[go: up one dir, main page]

CN118075011A - A request blocking method, product, device and medium - Google Patents

A request blocking method, product, device and medium Download PDF

Info

Publication number
CN118075011A
CN118075011A CN202410307743.7A CN202410307743A CN118075011A CN 118075011 A CN118075011 A CN 118075011A CN 202410307743 A CN202410307743 A CN 202410307743A CN 118075011 A CN118075011 A CN 118075011A
Authority
CN
China
Prior art keywords
request
current
risk
requests
target group
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410307743.7A
Other languages
Chinese (zh)
Inventor
吴宏刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Ansheng Huaxin Technology Co ltd
Original Assignee
Beijing Ansheng Huaxin Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Ansheng Huaxin Technology Co ltd filed Critical Beijing Ansheng Huaxin Technology Co ltd
Priority to CN202410307743.7A priority Critical patent/CN118075011A/en
Publication of CN118075011A publication Critical patent/CN118075011A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Debugging And Monitoring (AREA)

Abstract

本申请涉及访问安全技术领域,尤其涉及一种请求阻断方法、产品、设备及介质。该方法包括:获取当前请求、当前请求的历史访问数据以及当前请求正在访问的当前节点;对当前请求进行解析,确定当前请求的请求来源;根据预设对应关系,确定请求来源对应的预定义序列,预设对应关系为请求来源和预定义序列的对应关系,预定义序列包括多个节点以及多个节点之间的访问顺序;从预定义序列中确定与当前节点相关联的若干前置节点,并判断若干前置节点是否全部包含在历史访问数据内;若若干前置节点未全部包含在历史访问数据内,则将当前请求确定为风险请求,并对当前请求进行阻断。本申请可以阻断风险请求,提高访问的安全性和稳定性。

The present application relates to the field of access security technology, and in particular to a request blocking method, product, device and medium. The method includes: obtaining the current request, the historical access data of the current request and the current node being accessed by the current request; parsing the current request to determine the request source of the current request; determining the predefined sequence corresponding to the request source according to the preset corresponding relationship, the preset corresponding relationship is the correspondence between the request source and the predefined sequence, and the predefined sequence includes multiple nodes and the access order between multiple nodes; determining several preceding nodes associated with the current node from the predefined sequence, and judging whether the several preceding nodes are all included in the historical access data; if the several preceding nodes are not all included in the historical access data, the current request is determined as a risk request, and the current request is blocked. The present application can block risk requests and improve the security and stability of access.

