extraction factor used for indicating service general parameters and a second extraction factor used for indicating service special parameters;
acquiring a first service characteristic parameter from a service general parameter in the request scene information based on the first extraction factor;
acquiring a second service characteristic parameter from the service special parameter in the request scene information based on the second extraction factor;
and determining a target service characteristic parameter corresponding to the service flow request based on the first service characteristic parameter and the second service characteristic parameter.
In an optional embodiment, the performing access control on the service traffic request based on the abnormal evaluation parameter information includes:
determining a control parameter corresponding to the service flow request based on the abnormal evaluation parameter information;
and executing access control on the service flow request based on the control parameters, wherein the access control comprises at least one of rejection request and forwarding request.
In an optional embodiment, in a case that the control parameter includes a routing parameter, the performing access control on the traffic flow request based on the control parameter includes:
controlling the service flow request to be forwarded to a corresponding service node based on the routing parameter indicated by the control parameter; the routing parameters correspond to the corresponding service nodes one by one, and the service grades corresponding to different service nodes corresponding to the same service type are different.
In an optional embodiment, the controlling, based on the routing parameter indicated by the control parameter, forwarding the traffic flow request to a corresponding traffic service node includes:
when the routing parameter indicated by the control parameter is a first request level, controlling the service flow request to be forwarded to a first service node;
when the routing parameter indicated by the control parameter is a second request level, controlling the service flow request to be forwarded to a second service node; and the flow abnormality degree corresponding to the second request level is lower than that corresponding to the first request level, and the service quality corresponding to the second service node is higher than that corresponding to the second service node.
According to a second aspect of the embodiments of the present disclosure, there is provided a data processing method applied to a second service node, including:
obtaining an anomaly evaluation request, wherein the anomaly evaluation request is generated by a first service node in response to a service flow request;
acquiring historical characteristic parameters corresponding to the abnormal evaluation request;
determining anomaly evaluation parameter information based on the anomaly evaluation request and the historical characteristic parameters; the abnormal evaluation parameter information represents the flow abnormal degree of the service flow request;
and sending the abnormal evaluation parameter information corresponding to the service flow request to the first service node, wherein the first service node executes access control on the service flow request based on the abnormal evaluation parameter information.
In an optional implementation manner, the obtaining of the historical characteristic parameter corresponding to the anomaly evaluation request includes:
analyzing a request object identifier from the abnormal evaluation request;
and acquiring historical characteristic parameters corresponding to the abnormal evaluation request from a historical characteristic storage area according to the request object identifier.
In an optional implementation manner, the determining, based on the anomaly evaluation request and the historical characteristic parameter, anomaly evaluation parameter information corresponding to the service traffic request includes:
analyzing the target service characteristic parameters from the abnormal evaluation request;
and calling an abnormal evaluation model, processing the target service characteristic parameters and the historical characteristic parameters, and determining abnormal evaluation parameter information corresponding to the service flow request.
According to a third aspect of the embodiments of the present disclosure, there is provided a data processing apparatus, applied to a first service node, including:
the request generation module is configured to execute responding to a service flow request and generate an abnormal evaluation request matched with the service flow request;
a sending module configured to execute sending the anomaly evaluation request to a second service node; the second service node determines the abnormal evaluation parameter information corresponding to the service flow request based on the abnormal evaluation request and the acquired historical characteristic parameters corresponding to the abnormal evaluation request; the abnormal evaluation parameter information represents the flow abnormal degree of the service flow request;
and the control module is configured to execute the acquisition of the abnormal evaluation parameter information and execute access control on the service flow request based on the abnormal evaluation parameter information.
In an optional embodiment, the request generation comprises:
the first determining submodule is configured to execute the step of determining a target service characteristic parameter corresponding to a service flow request in response to the service flow request;
and the request generation submodule is configured to execute generation of an abnormal evaluation request matched with the service flow request based on the target service characteristic parameter.
In an alternative embodiment, the first determining sub-module includes:
a first determining unit configured to perform determining, in response to a service traffic request, request attribute information and request scenario information indicated by the service traffic request;
and the second determining unit is configured to determine a target service characteristic parameter corresponding to the service flow request based on the request attribute information and the request scene information.
In an optional embodiment, the second determining unit is specifically configured to perform:
inquiring a service exception extraction factor corresponding to the service flow request based on the request attribute information; the service abnormity extraction factor comprises a first extraction factor used for indicating service general parameters and a second extraction factor used for indicating service special parameters;
acquiring a first service characteristic parameter from a service general parameter in the request scene information based on the first extraction factor;
acquiring a second service characteristic parameter from the service special parameter in the request scene information based on the second extraction factor;
and determining a target service characteristic parameter corresponding to the service flow request based on the first service characteristic parameter and the second service characteristic parameter.
In an alternative embodiment, the control module includes:
the parameter determining submodule is configured to determine a control parameter corresponding to the service flow request based on the abnormal evaluation parameter information;
and the control sub-module is configured to perform access control on the service flow request based on the control parameter, wherein the access control comprises at least one of rejection request and forwarding request.
In an optional embodiment, in a case that the control parameter includes a routing parameter, the control sub-module includes:
the control unit is configured to execute control of forwarding the service flow request to a corresponding service node based on the routing parameter indicated by the control parameter; the routing parameters correspond to the corresponding service nodes one by one, and the service grades corresponding to different service nodes corresponding to the same service type are different.
In an optional embodiment, the control unit is specifically configured to perform:
when the routing parameter indicated by the control parameter is a first request level, controlling the service flow request to be forwarded to a first service node;
when the routing parameter indicated by the control parameter is a second request level, controlling the service flow request to be forwarded to a second service node; and the flow abnormality degree corresponding to the second request level is lower than that corresponding to the first request level, and the service quality corresponding to the second service node is higher than that corresponding to the second service node.
According to a fourth aspect of the embodiments of the present disclosure, there is provided a data processing apparatus, applied to a second service node, including:
a request acquisition module configured to perform acquisition of an anomaly evaluation request generated by a first service node in response to a traffic flow request;
a parameter obtaining module configured to perform obtaining of a history feature parameter corresponding to the anomaly evaluation request;
an anomaly determination module configured to perform determining anomaly evaluation parameter information based on the anomaly evaluation request and the historical feature parameters; the abnormal evaluation parameter information represents the abnormal degree of the traffic of the service traffic request;
a sending module configured to execute sending of the abnormal evaluation parameter information corresponding to the service traffic request to the first service node, where the first service node executes access control on the service traffic request based on the abnormal evaluation parameter information.