Description

Request blocking method, product, equipment and medium
Technical Field
The present application relates to the field of access security technologies, and in particular, to a request blocking method, a product, a device, and a medium.
Background
In the current internet environment, user interaction with web applications is increasingly frequent, and as application complexity increases, management and monitoring of user requests is becoming increasingly important. The user requests are typically made in some particular logic or order to ensure that the functions of the application function properly and efficiently. However, in actual practice, the request may proceed in an unexpected manner for a variety of reasons, such as user operation, network problems, or improper implementation of the client software.
For requests with improper access sequences, the recognition accuracy of the existing monitoring and analyzing tools is not high. The related art analyzes request characteristics to identify potentially dangerous behavior by monitoring and analyzing tools, focusing on the content and behavior of individual requests, not the sequential relationship between requests, and when the content of one request is normal, but the time or sequence in which the request occurs is inconsistent with expectations, the related art cannot accurately identify such anomalies.
Disclosure of Invention
In order to improve accuracy of verification request access sequence, the application provides a request blocking method, a request blocking product, request blocking equipment and a request blocking medium.
In a first aspect, the present application provides a request blocking method, which adopts the following technical scheme:
a request blocking method, comprising:
acquiring a current request, historical access data of the current request and a current node which is being accessed by the current request;
Analyzing the current request and determining a request source of the current request;
Determining a predefined sequence corresponding to the request source according to a preset corresponding relation, wherein the preset corresponding relation is the corresponding relation between the request source and the predefined sequence, and the predefined sequence comprises a plurality of nodes and an access sequence among the nodes;
Determining a number of pre-nodes associated with the current node from the predefined sequence and determining whether the number of pre-nodes are all contained within the historical access data;
And if the plurality of front nodes are not all contained in the historical access data, determining the current request as a risk request, and blocking the current request.
By adopting the technical scheme, the historical access data of the current request is obtained, the historical access data provides the behavior mode of the current request, the abnormal access behavior is facilitated to be identified, the current request is analyzed, the requests of different request sources are facilitated to be distinguished, further, different predefined sequences are determined, the preset corresponding relation enables the matching of the request sources and the predefined sequences to be more accurate, the predefined sequences define normal access permission, the standard is provided for judging whether the current request is abnormal, the front node is determined to facilitate to check whether the current request accesses the nodes according to the expected access sequence, and whether all the front nodes are contained in the historical access data is judged, so that the requests which are not accessed according to the normal sequence can be effectively identified, potential risk requests can be blocked in time, and the safety and stability of access can be improved by blocking the risk requests.
The present application may be further configured in a preferred example to: blocking the current request includes:
Acquiring a plurality of requests within a preset duration and request sources corresponding to the plurality of requests respectively;
grouping the requests according to the request sources corresponding to the requests to obtain a plurality of groups, wherein each group corresponds to one request source;
determining a request number and a risk request number of a first target group, wherein the first target group is any one of the plurality of groups;
and determining a blocking strategy of the current request according to the number of requests and the number of risk requests corresponding to the groups, and blocking the current request according to the blocking strategy.
By adopting the technical scheme, a plurality of requests in a preset time period are collected, the recent request activity condition can be acquired, the current request state is comprehensively known, the requests with unified request sources can be classified together by grouping, the request behavior mode and risk condition of specific sources can be conveniently analyzed, different blocking strategies can be formulated for the requests with different request sources after grouping, the pertinence and effectiveness of blocking are improved, the activity level of the group can be reflected by the request quantity of the first target group, the whole flow and load condition of the group can be evaluated, the risk degree in the group of requests can be directly reflected by the risk request quantity is determined, the blocking strategy can be formulated according to the request quantity and the risk request quantity, the risk request can be more accurately identified and blocked, and the access safety and the defending capability are improved.
The present application may be further configured in a preferred example to: determining the blocking strategy of the current request according to the number of requests and the number of risk requests corresponding to the groups respectively, wherein the blocking strategy comprises the following steps:
Determining the request frequency of the first target group according to the request quantity of the first target group and the preset duration;
Determining a risk request proportion of the first target group according to the request frequency and the risk request quantity of the first target group;
and determining the blocking strategy of the current request according to the request frequency and the risk request proportion corresponding to each of the groups.
By adopting the technical scheme, the request frequency is calculated, the activity degree of the requests of the first target group in the preset duration can be known, abnormal or high-frequency request behaviors can be identified, the ratio of risk request proportion in the first target group can reflect the ratio of risk requests in the first target group, the request of a high risk source can be identified, the risk conditions of requests of different sources can be comprehensively known by comprehensively considering the request frequencies and the risk request proportion of a plurality of groups, and the accuracy and the effectiveness of blocking strategies are ensured.
The present application may be further configured in a preferred example to: determining a blocking strategy of the current request according to the request frequency and the risk request proportion corresponding to each of the groups, wherein the blocking strategy comprises the following steps:
generating a request frequency sequence according to the request frequencies corresponding to the groups;
generating a risk request proportion sequence according to the risk request proportion corresponding to each of the groups;
Determining a second target group corresponding to the current request from the plurality of groups, and determining a first position of a request frequency corresponding to the second target group in the request frequency sequence and a second position of a risk request proportion corresponding to the second target group in the risk request proportion sequence;
determining a risk level of the second target group according to the first position and the second position;
And determining the blocking strategy of the current request according to the risk level.
By adopting the technical scheme, the request frequency sequence and the risk request proportion sequence are generated, the request frequency sequence can intuitively display the request liveness difference among different groups, the risk request proportion sequence is favorable for rapidly positioning a high-risk group, and the risk level can be evaluated by combining the request frequency and the two dimensions of the risk request proportion, so that the actual risk condition of the second target group can be reflected more comprehensively, the risk level is determined, the risk evaluation result is more objective and accurate, and the blocking strategy is formulated based on the risk level, so that the blocking strategy is more targeted and effective.
The present application may be further configured in a preferred example to: the method further comprises the steps of:
Determining a plurality of nodes corresponding to a target request source and a dependency relationship among the nodes, wherein the target request source is any request source;
and generating a predefined sequence corresponding to the target request source according to the dependency relationship among the plurality of nodes.
By adopting the technical scheme, the plurality of nodes and the dependency relationships thereof corresponding to the target sources are determined, and the corresponding predefined sequences are generated, so that the normalization and the safety of processing the current request can be improved.
The present application may be further configured in a preferred example to: analyzing the current request, and determining a request source of the current request, wherein the method comprises the following steps:
Acquiring the importance degree of the current node;
verifying the current request according to the importance degree of the current node to obtain a verification result;
And if the verification result is that the verification is passed, analyzing the current request, and determining a request source of the current request.
By adopting the technical scheme, the importance degree of the current node is obtained and verified based on the importance degree, so that the key node can be protected more tightly, the pertinence and the efficiency of verification are improved, and the accuracy and the reliability of a request source are ensured.
The present application may be further configured in a preferred example to: verifying the current request according to the importance degree of the current node to obtain a verification result, wherein the verification result comprises the following steps:
If the importance degree of the current node exceeds an importance degree threshold value, carrying out identity verification on the current request to obtain an identity verification result;
and if the authentication result is that the authentication is passed, carrying out integrity authentication on the current request to obtain an authentication result.
By adopting the technical scheme, the protection and the comprehensive verification of the important node are realized by combining the judgment of the importance degree of the node and the multiple verification steps, the validity of the request source can be ensured, and the integrity and the authenticity of the request data can be ensured.
In a second aspect, the present application provides a computer program product, which adopts the following technical scheme:
a computer program product comprising a computer program which, when executed by a processor, implements the request blocking method according to any of the first aspects.
In a third aspect, the present application provides an electronic device, which adopts the following technical scheme:
One or more processors;
A memory;
At least one application program, wherein the at least one application program is stored in the memory and configured to be executed by the at least one processor, the at least one application program configured to: a request blocking method according to any of the first aspects is performed.
In a fourth aspect, the present application provides a computer readable storage medium, which adopts the following technical scheme:
a computer readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the request blocking method according to any of the first aspects.
In summary, the application has the following beneficial technical effects:
According to the application, by acquiring the historical access data of the current request, the historical access data provides the behavior mode of the current request, the method is beneficial to identifying abnormal access behaviors, analyzing the current request, distinguishing the requests of different request sources, further determining different predefined sequences, presetting the corresponding relation to enable the matching of the request sources and the predefined sequences to be more accurate, defining the normal access permission by the predefined sequences, providing a standard for judging whether the current request is abnormal, determining the front node is beneficial to checking whether the current request accesses the nodes according to the expected access sequence, judging whether the front node is completely contained in the historical access data, and effectively identifying the requests which are not accessed according to the normal sequence, so that the potential risk requests can be blocked in time.
Drawings
FIG. 1 is a flow chart of a request blocking method according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The present application will be described in further detail with reference to fig. 1-2.
The present embodiment is only for explanation of the present application and is not to be construed as limiting the present application, and modifications to the present embodiment, which may not creatively contribute to the present application as required by those skilled in the art after reading the present specification, are all protected by patent laws within the scope of claims of the present application.
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
In addition, the term "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. In this context, unless otherwise specified, the term "/" generally indicates that the associated object is an "or" relationship.
The embodiment of the application provides a request blocking method, as shown in fig. 1, and the method provided in the embodiment of the application is executed by an electronic device, wherein the electronic device can be a server or a terminal device, and the server can be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server for providing cloud computing service. The terminal device may be a smart phone, a tablet computer, a notebook computer, a desktop computer, or the like, but is not limited thereto, and the terminal device and the server may be directly or indirectly connected through a wired or wireless communication manner, which is not limited herein, and the method includes steps S101-S105, wherein:
s101, acquiring a current request, historical access data of the current request and a current node which is being accessed by the current request.
In this embodiment, a database may be preset and used to store historical access data of each request, where the historical access data may include the requested content, the accessed node, and the access time corresponding to each node. When the electronic equipment receives a request sent by a user, the request is used as a current request, historical access data of the current request before a current node is obtained from a database, and if the historical access data corresponding to the current request does not exist in the database, a new record is created or an empty record set is returned. Wherein the node may be an API.
S102, analyzing the current request, and determining a request source of the current request.
In this embodiment, various contents may be parsed according to the format and protocol of the request, and the source of the request may refer to the client information that initiates the request. When the current request is an HTTP request, the current request may be parsed to obtain a request row, a request header, a request body, and URL parameters of the current request, and it is determined that a request source of the current request depends on a setting rule of a sender, and when the sender sends the request, the request source may be identified in a custom field of the request header, and a custom parameter may be added to the URL parameters to identify the request source.
S103, determining a predefined sequence corresponding to the request source according to a preset corresponding relation, wherein the preset corresponding relation is the corresponding relation between the request source and the predefined sequence, and the predefined sequence comprises a plurality of nodes and an access sequence among the nodes.