In an optional embodiment, the parameter obtaining module is specifically configured to perform:
analyzing a request object identifier from the abnormal evaluation request;
and acquiring historical characteristic parameters corresponding to the abnormal evaluation request from a historical characteristic storage area according to the request object identifier.
In an optional embodiment, the anomaly determination module is specifically configured to perform:
analyzing the target service characteristic parameters from the abnormal evaluation request;
and calling an abnormal evaluation model, processing the target service characteristic parameters and the historical characteristic parameters, and determining abnormal evaluation parameter information corresponding to the service flow request.
According to a fifth aspect of the embodiments of the present disclosure, there is provided a computer-readable storage medium, wherein instructions of the computer-readable storage medium, when executed by a processor of an electronic device, enable the electronic device to perform the data processing method according to any one of the above embodiments.
According to a sixth aspect of embodiments of the present disclosure, there is provided an electronic apparatus including:
a processor;
a memory for storing the processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the data processing method according to any of the above embodiments.
According to a seventh aspect of embodiments of the present disclosure, there is provided a computer program product, the computer program product comprising a computer program, the computer program, when executed by a processor, implementing the data processing method provided in any one of the above-mentioned embodiments.
The technical scheme provided by the embodiment of the disclosure at least brings the following beneficial effects:
the embodiment of the disclosure generates an abnormal evaluation request matched with a service flow request by responding to the service flow request, and sends the abnormal evaluation request to a second service node; the second service node determines the abnormal evaluation parameter information corresponding to the service flow request based on the abnormal evaluation request and the acquired historical characteristic parameters corresponding to the abnormal evaluation request; the abnormal evaluation parameter information represents the abnormal degree of the traffic of the service traffic request; and acquiring the abnormal evaluation parameter information, and executing access control on the service flow request based on the abnormal evaluation parameter information. As the first service node and the second service node intercept and evaluate the service traffic request and control the access of the service traffic request according to the abnormal evaluation parameter information, the illegal attack of a large number of abnormal requests on the service server is reduced, the smooth operation of the network request corresponding to the normal service is ensured, the service stability of the service server is improved, and the data processing efficiency is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this disclosure, illustrate embodiments consistent with the disclosure and, together with the description, serve to explain the principles of the disclosure and are not to be construed as limiting the disclosure.
Fig. 1 is an architecture diagram illustrating a system applying a data processing method according to an exemplary embodiment.
FIG. 2 is a flow chart illustrating a method of data processing in accordance with an exemplary embodiment.
FIG. 3 is a partial flow diagram illustrating a method of data processing in accordance with an exemplary embodiment.
FIG. 4 is a partial flow diagram illustrating a method of data processing in accordance with an exemplary embodiment.
FIG. 5 is a partial flow diagram illustrating a method of data processing in accordance with an exemplary embodiment.
Fig. 6 is a process diagram illustrating a data processing method according to an example embodiment.
FIG. 7 is a flow chart illustrating another method of data processing according to an exemplary embodiment.
FIG. 8 is a block diagram illustrating a data processing apparatus according to an example embodiment.
FIG. 9 is a block diagram illustrating another data processing apparatus according to an example embodiment.
FIG. 10 is a block diagram illustrating an electronic device in accordance with an example embodiment.
Detailed Description
In order to make the technical solutions of the present disclosure better understood by those of ordinary skill in the art, the technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings.
It should be noted that the terms "first," "second," and the like in the description and claims of the present disclosure and in the above-described drawings are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the disclosure described herein are capable of operation in sequences other than those illustrated or otherwise described herein. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the disclosure, as detailed in the appended claims.
It should be noted that, the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data for presentation, analyzed data, etc.) referred to in the present disclosure are information and data authorized by the user or sufficiently authorized by each party.
Fig. 1 is an architecture diagram illustrating a system applying a data processing method according to an exemplary embodiment, and referring to fig. 1, the architecture diagram may include a terminal 10, a first service node 20, a second service node 30, and a service node 40.
The terminal 10 may be, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart speaker, a smart wearable device, a digital assistant, an augmented reality device, a virtual reality device, and the like.
The first service node 20 and the second service node 30 may provide data processing services for the terminal 10, and the service node 40 may provide service services for applications or clients loaded on the terminal 10. For example only, the first service node 20, the second service node 30, and the service node 40 may be, but are not limited to, independent servers, may also be a server cluster or a distributed system formed by a plurality of physical servers, and may also be one or more of cloud servers and the like that provide basic cloud computing services such as cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communications, intermediate services, domain name services, security services, and big data and artificial intelligence platforms. Among them, the service node 40 may include a plurality of service sub-nodes, and different service sub-nodes provide different service functions and services.
The terminal 10 and the first service node 20, the first service node 20 and the second service node 30, and the first service node 20 and the service node 40 may be directly or indirectly connected through wired or wireless communication, and the embodiments of the present disclosure are not limited herein.
It should be noted that the architecture diagram of the system applying the data processing method of the present disclosure is not limited thereto, and may also include more or less devices than the number of fig. 1, and the embodiments of the present disclosure are not limited thereto.
The data processing method provided by the embodiment of the present disclosure may be executed by a data processing apparatus, where the data processing apparatus may be integrated in a terminal device in a hardware form or a software form, and may be implemented by being executed by the first service node 20 or the second service node 30 alone, or may be implemented by being executed by a terminal and each service node cooperatively.
FIG. 2 is a flow chart illustrating a method of data processing according to an exemplary embodiment. As shown in fig. 2, the data processing method may be applied to an electronic device, and the electronic device is exemplified as the first service node 20 in the above implementation environment schematic diagram, and includes the following steps.
In step S201, in response to a service traffic request, an anomaly evaluation request matching the service traffic request is generated.
The service flow request refers to a network request for requesting to acquire a target service operation. The abnormal evaluation request refers to a request for evaluating whether the traffic requested by the network is abnormal traffic.