In this embodiment, the preset correspondence may be stored in a database, and according to the request source of the current request, a predefined sequence corresponding to the request source of the current request may be searched in the database. If the predefined sequence corresponding to the request source corresponding to the current request cannot be found in the database, an error message is returned to prompt related personnel to check or reconfigure the predefined sequence corresponding to the request source of the current request in the database.
S104, determining a plurality of front nodes associated with the current node from the predefined sequence, and judging whether the plurality of front nodes are all contained in the historical access data.
In this embodiment, the preceding node of the current node is a node whose access order is before the current node, and the preceding node associated with the current node is a preceding node whose access order is adjacent to the current node.
S105, if all the plurality of front nodes are not contained in the historical access data, determining the current request as a risk request, and blocking the current request.
In this embodiment, if the plurality of pre-nodes corresponding to the current node are all included in the historical access data corresponding to the current request, it indicates that the plurality of pre-nodes are all accessed before the current time, and accords with the predefined sequence corresponding to the current request; if the plurality of pre-nodes corresponding to the current node are not all contained in the historical access data corresponding to the current request, the node access sequence of the current request does not accord with the predefined sequence, the current request can be determined as a risk request, and the current request is blocked, so that the access security is improved.
According to the embodiment of the application, the historical access data of the current request is obtained, the historical access data provides the behavior mode of the current request, the abnormal access behavior is recognized, the current request is analyzed, the requests of different request sources are differentiated, further different predefined sequences are determined, the preset corresponding relation enables the matching of the request sources and the predefined sequences to be more accurate, the predefined sequences define normal access permission, the standard is provided for judging whether the current request is abnormal, the front node is determined to be helpful for checking whether the current request accesses the node according to the expected access sequence, and judging whether the front node is completely contained in the historical access data, so that the requests which are not accessed according to the normal sequence can be effectively recognized, the potential risk requests can be blocked in time, and the safety and stability of the access can be improved by blocking the risk requests.
One possible implementation manner of the embodiment of the present application, blocking a current request includes:
Acquiring a plurality of requests within a preset duration and request sources corresponding to the plurality of requests respectively;
Grouping the requests according to the request sources corresponding to the requests to obtain a plurality of groups, wherein each group corresponds to one request source;
determining a request number and a risk request number of a first target group, wherein the first target group is any one of a plurality of groups;
And determining a blocking strategy of the current request according to the number of requests and the number of risk requests corresponding to each of the groups, and blocking the current request according to the blocking strategy.
In this embodiment, the preset time period may be set according to actual requirements, and the embodiment is not specifically limited. Multiple requests within a preset time period can be collected from a request log, a message queue or a real-time stream, the multiple requests are respectively analyzed, the request source of each request is determined, and the requests with the same request source are divided into a group to obtain multiple groups.
The embodiment of the application can acquire the recent request activity condition by collecting a plurality of requests within the preset time length, is beneficial to comprehensively knowing the current request state, can classify the requests with unified request sources together, is convenient for analyzing the request behavior mode and risk condition of specific sources, can formulate different blocking strategies for the requests with different request sources after grouping, improves the pertinence and the effectiveness of blocking, determines the request quantity of a first target group to reflect the activity level of the group, is beneficial to evaluating the overall flow and the load condition, determines the risk request quantity to directly reflect the risk degree in the group of requests, and formulates the blocking strategy according to the request quantity and the risk request quantity, can more accurately identify and block the risk request, and improves the access safety and the defensive capability.
According to one possible implementation manner of the embodiment of the present application, determining a blocking policy of a current request according to the number of requests and the number of risk requests corresponding to each of a plurality of groups includes:
Determining the request frequency of the first target group according to the request quantity and the preset duration of the first target group;
Determining the risk request proportion of the first target group according to the request frequency and the risk request quantity of the first target group;
And determining the blocking strategy of the current request according to the number of the requests and the risk request proportion corresponding to each of the groups.
In this embodiment, the number of requests of the first target group is the total number of the requests in the first target group, and the ratio of the number of requests of the first target group to the preset duration may be used as the request frequency of the first target group. Further, the ratio of the risk request number to the request number of the first target group is used as the risk request proportion of the current request.
According to the embodiment of the application, the activity degree of the requests of the first target group in the preset time period can be known through calculating the request frequency, the abnormal or high-frequency request behaviors can be identified, the proportion of risk requests in the first target group can reflect the proportion of risk requests in the first target group, the request with high risk sources can be identified, the risk conditions of requests with different sources can be comprehensively known through comprehensively considering the request frequencies and the risk request proportions of a plurality of groups, and the accuracy and the effectiveness of blocking strategies are ensured.
According to one possible implementation manner of the embodiment of the present application, determining a blocking policy of a current request according to request frequencies and risk request proportions corresponding to a plurality of groups, includes:
generating a request frequency sequence according to the request frequencies corresponding to the groups;
generating a risk request proportion sequence according to the risk request proportion corresponding to each of the plurality of groups;
Determining a second target group corresponding to the current request from the plurality of groups, and determining a first position of a request frequency corresponding to the second target group in a request frequency sequence and a second position of a risk request proportion corresponding to the second target group in a risk request proportion sequence;
determining a risk level of the second target group according to the first position and the second position;
and determining the blocking strategy of the current request according to the risk level.
In this embodiment, a plurality of groups may be arranged from small to large according to the request frequency to obtain a request frequency sequence, and a plurality of groups may be arranged from small to large according to the risk request proportion to obtain a risk request proportion sequence. Further, the number of the plurality of groups may be determined as the target number, and the number of the request frequencies included in the request frequency sequence is the target number, and the number of the risk request proportions included in the risk request proportion sequence is also the target number. The ratio of the position of the request frequency corresponding to the second target group in the request frequency sequence to the target number can be used as the first position of the request frequency corresponding to the second target group in the request frequency sequence, and the ratio of the position of the risk request proportion corresponding to the second target group in the risk request proportion sequence to the target number can be used as the second position of the risk request proportion corresponding to the second target group in the risk request proportion sequence. The position of the request frequency corresponding to the second target group in the request frequency sequence indicates what number of bits are ranked, for example, assuming that the request frequency corresponding to the second target group is ranked 5 th in the request frequency sequence, the position of the risk request proportion corresponding to the second target group in the risk request proportion sequence is 5.
Further, an initial risk level for the second target group may be determined based on the first location and the second location. Specifically, the weight of the first position may be set as a first weight, the weight of the second position is a second weight, the sum of the first weight and the second weight is 1, and the first weight is not greater than the second weight according to practical experience. And according to the respective corresponding weights, carrying out weighted summation on the first position and the second position, and taking the obtained value as a risk coefficient. It can be seen that the minimum value of the risk coefficient is the ratio of 1 to the target number, the maximum value of the risk coefficient is 1, the minimum value and the maximum value of the risk coefficient can be divided into 3 intervals according to actual requirements, different risk levels respectively correspond to the risk levels, and the risk levels can include: the first level, the second level, and the third level are the higher the level, the greater the risk, the region with the smallest risk coefficient value corresponds to the first level, and the region with the largest risk coefficient value corresponds to the third level, thereby determining the initial risk level corresponding to the second target group.
In addition, corresponding thresholds may be set for the request frequency and the risk request proportion, and it is determined whether the request frequency of the second target group exceeds the corresponding threshold to obtain a first determination result, and it is determined whether the risk request proportion of the second target group exceeds the corresponding threshold to obtain a second determination result. And then, according to the first judging result and the second judging result, adjusting the initial risk level to obtain a risk level corresponding to the second target group. In one possible case, the first determination result is that the request frequency of the second target group exceeds the corresponding threshold, and the second determination result is that the risk request proportion of the second target group does not exceed the corresponding threshold, where the initial risk level is not adjusted. In another possible case, the first determination result is that the request frequency of the second target group exceeds the corresponding threshold, and the second determination result is that the risk request proportion of the second target group does not exceed the corresponding threshold, at this time, the initial risk level is not adjusted, and the risk level is marked frequently. In another possible case, the first determination result is that the request frequency of the second target group does not exceed the corresponding threshold, and the second determination result is that the risk request proportion of the second target group exceeds the corresponding threshold, at this time, the initial risk level is not adjusted, and the risk level is marked with risk exceeding standard. In another possible case, the first determination result is that the request frequency of the second target group exceeds the corresponding threshold, and the second determination result is that the risk request proportion of the second target group exceeds the corresponding threshold, at this time, the initial risk level is increased by one level, and if the initial risk level is the third level, no adjustment is performed.
Furthermore, corresponding blocking strategies can be formulated for different risk classes. In a possible case, when the risk level of the second target group is the first level, the current request is indicated to be low in risk, the corresponding blocking policy may be logging, actual blocking is not performed, a correct access sequence may be generated according to a predefined sequence, and feedback is provided to the user, so as to prompt the user to access according to the correct access sequence. In another possible case, when the risk level of the second target group is the second level, the corresponding blocking policy may be to send a warning notification, and if the risk level of the second target group is the second level and there is a label that requests frequently, the corresponding blocking policy may be set to send a warning notification and limit the access frequency; if the risk level of the second target group is the second level, and the risk level of the second target group has a label with an exceeding risk, the corresponding blocking policy may be set to send a warning notification and reduce the access right of the current request, where the importance level and the importance level threshold may be set in advance for each access node, the importance level may be represented by a numerical value, the larger the numerical value is, the higher the importance level is represented, when the importance level of the node exceeds the importance level threshold, the node is indicated to be an important node, and when the risk level of the second target group is the second level, and the risk level of the second target group has a label with an exceeding risk, the access right of the current request may be limited, and the access to the important node is prohibited. In another possible scenario, when the risk level of the second target group is the third level, indicating that the risk level of the second target group is too high, a blocking policy may be set to reject the access request of the current request to any node.
According to the embodiment of the application, the request frequency sequence and the risk request proportion sequence are generated, the request frequency sequence can intuitively display the request liveness difference among different groups, the risk request proportion sequence is helpful for rapidly positioning the high-risk group, the risk grade is evaluated by combining the request frequency and the two dimensions of the risk request proportion, the actual risk condition of the second target group can be more comprehensively reflected, the risk grade is determined, so that the risk evaluation result is more objective and accurate, and the blocking strategy is formulated based on the risk grade to be more targeted and effective.
One possible implementation manner of the embodiment of the present application, the method further includes:
Determining a plurality of nodes corresponding to a target request source and a dependency relationship among the plurality of nodes, wherein the target request source is any request source;
And generating a predefined sequence corresponding to the source of the target request according to the dependency relationship among the plurality of nodes.