Alternatively, the terminal 10 sends a traffic flow request to the first service node 20 when performing a triggering operation for the target traffic. The trigger operation may be a service operation such as an access operation, a modification operation, an upload operation, a download operation, and a send operation for the target service. The service traffic request may carry request identification information and service information, where the request identification information may be, for example, a terminal ID, login account information, and the like. The service information may be used at least to reflect environment information of the service operation. The first service node 20 generates an anomaly evaluation request matching the traffic flow request in response to the traffic flow request.
In an alternative embodiment, as shown in fig. 3, the generating, in response to a traffic flow request, an anomaly evaluation request matching the traffic flow request includes:
in step S301, in response to a service traffic request, a target service feature parameter corresponding to the service traffic request is determined.
The target service characteristic parameter is used for characterizing the service flow request. The target service characteristic parameter is associated with a target service and/or a current service scenario. Illustratively, the target service characteristic parameter may include, but is not limited to, a request subject identifier, a request time, a request geographic location, a request IP, a request operation track, a request service content, and other characteristic parameters.
In an optional implementation manner, the determining, in response to a service traffic request, a target service feature parameter corresponding to the service traffic request includes:
in step S3031, in response to a service traffic request, request attribute information and request scenario information indicated by the service traffic request are determined.
The request attribute information is used for characterizing information related to the request, such as at least one of a service type, a request subject identifier, a current access environment identifier, and the like. The request scenario information is used to characterize information related to the current request scenario, such as service general information, service specific information, and the like.
Optionally, the terminal 10 sends a service traffic request to the first service node 20, and the first service node 20 performs parsing processing on the service traffic request to obtain request attribute information and request scenario information indicated by the service traffic request. Illustratively, the request attribute information may include a service type, a request subject identification, a current access environment identification, a request role, and the like. Wherein the request role is used for characterizing the requested authority information, such as administrator, member a, member B, and the like. The request scenario information may include service general parameters, service specific parameters, and the like. The service general parameter may include at least one of a request geographic location, a request IP, a request time, and the like. The service-specific parameters comprise at least one of request service content, request operation track, request operation content, request role and the like.
Optionally, the request service content is used to characterize the service content requested to be obtained, and for different service types, the corresponding request service content is generally different. For example, for traffic type a, its requested traffic content includes { A1, a2.. Am }, and for traffic type B, its requested traffic content includes { B1, B2.. Bn }. The request operation track is used for representing a requested operation path, such as a request of scanning through a camera, a request of logging in through a browser account, a request of logging in through an application program, a request of logging in through a two-dimension code and the like. The request operation content is used for representing the actual trigger operation of the request, such as an access operation, a download operation, a modification operation, a deletion operation and the like.
In step S3033, a target service characteristic parameter corresponding to the service traffic request is determined based on the request attribute information and the request context information.
The target service characteristic parameter is used for representing the flow request characteristic of the service flow request. The target service characteristic parameter is related to a target service and/or a current service access scenario.
Optionally, the first service node 20 performs feature parameter extraction on the request attribute information and the request scenario information obtained through the analysis, and determines a target service feature parameter corresponding to the service traffic request. By way of example, the target service characteristic parameter may include, but is not limited to, a request subject identifier, a request time, a request geographic location, a request IP, a request operation trace, a request service content, a request operation trace, and the like.
In an optional implementation manner, as shown in fig. 4, the determining, based on the request attribute information and the request scenario information, a target service feature parameter corresponding to the service traffic request includes:
in step S401, based on the request attribute information, querying a service anomaly extraction factor corresponding to the service traffic request; the service abnormity extraction factor comprises a first extraction factor used for indicating service general parameters and a second extraction factor used for indicating service special parameters;
in step S403, based on the first extraction factor, a first service feature parameter is obtained from the request context information;
in step S405, based on the second extraction factor, a second service feature parameter is obtained from the request scene information;
in step S407, a target service characteristic parameter corresponding to the service flow request is determined based on the first service characteristic parameter and the second service characteristic parameter.
The service exception extraction factor may include a first extraction factor used for indicating a service general parameter and a second extraction factor used for indicating a service specific parameter. The first extraction factor and the second extraction factor respectively corresponding to different services or different access scenes are different.
Optionally, the first service node may query, based on a target attribute parameter (for example, a service type) in the request attribute information, a service exception extraction factor corresponding to the target attribute parameter from the database of stored service exception extraction factors. The service abnormity extraction factor comprises a first extraction factor used for indicating service general parameters and a second extraction factor used for indicating service special parameters. The target attribute parameter may include at least one of a service type, a request subject identifier, a current access environment identifier, a request role, and the like. Then, according to a first extraction factor, acquiring a first service characteristic parameter from a service general parameter in the request scene information; and acquiring a second service characteristic parameter from the service special parameter in the request scene information according to a second extraction factor. And then, aggregating the first service characteristic parameter and the second service characteristic parameter to obtain a target service characteristic parameter corresponding to the service flow request.
Exemplarily, taking the target attribute parameter as a service type as an example, for a service a, a first extraction factor and a second extraction factor corresponding to the service a are respectively K1 and K2, and a first service characteristic parameter is obtained from a service general parameter in the request context information based on the first extraction factor K1, and is { A1-1, A1-3}; and two service characteristic parameters are { A2-2, A2-4 and A2-5} which are obtained from the service special parameter in the request scene information based on the second extraction factor K2, and the target service characteristic parameters obtained through aggregation are { A1-1, A1-3, A2-2, A2-4 and A2-5}. For the service B, a first extraction factor and a second extraction factor corresponding to the service B are respectively K3 and K4, and a first service characteristic parameter is { B1-1 and B1-2} obtained from a service general parameter in the request scene information based on the first extraction factor K3; and the second service characteristic parameter obtained from the service special parameter in the request scene information based on the second extraction factor K4 is { B2-1, B2-2, B2-3, B2-4}, and the target service characteristic parameter obtained through aggregation is { B1-1, B1-2, B2-1, B2-2, B2-3, B2-4}.
Under different target attribute parameters, the service exception extraction factors corresponding to the same service can be different. Taking the target attribute parameters including the service type and the request role as an example, for the service A, a first extraction factor and a second extraction factor corresponding to the service A are respectively K1' and K2', and acquiring a first service characteristic parameter which is { A1-2 and A1-4} from a service general parameter in the request scene information based on the first extraction factor K1 '; and two service characteristic parameters are { A2-1, A2-3 and A2-5} which are obtained from the service special parameter in the request scene information based on the second extraction factor K2', and the target service characteristic parameters obtained through aggregation are { A1-2, A1-4, A2-1, A2-3 and A2-5}.