In this embodiment, all nodes related to the target request source may be collected from a system configuration, a service registry, or a request log, and the nodes may be API interfaces. Furthermore, the processing flow of the request in the system can be tracked by a log analysis mode, a distributed tracking system mode or a code examination mode, call links among the nodes are analyzed, then a dependency graph among the nodes is established according to the analyzed call links, the graph can be a directed graph which shows the access sequence among the nodes, the execution sequence among the nodes is determined according to the dependency graph through a sequencing algorithm such as topological sequencing, depth-first searching and the like, and a predefined sequence corresponding to the source of the target request is generated.
According to the embodiment of the application, the normative and the safety of processing the current request can be improved by determining the plurality of nodes corresponding to the target source and the dependency relationship thereof and generating the corresponding predefined sequence.
One possible implementation manner of the embodiment of the present application, analyzing the current request, and determining the request source of the current request includes:
Acquiring the importance degree of the current node;
verifying the current request according to the importance degree of the current node to obtain a verification result;
If the verification result is that the verification is passed, the current request is analyzed, and the request source of the current request is determined.
In one possible scenario, the importance of the current node does not exceed the importance threshold, at this time, the current request may be authenticated, an authentication result is obtained, and the obtained authentication result is taken as the authentication result. In another possible case, the importance degree of the current node exceeds an importance degree threshold, at this time, the current request may be authenticated first to obtain an authentication result, and if the authentication result is that the authentication is not passed, the current request is prevented from accessing the current node; if the authentication is passed, carrying out integrity authentication on the current request to obtain an authentication result, and if the authentication result of the integrity authentication is that the authentication is not passed, preventing the current request from accessing the current node; if the verification result of the integrity verification is that the verification is passed, the current request is analyzed, and the request source of the current request is determined.
According to the embodiment of the application, by acquiring the importance degree of the current node and verifying based on the importance degree, the key node can be protected more tightly, the pertinence and the efficiency of verification are improved, and the accuracy and the reliability of the request source are ensured.
According to a possible implementation manner of the embodiment of the present application, according to the importance degree of the current node, the current request is verified to obtain a verification result, including:
if the importance degree of the current node exceeds the importance degree threshold value, carrying out identity verification on the current request to obtain an identity verification result;
And if the authentication result is that the authentication passes, carrying out integrity authentication on the current request to obtain an authentication result.
In this embodiment, the authentication may be performed by using a user name, a password, an identity token, and the like, and the identity information in the current request is compared with legal information stored in the database in advance, and if the comparison is successful, it indicates that the authentication is passed. Further, the integrity check information in the current request can be obtained and can be a digital signature or a hash value, the digital signature or the hash value is used for verifying the integrity of the data, the hash calculation or the signature generation is carried out on the current request, the hash value or the signature obtained by pinching off is compared with the integrity check information contained in the current request, if the hash value or the signature is consistent with the integrity check information, the integrity check is passed, otherwise, the integrity check is not passed.
The embodiment of the application realizes the protection and comprehensive verification of the important node by combining the judgment of the importance degree of the node and multiple verification steps, can ensure the validity of the request source and can also ensure the integrity and the authenticity of the request data.
The embodiment of the application provides a computer program product, which comprises a computer program, and the computer program realizes the content shown in the embodiment of the request blocking method when being executed by a processor.
In an embodiment of the present application, as shown in fig. 2, an electronic device 200 shown in fig. 2 includes: a processor 201 and a memory 203. Wherein the processor 201 is coupled to the memory 203, such as via a bus 202. Optionally, the electronic device 200 may also include a transceiver 204. It should be noted that, in practical applications, the transceiver 204 is not limited to one, and the structure of the electronic device 200 is not limited to the embodiment of the present application.
The Processor 201 may be a CPU (Central Processing Unit ), general purpose Processor, DSP (DIGITAL SIGNAL Processor, data signal Processor), ASIC (Application SPECIFIC INTEGRATED Circuit), FPGA (Field Programmable GATE ARRAY ) or other programmable logic device, transistor logic device, hardware component, or any combination thereof. Which may implement or perform the various exemplary logic blocks, modules and circuits described in connection with this disclosure. The processor 201 may also be a combination that implements computing functionality, e.g., comprising one or more microprocessor combinations, a combination of a DSP and a microprocessor, etc.
Bus 202 may include a path to transfer information between the aforementioned components. Bus 202 may be a PCI (PERIPHERAL COMPONENT INTERCONNECT, peripheral component interconnect standard) bus, or an EISA (Extended Industry Standard Architecture ) bus, or the like. The bus 202 may be classified as an address bus, a data bus, a control bus, or the like. For ease of illustration, only one thick line is shown in fig. 2, but not only one bus or type of bus.
The Memory 203 may be, but is not limited to, a ROM (Read Only Memory) or other type of static storage device that can store static information and instructions, a RAM (Random Access Memory ) or other type of dynamic storage device that can store information and instructions, an EEPROM (ELECTRICALLY ERASABLE PROGRAMMABLE READ ONLY MEMORY ), a CD-ROM (Compact Disc Read Only Memory, compact disc Read Only Memory) or other optical disk storage, optical disk storage (including compact discs, laser discs, optical discs, digital versatile discs, blu-ray discs, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
The memory 203 is used for storing application program codes for executing the inventive arrangements and is controlled by the processor 201 for execution. The processor 201 is configured to execute application code stored in the memory 203 to implement what is shown in the foregoing request blocking method embodiment.
The electronic device shown in fig. 2 is only an example and should not be construed as limiting the functionality and scope of use of the embodiments of the application.
Embodiments of the present application provide a computer-readable storage medium having a computer program stored thereon, which when run on a computer, enables the computer to perform what has been shown in the foregoing request blocking method embodiments.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited in order and may be performed in other orders, unless explicitly stated herein. Moreover, at least some of the steps in the flowcharts of the figures may include a plurality of sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, the order of their execution not necessarily being sequential, but may be performed in turn or alternately with other steps or at least a portion of the other steps or stages.
The foregoing is only a partial embodiment of the present application, and it should be noted that it will be apparent to those skilled in the art that modifications and adaptations can be made without departing from the principles of the present application, and such modifications and adaptations should and are intended to be comprehended within the scope of the present application.