In the embodiment, the service anomaly extraction factor corresponding to the service flow request is inquired based on the request attribute information; the service exception extraction factor comprises a first extraction factor used for indicating service general parameters and a second extraction factor used for indicating service special parameters, and the first service characteristic parameter and the second service characteristic parameter are respectively obtained from request scene information based on the first extraction factor and the second extraction factor, so that a target service characteristic parameter corresponding to a service flow request is determined according to the first service characteristic parameter and the second service characteristic parameter. Therefore, different business abnormity extraction factors are extracted based on different request attribute information, the business abnormity extraction factors comprise two dimensionality extraction factors, corresponding business characteristic parameters can be conveniently and respectively acquired in a targeted mode, flexibility and reliability of determining target business characteristic parameters are achieved, and accuracy of data processing results is improved conveniently.
In step S303, an anomaly assessment request matching the service traffic request is generated based on the target service characteristic parameter.
Alternatively, the terminal 10 sends a traffic flow request to the first service node 20 when performing a triggering operation for the target traffic. The trigger operation may be a service operation such as an access operation, a modification operation, an upload operation, a download operation, and a send operation for the target service. The first service node 20, in response to the service traffic request, obtains a target service characteristic parameter corresponding to the service traffic request, and generates an anomaly evaluation request matching with the service traffic request based on the target service characteristic parameter, where the anomaly evaluation request includes the target service characteristic parameter, so as to perform traffic anomaly detection on the service traffic request based on the target service characteristic parameter in the anomaly evaluation request.
In the embodiment, the request attribute information and the request scene information indicated by the service traffic request are determined by responding to the service traffic request; and determining a target service characteristic parameter corresponding to the service flow request based on the request attribute information and the request scene information. The target service characteristic parameter covers the request attribute information and the request scene information, so that the coverage information is more comprehensive, the representation accuracy of the determined target service characteristic parameter on the service request flow is improved, the improvement of the data processing reliability of the service flow request is facilitated, and the misjudgment of the subsequent service flow request is reduced.
In step S203, sending the anomaly evaluation request to a second service node; and the second service node determines the abnormal evaluation parameter information based on the abnormal evaluation request and the historical characteristic parameters corresponding to the abnormal evaluation request.
Wherein the anomaly evaluation parameter information represents the traffic anomaly degree of the service traffic request. For example, the abnormality evaluation parameter information may be an abnormality evaluation score, an abnormality evaluation level, or the like. The higher the abnormality evaluation parameter information score is or the higher the grade is, the higher the corresponding flow abnormality degree is.
Optionally, the first service node 20 sends the anomaly evaluation request to the second service node 30, and the second service node obtains the historical characteristic parameters corresponding to the anomaly evaluation request based on the anomaly evaluation request, and determines the anomaly evaluation parameter information corresponding to the service traffic request by combining with the anomaly evaluation model. The anomaly evaluation model may be a machine learning model for implementing anomaly traffic prediction.
In step S205, the abnormal evaluation parameter information is obtained, and access control is performed on the service traffic request based on the abnormal evaluation parameter information.
Here, the access control may include at least one access control logic, for example, including but not limited to at least one of responding to a request, rejecting a request, and forwarding a request. And the response request is to receive the service flow request and execute corresponding request response operation. The reject request refers to rejecting the service flow request and feeding back a request response of rejecting the access. Forwarding the request may be forwarding the traffic flow request to a corresponding target service node, which may be a full-function or limited-function target service node.
Optionally, the first service node 20 obtains the abnormal evaluation parameter information, determines a target access control policy based on a ratio of the obtained abnormal evaluation parameter information to the preset abnormal evaluation parameter information, and performs access control on the service traffic request according to the target access control policy. That is, different access control strategies are selected for different abnormal evaluation parameter information to perform access control, so that differentiated access control is performed on different requested network flows.
In an optional implementation manner, as shown in fig. 5, the performing access control on the service traffic request based on the anomaly evaluation parameter information includes:
in step S501, based on the abnormal evaluation parameter information, determining a control parameter corresponding to the service traffic request;
in step S503, performing access control on the service traffic request based on the control parameter.
Wherein the access control comprises at least one of a reject request and a forward request. The forwarding request may be to forward the service traffic request to a corresponding target service node, and the target service node may be a target service node with full function or limited function. The target service node of the restricted service function refers to a target service node with limited or incomplete function. Illustratively, if the required service function set corresponding to the service traffic request is { function 1, function 2, function 3, function 4}, the full-service function of { function 1, function 2, function 3, function 4} is provided for the target service node 1 of the full-service function. Only the restricted service function of { function 1, function 3} is provided for the restricted service node 2.
Optionally, the target service node with the restrictive function may be a target service node with a regional restrictive function, a target service node with a time restrictive function, a target service node with an authority limitation, or the like. Continuing with the above example, the target service node 3 for the area-restricted service function provides only the service functions of { function 1, function 3 }. The target service node 3 for the time-limited service function only provides the service functions of function 2, function 3. Only the service function of { function 3, function 4} is provided for the target service node 3 of the authority-limiting service function.
Optionally, the first service node provides different access control policies for the service traffic request according to the abnormal evaluation parameter information based on the abnormal evaluation parameter information. Exemplarily, the request is directly rejected for the service flow request with high risk indicated by the abnormal evaluation parameter information; the abnormal evaluation parameter information indicates a low-risk service flow request, and the low-risk service flow request is forwarded to a service node N which provides limited-function and degradable service; and forwarding the service flow request indicating no risk to the abnormal evaluation parameter information to a service node M providing the service with complete function and high security service.
In the embodiment, the control parameter corresponding to the service flow request is determined based on the abnormal evaluation parameter information; and performing access control on the service flow request based on the control parameters, wherein the access control comprises at least one of rejection request and forwarding request. Therefore, flexible and differentiated control of the service flow requests is realized, single processing modes of blocking or receiving the requests are avoided, and diversity of the service flow request control is improved.
In an optional embodiment, in a case that the control parameter includes a routing parameter, the performing access control on the traffic flow request based on the control parameter includes: and controlling the service flow request to be forwarded to the corresponding service node based on the routing parameter indicated by the control parameter.
The routing parameters correspond to the corresponding service nodes one to one, and the service grades corresponding to different service nodes corresponding to the same service type are different. Illustratively, the traffic service levels include low, medium, and high. If the service level is low, directly rejecting the request; if the service class is middle, forwarding the service class to a service node N which provides the service with limited function and degradable level; and if the service level is high, forwarding the service level to a service node M providing the service with complete function and high guarantee.
The routing parameters comprise at least one of routing operation parameters and routing values corresponding to the abnormal risk level. The routing operation parameters include rejection operation, permission operation and the like. Route values may include none, route 1, route 2, route 3. Different routing values correspond to different service nodes. Illustratively, in case the control parameters comprise routing parameters, the control parameters may comprise traffic a/risk level: XX/routing action: XX/routing value: and XX.
Optionally, the first service node 20 controls the service traffic request to be forwarded to the corresponding service node based on the routing parameter indicated by the control parameter. As shown in fig. 6, for service a, when the anomaly evaluation parameter information indicates a high-risk service traffic request, its control parameters may include service a/risk level: high risk/routing actions: reject operation/route value: none, i.e., its routing policy is deny the request. When the abnormal evaluation parameter information indicates a low-risk service flow request, the control parameters thereof may include service a/risk level: low risk/routing actions: allowed operation/routing values: route 1, i.e., its routing policy is to allow the service traffic request to be executed according to route 1. When the abnormal evaluation parameter information indicates a risk-free service flow request, the control parameters thereof may include service a/risk level: risk-free/routing actions: allowed operation/routing values: route 2, i.e., its routing policy is to allow the traffic request to be performed according to route 2. For the service b, the abnormal evaluation parameter information indicates a low-risk service flow request, and the control parameters thereof may include service b/risk level: low risk/routing actions: allowed operation/routing values: route 3, i.e., the routing policy for allowing traffic requests to be performed according to route 3.
In an optional embodiment, the controlling, based on the routing parameter indicated by the control parameter, forwarding the traffic flow request to a corresponding traffic service node includes:
when the routing parameter indicated by the control parameter is a first request level, controlling the service flow request to be forwarded to a first service node;
when the routing parameter indicated by the control parameter is a second request level, controlling the service flow request to be forwarded to a second service node; and the flow abnormality degree corresponding to the second request level is lower than that corresponding to the first request level, and the service quality corresponding to the second service node is higher than that corresponding to the second service node.
Optionally, when the routing parameter indicated by the control parameter corresponding to the service traffic request is the first request level, the first service node 20 controls the service traffic request to be forwarded to the first service node. When the routing parameter indicated by the control parameter corresponding to the service traffic request is the second request level, the second service node 20 controls the service traffic request to be forwarded to the second service node. And the flow abnormality degree corresponding to the second request level is lower than that corresponding to the first request level, and the service quality corresponding to the second service node is higher than that corresponding to the second service node. The first request level may be a low risk traffic request level and the second request level may be a non-risk traffic request level.
Illustratively, the routing parameters indicated for the control parameters indicate high-risk traffic requests, and the control parameters include traffic a/risk level: high risk/routing actions: deny operation/route value: none, i.e., the request is denied. And the abnormal evaluation parameter information indicates a low-risk service flow request, and the control parameters of the abnormal evaluation parameter information comprise service a/risk level: low risk/routing actions: the allowed operation/routing value 1 is forwarded, i.e. to the service node N providing a limited-function, degradable service. And for the abnormal evaluation parameter information, indicating a risk-free service flow request, wherein the control parameters comprise service a/risk level: risk-free/routing actions: allowed operation/routing values: 2, the service node M provides a complete function and high-security service.
In the above embodiment, when the routing parameter indicated by the control parameter is the first request level, the service flow control request is forwarded to the first service serving node; and when the routing parameter indicated by the control parameter is the second request level, controlling the service flow request to be forwarded to the second service node. The flow abnormality degree corresponding to the second request level is lower than the flow abnormality degree corresponding to the first request level, and the service quality corresponding to the second service node is higher than the service quality corresponding to the second service node. Therefore, differentiated business service control is realized for different request levels according to the routing parameters, and the business service effect and diversity are improved on the premise of ensuring the safety and stability of the server, so that the data processing efficiency is improved.
In the embodiment, the first service node responds to the service flow request, generates an abnormal evaluation request, and sends the abnormal evaluation request to the second service node; the second service node determines the abnormal evaluation parameter information corresponding to the service flow request based on the abnormal evaluation request and the acquired historical characteristic parameters; the abnormal evaluation parameter information represents the abnormal degree of the traffic of the service traffic request; and acquiring the abnormal evaluation parameter information, and executing access control on the service flow request based on the abnormal evaluation parameter information. The first service node and the second service node intercept and evaluate the service flow request and control the access control of the service flow request according to the abnormal evaluation parameter information, so that the illegal attack of a large number of abnormal requests on the service server is reduced, the smooth operation of the network request corresponding to the normal service is ensured, the service stability of the service server is improved, and the data processing efficiency is improved.
FIG. 7 is a flow chart illustrating a method of data processing according to an exemplary embodiment. As shown in fig. 7, the data processing method may be applied to an electronic device, and the electronic device is exemplified as the second service node 30 in the above implementation environment schematic diagram, and includes the following steps.
In step S701, an anomaly evaluation request generated by the first service node in response to the service traffic request is obtained;
in step S703, obtaining a history feature parameter corresponding to the anomaly evaluation request;
in step S705, based on the abnormal evaluation request and the historical feature parameter, determining abnormal evaluation parameter information corresponding to the service traffic request; the abnormal evaluation parameter information represents the abnormal degree of the traffic of the service traffic request;
in step S707, the abnormal evaluation parameter information corresponding to the service traffic request is sent to the first service node, and the first service node performs access control on the service traffic request based on the abnormal evaluation parameter information.
For details and contents of the foregoing embodiments, reference is made to the foregoing embodiments, which are not repeated herein.