Claims (10)

1.一种请求阻断方法,其特征在于,包括:1. A request blocking method, comprising: 获取当前请求、所述当前请求的历史访问数据以及所述当前请求正在访问的当前节点;Obtaining a current request, historical access data of the current request, and a current node being accessed by the current request; 对所述当前请求进行解析,确定所述当前请求的请求来源;Parsing the current request to determine the request source of the current request; 根据预设对应关系,确定所述请求来源对应的预定义序列,所述预设对应关系为请求来源和预定义序列的对应关系,所述预定义序列包括多个节点以及所述多个节点之间的访问顺序;Determine a predefined sequence corresponding to the request source according to a preset corresponding relationship, wherein the preset corresponding relationship is a corresponding relationship between the request source and the predefined sequence, and the predefined sequence includes a plurality of nodes and an access order between the plurality of nodes; 从所述预定义序列中确定与所述当前节点相关联的若干前置节点,并判断所述若干前置节点是否全部包含在所述历史访问数据内;Determining a number of preceding nodes associated with the current node from the predefined sequence, and determining whether all of the preceding nodes are included in the historical access data; 若所述若干前置节点未全部包含在所述历史访问数据内,则将所述当前请求确定为风险请求,并对所述当前请求进行阻断。If the plurality of preceding nodes are not all included in the historical access data, the current request is determined as a risky request and is blocked. 2.根据权利要求1所述的请求阻断方法,其特征在于,对所述当前请求进行阻断,包括:2. The request blocking method according to claim 1, characterized in that blocking the current request comprises: 获取预设时长内的多个请求以及所述多个请求各自对应的请求来源;Obtain multiple requests within a preset time period and request sources corresponding to each of the multiple requests; 根据所述多个请求各自对应的请求来源,将所述多个请求进行分组,得到多个组,每一组对应一个请求来源;According to the request sources corresponding to the multiple requests, the multiple requests are grouped to obtain multiple groups, each group corresponding to one request source; 确定第一目标组的请求数量和风险请求数量,所述第一目标组为所述多个组中任一个;Determining a number of requests and a number of risky requests for a first target group, the first target group being any one of the plurality of groups; 根据所述多个组各自对应的请求数量和风险请求数量,确定所述当前请求的阻断策略,并根据所述阻断策略对所述当前请求进行阻断。A blocking strategy for the current request is determined according to the number of requests and the number of risky requests corresponding to each of the multiple groups, and the current request is blocked according to the blocking strategy. 3.根据权利要求2所述的请求阻断方法,其特征在于,根据所述多个组各自对应的请求数量和风险请求数量,确定所述当前请求的阻断策略,包括:3. The request blocking method according to claim 2, characterized in that the blocking strategy of the current request is determined according to the number of requests and the number of risky requests corresponding to each of the multiple groups, comprising: 根据所述第一目标组的请求数量和所述预设时长,确定所述第一目标组的请求频率;Determining a request frequency of the first target group according to the number of requests of the first target group and the preset duration; 根据所述第一目标组的请求频率和风险请求数量,确定所述第一目标组的风险请求比例;Determining a risk request ratio of the first target group according to the request frequency and the number of risk requests of the first target group; 根据所述多个组各自对应的请求频率和风险请求比例,确定当前请求的阻断策略。A blocking strategy for the current request is determined according to the request frequencies and risk request ratios corresponding to each of the multiple groups. 4.根据权利要求3所述的请求阻断方法,其特征在于,根据所述多个组各自对应的请求频率和风险请求比例,确定当前请求的阻断策略,包括:4. The request blocking method according to claim 3 is characterized in that the blocking strategy of the current request is determined according to the request frequencies and risk request ratios corresponding to the multiple groups, including: 根据所述多个组各自对应的请求频率,生成请求频率序列;generating a request frequency sequence according to the request frequencies corresponding to the plurality of groups; 根据所述多个组各自对应的风险请求比例,生成风险请求比例序列;generating a risk request ratio sequence according to the risk request ratios corresponding to the plurality of groups; 从所述多个组中确定当前请求对应的第二目标组,并确定所述第二目标组对应的请求频率在所述请求频率序列中的第一位置,以及所述第二目标组对应的风险请求比例在所述风险请求比例序列中的第二位置;Determine a second target group corresponding to the current request from the multiple groups, and determine a first position of a request frequency corresponding to the second target group in the request frequency sequence, and a second position of a risk request ratio corresponding to the second target group in the risk request ratio sequence; 根据所述第一位置和所述第二位置,确定所述第二目标组的风险等级;determining a risk level of the second target group based on the first location and the second location; 根据所述风险等级,确定所述当前请求的阻断策略。A blocking strategy for the current request is determined according to the risk level. 5.根据权利要求1所述的请求阻断方法,其特征在于,所述方法还包括:5. The request blocking method according to claim 1, characterized in that the method further comprises: 确定目标请求来源对应的多个节点以及所述多个节点之间的依赖关系,所述目标请求来源为任一请求来源;Determine a plurality of nodes corresponding to a target request source and dependencies between the plurality of nodes, the target request source being any request source; 根据所述多个节点之间的依赖关系,生成所述目标请求来源对应的预定义序列。A predefined sequence corresponding to the target request source is generated according to the dependency relationship between the multiple nodes. 6.根据权利要求1所述的请求阻断方法,其特征在于,对所述当前请求进行解析,确定所述当前请求的请求来源,包括:6. The request blocking method according to claim 1, characterized in that parsing the current request to determine the request source of the current request comprises: 获取所述当前节点的重要程度;Obtaining the importance of the current node; 根据所述当前节点的重要程度,对所述当前请求进行验证,得到验证结果;Verifying the current request according to the importance of the current node to obtain a verification result; 若所述验证结果为验证通过,则对所述当前请求进行解析,确定所述当前请求的请求来源。If the verification result is that the verification is passed, the current request is parsed to determine the request source of the current request. 7.根据权利要求6所述的请求阻断方法,其特征在于,根据所述当前节点的重要程度,对所述当前请求进行验证,得到验证结果,包括:7. The request blocking method according to claim 6, characterized in that the current request is verified according to the importance of the current node to obtain a verification result, comprising: 若所述当前节点的重要程度超过重要程度阈值,则对所述当前请求进行身份验证,得到身份验证结果;If the importance of the current node exceeds the importance threshold, identity authentication is performed on the current request to obtain an identity authentication result; 若所述身份验证结果为验证通过,则对所述当前请求进行完整性验证,得到验证结果。If the identity authentication result is that the verification is passed, the integrity verification is performed on the current request to obtain a verification result. 8.一种计算机程序产品,其特征在于,包括计算机程序,所述计算机程序被处理器执行时实现权利要求1至7中任一项所述的请求阻断方法的步骤。8. A computer program product, characterized in that it comprises a computer program, and when the computer program is executed by a processor, the steps of the request blocking method according to any one of claims 1 to 7 are implemented. 9.一种电子设备,其特征在于,包括:9. An electronic device, comprising: 至少一个处理器;at least one processor; 存储器;Memory; 至少一个应用程序,其中至少一个应用程序被存储在存储器中并被配置为由至少一个处理器执行,所述至少一个应用程序配置用于:执行权利要求1-7任一项所述的请求阻断方法。At least one application, wherein the at least one application is stored in a memory and configured to be executed by at least one processor, and the at least one application is configured to: execute the request blocking method described in any one of claims 1-7. 10.一种计算机可读存储介质,其上存储有计算机程序,其特征在于,当所述计算机程序在计算机中执行时,令所述计算机执行权利要求1-7任一项所述的请求阻断方法。10. A computer-readable storage medium having a computer program stored thereon, characterized in that when the computer program is executed in a computer, the computer is caused to execute the request blocking method according to any one of claims 1 to 7.
CN202410307743.7A 2024-03-18 2024-03-18 A request blocking method, product, device and medium Pending CN118075011A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410307743.7A CN118075011A (en) 2024-03-18 2024-03-18 A request blocking method, product, device and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410307743.7A CN118075011A (en) 2024-03-18 2024-03-18 A request blocking method, product, device and medium