In the above embodiment, the second service node obtains an exception evaluation request, where the exception evaluation request is generated by the first service node in response to the service traffic request; acquiring historical characteristic parameters corresponding to the abnormal evaluation request; determining anomaly evaluation parameter information based on the anomaly evaluation request and the historical characteristic parameters; the abnormal evaluation parameter information represents the abnormal degree of the traffic of the service traffic request; and sending the abnormal evaluation parameter information corresponding to the service flow request to the first service node, wherein the first service node executes access control on the service flow request based on the abnormal evaluation parameter information. The first service node and the second service node intercept and evaluate the service flow request and control the access control of the service flow request according to the abnormal evaluation parameter information, so that the illegal attack of a large number of abnormal requests on the service server is reduced, the smooth operation of the network request corresponding to the normal service is ensured, the service stability of the service server is improved, and the data processing efficiency is improved.
In an optional implementation manner, the obtaining of the historical characteristic parameter corresponding to the anomaly evaluation request includes:
analyzing a request object identifier from the abnormal evaluation request;
and acquiring historical characteristic parameters corresponding to the abnormal evaluation request from a historical characteristic storage area according to the request object identifier.
Wherein the request object identification is unique identification information used to characterize the request object, such as a request ID, a request nickname, etc. The historical feature storage area may be a database for storing service feature parameters of historical service traffic requests. The historical characteristic parameter is a characteristic that characterizes historical traffic requests. The historical characteristic parameters are related to the target service and/or the current service scene. Illustratively, the historical characteristic parameters may include, but are not limited to, characteristic parameters such as request subject identification, request time, request geographic location, request IP, request operation trace, request service content, and the like.
Optionally, the second service node 30 parses the request object identifier from the anomaly evaluation request; then, the service characteristic parameter corresponding to the request object identifier is searched from the historical characteristic storage area to be used as the historical characteristic parameter corresponding to the abnormal evaluation request.
In an optional implementation manner, the determining, based on the abnormal evaluation request and the historical feature parameter, abnormal evaluation parameter information corresponding to the service traffic request includes:
analyzing the target service characteristic parameters from the abnormal evaluation request;
and calling an abnormal evaluation model, processing the target service characteristic parameters and the historical characteristic parameters, and determining abnormal evaluation parameter information corresponding to the service flow request.
The target service characteristic parameter is used for characterizing the service flow request. The target service characteristic parameter is associated with a target service and/or a current service scenario. Illustratively, the target service characteristic parameter may include, but is not limited to, a request subject identifier, a request time, a request geographic location, a request IP, a request operation track, a request service content, and other characteristic parameters. The anomaly evaluation model may be a machine learning model for implementing anomaly traffic prediction. The target service characteristic parameters and the historical characteristic parameters can be fused to obtain fusion characteristic parameters; and then, inputting the fusion characteristic parameters into an anomaly evaluation model for anomaly prediction, and determining anomaly evaluation parameter information corresponding to the service flow request. The abnormal evaluation parameter information represents the abnormal degree of the traffic of the service traffic request. For example, the abnormality evaluation parameter information may be an abnormality evaluation score, an abnormality evaluation level, or the like. The higher the abnormality evaluation parameter information score is or the higher the grade is, the higher the corresponding flow abnormality degree is.
With regard to the methods in the above-described embodiments, the specific manner in which each step is performed has been described in detail in the embodiments of the foregoing methods, and will not be described in detail herein.
FIG. 8 is a block diagram illustrating a data processing apparatus according to an example embodiment. Referring to fig. 8, the apparatus is applied to a first service node, and includes:
a request generating module 810 configured to execute generating an anomaly evaluation request matched with a service traffic request in response to the service traffic request;
a sending module 820 configured to perform sending the anomaly evaluation request to a second service node; the second service node determines the abnormal evaluation parameter information corresponding to the service flow request based on the abnormal evaluation request and the acquired historical characteristic parameters corresponding to the abnormal evaluation request; the abnormal evaluation parameter information represents the abnormal degree of the traffic of the service traffic request;
a control module 830 configured to perform obtaining the abnormal evaluation parameter information, and perform access control on the service traffic request based on the abnormal evaluation parameter information.
In an alternative embodiment, the request generation 810 includes:
the first determining submodule is configured to execute the step of determining a target service characteristic parameter corresponding to a service flow request in response to the service flow request;
and the request generation submodule is configured to execute generation of an abnormal evaluation request matched with the service flow request based on the target service characteristic parameter.
In an alternative embodiment, the first determining submodule includes:
a first determining unit configured to perform determining, in response to a service traffic request, request attribute information and request scenario information indicated by the service traffic request;
and the second determining unit is configured to determine a target service characteristic parameter corresponding to the service flow request based on the request attribute information and the request scene information.
In an optional embodiment, the second determining unit is specifically configured to perform:
inquiring a service exception extraction factor corresponding to the service flow request based on the request attribute information; the service abnormity extraction factor comprises a first extraction factor used for indicating service general parameters and a second extraction factor used for indicating service special parameters;
acquiring a first service characteristic parameter from a service general parameter in the request scene information based on the first extraction factor;
acquiring a second service characteristic parameter from the service special parameter in the request scene information based on the second extraction factor;
and determining a target service characteristic parameter corresponding to the service flow request based on the first service characteristic parameter and the second service characteristic parameter.
In an alternative embodiment, the control module 830 includes:
the parameter determining submodule is configured to determine a control parameter corresponding to the service flow request based on the abnormal evaluation parameter information;
and the control sub-module is configured to perform access control on the service flow request based on the control parameter, wherein the access control comprises at least one of rejection request and forwarding request.
In an optional embodiment, in a case that the control parameter includes a routing parameter, the control sub-module includes:
the control unit is configured to execute control of forwarding the service flow request to a corresponding service node based on the routing parameter indicated by the control parameter; the routing parameters correspond to the corresponding service nodes one by one, and the service grades corresponding to different service nodes corresponding to the same service type are different.