Publications (1)

Publication Number Publication Date
CN118075011A true CN118075011A (en) 2024-05-24

Family

ID=91109373

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410307743.7A Pending CN118075011A (en) 2024-03-18 2024-03-18 A request blocking method, product, device and medium

Country Status (1)

Country Link
CN (1) CN118075011A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119652676A (en) * 2025-02-17 2025-03-18 北京神州慧安科技有限公司 Industrial Internet network security monitoring method, system, device and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190007443A1 (en) * 2017-06-29 2019-01-03 Amazon Technologies, Inc. Security policy analyzer service and satisfaibility engine
CN111683087A (en) * 2020-06-07 2020-09-18 中信银行股份有限公司 Access control method, device, electronic equipment and computer readable storage medium
CN111756750A (en) * 2020-06-24 2020-10-09 中国建设银行股份有限公司 Secure access method, device, equipment and storage medium
CN112258093A (en) * 2020-11-25 2021-01-22 京东城市(北京)数字科技有限公司 Risk level data processing method and device, storage medium and electronic equipment
CN117336087A (en) * 2023-11-03 2024-01-02 南京赛宁信息技术有限公司 API high-frequency attack protection method and system
CN117411664A (en) * 2023-09-04 2024-01-16 中国银行股份有限公司 Resource access control method, device, computer equipment and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190007443A1 (en) * 2017-06-29 2019-01-03 Amazon Technologies, Inc. Security policy analyzer service and satisfaibility engine
CN111683087A (en) * 2020-06-07 2020-09-18 中信银行股份有限公司 Access control method, device, electronic equipment and computer readable storage medium
CN111756750A (en) * 2020-06-24 2020-10-09 中国建设银行股份有限公司 Secure access method, device, equipment and storage medium
CN112258093A (en) * 2020-11-25 2021-01-22 京东城市(北京)数字科技有限公司 Risk level data processing method and device, storage medium and electronic equipment
CN117411664A (en) * 2023-09-04 2024-01-16 中国银行股份有限公司 Resource access control method, device, computer equipment and storage medium
CN117336087A (en) * 2023-11-03 2024-01-02 南京赛宁信息技术有限公司 API high-frequency attack protection method and system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119652676A (en) * 2025-02-17 2025-03-18 北京神州慧安科技有限公司 Industrial Internet network security monitoring method, system, device and storage medium

Similar Documents

Publication Publication Date Title
CN110472414B (en) System vulnerability detection method, device, terminal equipment and medium
US8549645B2 (en) System and method for detection of denial of service attacks
US9900344B2 (en) Identifying a potential DDOS attack using statistical analysis
CN105009137B (en) Orient safety warning
US10944784B2 (en) Identifying a potential DDOS attack using statistical analysis
CN110602135B (en) Network attack processing method and device and electronic equipment
CN112995236B (en) A method, device and system for security management and control of Internet of Things equipment
CN120180399B (en) Digital content tracing system based on block chain technology
CN117955730B (en) Identity authentication method, product, equipment and medium
CN116319026A (en) Trust assessment method and device in zero-trust architecture and electronic equipment
CN110866831A (en) Asset activity level determination method and device and server
CN109561097B (en) Method, device, equipment and storage medium for detecting security vulnerability injection of structured query language
US10637878B2 (en) Multi-dimensional data samples representing anomalous entities
CN118075011A (en) A request blocking method, product, device and medium
CN113949578A (en) Traffic-based automatic detection method, device and computer equipment for unauthorized vulnerability
JP7687642B2 (en) Supply Chain Attack Detection
CN114117402A (en) Account abnormal behavior detection method, device, electronic device and storage medium
CN111131166B (en) User behavior prejudging method and related equipment
CN111478890B (en) Network service access control method and system based on intelligent contract
CN117408395B (en) Method and device for optimizing running stability of wind control platform based on digital supply chain
CN119513932A (en) Baseboard management controller access control method and system
CN119416230A (en) A cloud-based collaborative forensic data protection method, device, equipment and medium
CN112560085B (en) Privacy protection method and device for business prediction model
CN116663021A (en) Machine request behavior recognition method, device, electronic device and storage medium
CN112085589B (en) Method and device for determining safety of rule model and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20240524