In an optional embodiment, the control unit is specifically configured to perform:
when the routing parameter indicated by the control parameter is a first request level, controlling the service flow request to be forwarded to a first service node;
when the routing parameter indicated by the control parameter is a second request level, controlling the service flow request to be forwarded to a second service node; and the flow abnormality degree corresponding to the second request level is lower than that corresponding to the first request level, and the service quality corresponding to the second service node is higher than that corresponding to the second service node.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
FIG. 9 is a block diagram illustrating a data processing apparatus according to an example embodiment. Referring to fig. 9, the apparatus is applied to a second service node, and includes:
a request obtaining module 910 configured to perform obtaining an exception evaluation request, the exception evaluation request being generated by a first service node in response to a traffic flow request;
a parameter obtaining module 920 configured to perform obtaining of a history feature parameter corresponding to the anomaly evaluation request;
an anomaly determination module 930 configured to perform determining anomaly evaluation parameter information based on the anomaly evaluation request and the historical feature parameters; the abnormal evaluation parameter information represents the flow abnormal degree of the service flow request;
a sending module 940, configured to send the abnormal evaluation parameter information corresponding to the service traffic request to the first service node, where the first service node performs access control on the service traffic request based on the abnormal evaluation parameter information.
In an optional embodiment, the parameter obtaining module 920 is specifically configured to perform:
analyzing a request object identifier from the abnormal evaluation request;
and acquiring historical characteristic parameters corresponding to the abnormal evaluation request from a historical characteristic storage area according to the request object identifier.
In an optional embodiment, the anomaly determination module 930 is specifically configured to perform:
analyzing the target service characteristic parameters from the abnormal evaluation request;
and calling an abnormal evaluation model, processing the target service characteristic parameters and the historical characteristic parameters, and determining abnormal evaluation parameter information corresponding to the service flow request.
With regard to the methods in the above-described embodiments, the specific manner in which each step is performed has been described in detail in the embodiments of the foregoing methods, and will not be described in detail herein.
FIG. 10 is a block diagram of an electronic device shown in accordance with an example embodiment. Referring to fig. 10, the electronic device includes a processor; a memory for storing processor-executable instructions; wherein the processor is configured to implement the steps of any of the data processing methods of the above embodiments when executing the instructions stored in the memory.
The electronic device may be a terminal, a server, or a similar computing device, taking the electronic device as a server as an example, fig. 10 is a block diagram of an electronic device for determining or recommending recommended content according to an exemplary embodiment, where the electronic device 1000 may have a relatively large difference due to different configurations or performances, and may include one or more Central Processing Units (CPUs) 1010 (the processors 1010 may include but are not limited to Processing devices such as a microprocessor MCU or a programmable logic device FPGA), a memory 1030 for storing data, and one or more storage media 1020 (e.g., one or more mass storage devices) for storing application programs 1023 or data 1022. Memory 1030 and storage media 1020 may be, among other things, transient or persistent storage. The program stored in the storage medium 1020 may include one or more modules, each of which may include a sequence of instructions operating on an electronic device. Still further, the central processor 1010 may be configured to communicate with the storage medium 1020 to execute a series of instruction operations in the storage medium 1020 on the electronic device 1000.
The electronic device 1000 may also include one or more power supplies 1060, one or more wired or wireless network interfaces 1050, one or more input-output interfaces 1040, and/or one or more operating systems 1021, such as Windows Server, mac OS X, unix, linux, freeBSD, and so forth.
Input-output interface 1040 may be used to receive or transmit data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of the electronic device 1000. In one example, i/o Interface 1040 includes a Network adapter (NIC) that may be coupled to other Network devices via a base station to communicate with the internet. In an exemplary embodiment, the input/output interface 1040 may be a Radio Frequency (RF) module for communicating with the internet in a wireless manner.
It will be understood by those skilled in the art that the structure shown in fig. 10 is merely an illustration and is not intended to limit the structure of the electronic device. For example, the electronic device 1000 may also include more or fewer components than shown in FIG. 10, or have a different configuration than shown in FIG. 10.
In an exemplary embodiment, a computer-readable storage medium comprising instructions, such as a memory comprising instructions, executable by a processor of the electronic device 1000 to perform the above-described method is also provided. Alternatively, the computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
In an exemplary embodiment, a computer storage medium is also provided, in which instructions, when executed by a processor of an electronic device, enable the electronic device to perform the steps of the method provided in any one of the above-described embodiments.
In an exemplary embodiment, there is also provided a computer program product comprising computer programs/instructions which, when executed by a processor, implement the method provided in any of the above embodiments. Optionally, the computer program is stored in a computer readable storage medium. The processor of the electronic device reads the computer program from the computer-readable storage medium, and the processor executes the computer program, so that the electronic device executes the method provided in any one of the above embodiments.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), rambus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims (10)

1. A data processing method applied to a first service node, comprising:
responding to a service flow request, and generating an abnormal evaluation request matched with the service flow request;
sending the abnormal evaluation request to a second service node; the second service node determines abnormality evaluation parameter information based on the abnormality evaluation request and the acquired historical characteristic parameters corresponding to the abnormality evaluation request; the abnormal evaluation parameter information represents the abnormal degree of the traffic of the service traffic request;
and acquiring the abnormal evaluation parameter information, and executing access control on the service flow request based on the abnormal evaluation parameter information.
2. The method of claim 1, wherein generating an anomaly evaluation request matching a traffic flow request in response to the traffic flow request comprises:
responding to a service flow request, and determining a target service characteristic parameter corresponding to the service flow request;
and generating an abnormal evaluation request matched with the service flow request based on the target service characteristic parameters.
3. The method of claim 2, wherein the determining, in response to a service traffic request, a target service feature parameter corresponding to the service traffic request comprises:
responding to a service flow request, and determining request attribute information and request scene information indicated by the service flow request;
and determining a target service characteristic parameter corresponding to the service flow request based on the request attribute information and the request scene information.
4. The method according to claim 3, wherein the determining a target service feature parameter corresponding to the service traffic request based on the request attribute information and the request scenario information comprises:
inquiring a service exception extraction factor corresponding to the service flow request based on the request attribute information; the service abnormity extraction factor comprises a first extraction factor used for indicating service general parameters and a second extraction factor used for indicating service special parameters;
acquiring a first service characteristic parameter from a service general parameter in the request scene information based on the first extraction factor;
acquiring a second service characteristic parameter from the service special parameter in the request scene information based on the second extraction factor;
and determining a target service characteristic parameter corresponding to the service flow request based on the first service characteristic parameter and the second service characteristic parameter.
5. A data processing method applied to a second service node, comprising:
obtaining an anomaly evaluation request, wherein the anomaly evaluation request is generated by a first service node in response to a service flow request;
acquiring historical characteristic parameters corresponding to the abnormal evaluation request;
determining anomaly evaluation parameter information based on the anomaly evaluation request and the historical characteristic parameters; the abnormal evaluation parameter information represents the abnormal degree of the traffic of the service traffic request;
and sending the abnormal evaluation parameter information corresponding to the service flow request to the first service node, wherein the first service node executes access control on the service flow request based on the abnormal evaluation parameter information.
6. A data processing apparatus, applied to a first service node, comprising:
the request generation module is configured to execute responding to a service flow request and generate an abnormal evaluation request matched with the service flow request;
a sending module configured to execute sending the anomaly evaluation request to a second service node; the second service node determines the abnormal evaluation parameter information corresponding to the service flow request based on the abnormal evaluation request and the acquired historical characteristic parameters corresponding to the abnormal evaluation request; the abnormal evaluation parameter information represents the abnormal degree of the traffic of the service traffic request;
and the control module is configured to execute the acquisition of the abnormal evaluation parameter information and execute access control on the service flow request based on the abnormal evaluation parameter information.
7. A data processing apparatus, applied to a second service node, comprising:
a request acquisition module configured to perform acquisition of an anomaly evaluation request generated by a first service node in response to a traffic flow request;
the parameter acquisition module is configured to execute acquisition of historical characteristic parameters corresponding to the abnormal evaluation request;
an anomaly determination module configured to perform determining anomaly evaluation parameter information based on the anomaly evaluation request and the historical feature parameters; the abnormal evaluation parameter information represents the abnormal degree of the traffic of the service traffic request;
a sending module configured to execute sending of the abnormal evaluation parameter information corresponding to the service traffic request to the first service node, where the first service node executes access control on the service traffic request based on the abnormal evaluation parameter information.
8. An electronic device, comprising:
a processor;
a memory for storing the processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the data processing method of any one of claims 1 to 4 or the data processing method of claim 5.
9. A computer-readable storage medium, whose instructions, when executed by a processor of an electronic device, enable the electronic device to perform the data processing method of any one of claims 1 to 4, or the data processing method of claim 5.
10. A computer program product comprising a computer program, characterized in that the computer program realizes the data processing method of any one of claims 1 to 4, or the data processing method of claim 5, when executed by a processor.
CN202210842490.4A 2022-07-18 2022-07-18 Data processing method, device, equipment and storage medium Pending CN115361170A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210842490.4A CN115361170A (en) 2022-07-18 2022-07-18 Data processing method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210842490.4A CN115361170A (en) 2022-07-18 2022-07-18 Data processing method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN115361170A true CN115361170A (en) 2022-11-18

Family

ID=84031178

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210842490.4A Pending CN115361170A (en) 2022-07-18 2022-07-18 Data processing method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115361170A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108959934A (en) * 2018-06-11 2018-12-07 平安科技(深圳)有限公司 Safety risk estimating method, device, computer equipment and storage medium
US20200272660A1 (en) * 2019-02-21 2020-08-27 Theator inc. Indexing characterized intraoperative surgical events
CN112288279A (en) * 2020-10-30 2021-01-29 平安医疗健康管理股份有限公司 Business risk assessment method and device based on natural language processing and linear regression
US20220121858A1 (en) * 2020-10-19 2022-04-21 OnsiteIQ Inc. Systems and methods for improving accuracy of identifying observations based on images and risk assessment techniques using such determinations
CN114629723A (en) * 2022-04-21 2022-06-14 深信服科技股份有限公司 Attack detection method, device and related equipment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108959934A (en) * 2018-06-11 2018-12-07 平安科技(深圳)有限公司 Safety risk estimating method, device, computer equipment and storage medium
US20200272660A1 (en) * 2019-02-21 2020-08-27 Theator inc. Indexing characterized intraoperative surgical events
US20220121858A1 (en) * 2020-10-19 2022-04-21 OnsiteIQ Inc. Systems and methods for improving accuracy of identifying observations based on images and risk assessment techniques using such determinations
CN112288279A (en) * 2020-10-30 2021-01-29 平安医疗健康管理股份有限公司 Business risk assessment method and device based on natural language processing and linear regression
CN114629723A (en) * 2022-04-21 2022-06-14 深信服科技股份有限公司 Attack detection method, device and related equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
朱迦南: "《基于DNS日志数据的异常域名检测研究》", 《信息科技》, no. 09, 15 September 2018 (2018-09-15) *

Similar Documents

Publication Publication Date Title
CN108965381B (en) Nginx-based load balancing implementation method and device, computer equipment and medium
US10355949B2 (en) Behavioral network intelligence system and method thereof
US11522905B2 (en) Malicious virtual machine detection
US10686807B2 (en) Intrusion detection system
US9900322B2 (en) Method and system for providing permissions management
US8914841B2 (en) Method and system for mapping between connectivity requests and a security rule set
CN109088909B (en) Service gray level publishing method and device based on merchant type
CN109495467B (en) Method and device for updating interception rule and computer readable storage medium
CN111064749B (en) Network connection method, device and storage medium
CN108416665B (en) Data interaction method and device, computer equipment and storage medium
CN111478986A (en) Method, device and equipment for generating equipment fingerprint and storage medium
DE112016004345T5 (en) TECHNOLOGIES FOR ANONYMOUS CONTEXT CONFIRMATION AND THREAT ANALYSIS
US20200151340A1 (en) Monitoring a blockchain
CN112953745A (en) Service calling method, system, computer device and storage medium
CN111368311A (en) Block chain-based point management method and related device
CN113672894A (en) Data processing method, device and equipment for identifying code request and storage medium
CN113868367A (en) Method, device and system for constructing knowledge graph and computer storage medium
CN113949579B (en) Website attack defense method and device, computer equipment and storage medium
CN113098852B (en) Log processing method and device
CN112651044B (en) Business transaction method, system and storage medium based on block chain technology
CN117879936A (en) Dynamic virtualization network security management method and system based on NFV
CN112019377A (en) Method, system, electronic device and storage medium for network user role identification
US11658821B2 (en) Cybersecurity guard for core network elements
CN115361170A (en) Data processing method, device, equipment and storage medium
CN114024904B (en) Access control method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination