[go: up one dir, main page]

CN113553528B - Service access frequency control method, device, computing device and storage medium - Google Patents

Service access frequency control method, device, computing device and storage medium Download PDF

Info

Publication number
CN113553528B
CN113553528B CN202110838672.XA CN202110838672A CN113553528B CN 113553528 B CN113553528 B CN 113553528B CN 202110838672 A CN202110838672 A CN 202110838672A CN 113553528 B CN113553528 B CN 113553528B
Authority
CN
China
Prior art keywords
time period
access
access frequency
frequency
threshold
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110838672.XA
Other languages
Chinese (zh)
Other versions
CN113553528A (en
Inventor
孙雷
陈双亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
MIGU Culture Technology Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
MIGU Culture Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, MIGU Culture Technology Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202110838672.XA priority Critical patent/CN113553528B/en
Publication of CN113553528A publication Critical patent/CN113553528A/en
Application granted granted Critical
Publication of CN113553528B publication Critical patent/CN113553528B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/958Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/953Querying, e.g. by the use of web search engines

Landscapes

  • Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Telephonic Communication Services (AREA)

Abstract

本发明实施例涉及通信技术领域,公开了一种业务访问频率控制方法、装置、计算设备和存储介质。该方法包括:获取用户的业务访问请求,所述业务访问请求中包括所述用户在当前时间周期的待访问频率;所述业务访问包括多个时间周期,每个所述时间周期设置有相同的访问频率阈值;确定所述待访问频率是否超过所述访问频率阈值;当所述待访问频率超过所述访问频率阈值时,从后续时间周期的访问频率阈值中获取一部分的访问频率,作为补充访问频率补偿给所述当前时间周期,其中,所述后续时间周期为所述多个时间周期中在所述当前时间周期之后的时间周期。本发明实施例解决了DDOS攻击问题。

The embodiments of the present invention relate to the field of communication technology, and disclose a service access frequency control method, device, computing device and storage medium. The method comprises: obtaining a service access request of a user, wherein the service access request comprises the frequency to be accessed by the user in the current time period; the service access comprises multiple time periods, and each time period is provided with the same access frequency threshold; determining whether the frequency to be accessed exceeds the access frequency threshold; when the frequency to be accessed exceeds the access frequency threshold, obtaining a part of the access frequency from the access frequency threshold of the subsequent time period as a supplementary access frequency compensation to the current time period, wherein the subsequent time period is a time period after the current time period in the multiple time periods. The embodiments of the present invention solve the problem of DDOS attacks.

Description

Service access frequency control method, device, computing equipment and storage medium
Technical Field
The embodiment of the invention relates to the technical field of Internet, in particular to a service access frequency control method, a device, a computing device and a storage medium.
Background
With the development of internet technology and internet applications, various network attack means, such as a bill, a cat POOL (Modem POOL), group control, man-in-the-middle attack, distributed denial of service attack (Distributed Denial of SERVICE ATTACK, DDOS), etc., are layered, and the problem of network security becomes more and more important.
Among them, DDOS attacks are increasingly rampant with the rapid development of the internet, from attacks of several megameters and several tens of megameters to attacks of several tens of G and several tens of T traffic. DDOS attacks are one of the most difficult network security problems to solve due to easy implementation, difficult prevention and difficult tracking, and bring great harm to the network society. Meanwhile, DDOS attacks have not been reasonably solved due to security flaws of the network protocol itself.
Disclosure of Invention
In view of the above problems, embodiments of the present invention provide a method, an apparatus, a computing device, and a storage medium for controlling a service access frequency, which are used to solve the problem of DDOS attack in the prior art.
According to one aspect of the embodiment of the invention, a service access frequency control method is provided, and the method comprises the steps of obtaining a service access request of a user, wherein the service access request comprises a frequency to be accessed by the user in a current time period, the service access comprises a plurality of time periods, each time period is provided with the same access frequency threshold value, determining whether the frequency to be accessed exceeds the access frequency threshold value, and when the frequency to be accessed exceeds the access frequency threshold value, obtaining a part of access frequency from the access frequency threshold value of a subsequent time period as a supplementary access frequency to compensate the current time period, wherein the subsequent time period is a time period after the current time period in the plurality of time periods. In an alternative form the method further comprises subtracting the access frequency threshold value for each of the time periods in the subsequent time period from the access frequency value compensated for the other time periods if a portion of the access frequencies from the subsequent time period have been obtained as supplemental access frequency compensation for the other time periods to update the access frequency threshold value for each of the time periods.
In an alternative manner, the step of obtaining a part of access frequency from the access frequency threshold of the subsequent time period as the supplementary access frequency to compensate for the current time period includes sequentially obtaining a preset proportion of access frequency from the access frequency threshold of each time period from the subsequent time period of the current time period until the sum of the access frequency threshold of the current time period and all the obtained access frequencies is equal to the frequency to be accessed of the current time period, or the access frequency threshold of a certain time period in the subsequent time period is a first threshold, or the access frequency obtained from the access frequency threshold of a certain time period is a second threshold.
In an alternative, the (n+1) th time period starts, and the preset ratio of each time period is q n, where n is an integer, n is equal to or greater than 1,0< q <1.
In an optional mode, after the service access request of the user is obtained, the method further comprises the steps of adding the access time of the service access request into an access time queue corresponding to the user, obtaining the queue size of the access time including the access time of the current time period in the access time queue, and updating the frequency to be accessed of the user in the current time period according to the queue size.
The method comprises the steps of obtaining a service access request of a user, wherein the service access request comprises a frequency to be accessed of the user in a current time period, the method comprises the steps of obtaining the service access request of the user, adding access time of the service access request into an access time queue corresponding to the user, and obtaining the queue size of the access time in the access time queue, wherein the queue size comprises the access time of the current time period, and the queue size is the frequency to be accessed of the user in the current time period.
In an alternative manner, the determining whether the frequency to be accessed exceeds the access frequency threshold includes determining whether the frequency to be accessed exceeds the access frequency threshold in a time when a total traffic volume of traffic access is below a third threshold and a traffic concurrency is below a fourth threshold.
In an alternative manner, after the determining whether the frequency to be accessed exceeds the access frequency threshold, the method further includes determining whether the frequency to be accessed exceeds a sum of the access frequency threshold and all access frequencies available from the access frequency threshold of a subsequent time period, and intercepting the service access request when the frequency to be accessed is greater than the sum of the access frequency threshold and all access frequencies available from the access frequency threshold of the subsequent time period.
According to another aspect of the embodiment of the invention, a service access frequency control device is provided, and the device comprises an acquisition module, a determining module and a compensation module, wherein the acquisition module is used for acquiring a service access request of a user, the service access request comprises a frequency to be accessed of the user in a current time period, the service access request comprises a plurality of time periods, each time period is provided with the same access frequency threshold value, the determining module is used for determining whether the frequency to be accessed exceeds the access frequency threshold value, and the compensation module is used for acquiring a part of access frequency from the access frequency threshold value of a subsequent time period as a supplementary access frequency to compensate the current time period, wherein the subsequent time period is a time period after the current time period in the plurality of time periods. According to another aspect of an embodiment of the present invention, there is provided a computing device including a processor, a memory, a communication interface, and a communication bus through which the processor, the memory, and the communication interface communicate with each other;
The memory is configured to store at least one executable instruction that causes the processor to perform operations of the traffic access frequency control method as described above.
According to another aspect of an embodiment of the present invention, there is provided a computer-readable storage medium having stored therein at least one executable instruction that, when executed on a computing device, causes the computing device to perform the operations of the service access frequency control method as described above.
According to the embodiment of the invention, when the frequency to be accessed of the client exceeds the access frequency threshold in the current time period, a part of access frequency is acquired from the access frequency threshold in the subsequent time period and is used as the supplementary access frequency to compensate for the current time period, so that the access frequency of a user can be limited, the deficiency of the available access frequency of the user in a certain period of time can be flexibly compensated, and the high-frequency access control is flexibly realized.
The foregoing description is only an overview of the technical solutions of the embodiments of the present invention, and may be implemented according to the content of the specification, so that the technical means of the embodiments of the present invention can be more clearly understood, and the following specific embodiments of the present invention are given for clarity and understanding.
Drawings
The drawings are only for purposes of illustrating embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to designate like parts throughout the figures. In the drawings:
fig. 1 shows a schematic diagram of the setting of a high-frequency control with a fixed frequency of a time period in the prior art;
FIG. 2 is a schematic diagram showing the arrangement of a periodic fixed frequency fixed high frequency control in the prior art
Fig. 3 is a schematic flow chart of a service access frequency control method according to an embodiment of the present invention;
Fig. 4 is a schematic diagram of a loan flow of a service access frequency control method according to an embodiment of the present invention;
fig. 5 is a schematic diagram of loan simulation of a method for controlling service access frequency according to an embodiment of the present invention;
fig. 6 is a schematic flow chart of another service access frequency control method according to an embodiment of the present invention;
Fig. 7 is a schematic flow chart of another service access frequency control method according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a service access frequency control device according to an embodiment of the present invention;
FIG. 9 illustrates a schematic diagram of a computing device provided by an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present invention are shown in the drawings, it should be understood that the present invention may be embodied in various forms and should not be limited to the embodiments set forth herein.
Currently, DDOS attacks have not been reasonably resolved in the internet field. The buffer area of the server can be forced to overflow through DDOS attack, and a new message request is not accepted, or IP spoofing is used, so that the server resets illegal user connection, and normal users cannot connect.
The prior art mainly solves the DDOS attack modes by the following two methods:
1. The system sets different access frequencies (hereinafter referred to as set frequencies in this section) for different time periods, such as setting the frequency to n in the time period from 00:00 to 02:00, setting the frequency to m in the time period from 02:00 to 18:00, and setting the frequency to k in the time period from 18:00 to 20:00 in fig. 1. Accumulating the access quantity of each time period, judging the time period in which the current access time is located, judging whether the access frequency in the time period exceeds the set frequency, if so, judging that the current access is abnormal, and intercepting the current access.
The time span of the mode is larger, the configuration is more complicated, in the extreme case (the last 1 second of the previous time period and the first 1 second of the next time period) the access frequency is suddenly increased, the access quantity of the previous time period and the next time period does not reach the set frequency, the access quantity of the first 1 second of the previous time period and the next time period is added together to exceed the set frequency, or the access quantity of the last 1 second of the previous time period and the access quantity of the next time period are added together to exceed the set frequency, and the situation cannot be effectively controlled.
2. The system sets a fixed access frequency (hereinafter referred to as a set frequency in this section) for a fixed time period, that is, the time period is fixed and the frequency is fixed, for example, the duration of each time period is t in fig. 2, and the set frequency is n. By initializing a fixed length queue for storing access times, when there is a new access, the access time is added to the tail of the queue, the earlier the access time is, the closer the access time is to the head of the queue in the queue. Comparing the access time t c of the current access in the queue with all the previous access times, if the time difference of a certain access time in the access time t c and all the previous access times t c does not exceed t and the access times in the time difference exceed the set frequency, judging that the current access is abnormal, and intercepting the current access.
In the above manner, if the number of accesses in the time difference exceeds the set frequency and the current access is blocked and limited, the access cannot be performed within a period of time, but the limiting policy cannot be relaxed within a specific period of time, and the mechanism is not flexible enough.
Therefore, in view of the above problems, the embodiment of the present invention provides a service access frequency control method. Fig. 3 shows a flowchart of a method for controlling service access frequency according to an embodiment of the present invention, where the method may be performed in a server or a server cluster that provides service access for each user. The method comprises the following steps:
Step 110, obtaining a service access request of a user, wherein the service access request comprises the frequency to be accessed of the user in the current time period, and the service access comprises a plurality of time periods, and each time period is provided with the same access frequency threshold value.
In the internet field, a user initiates a service access request to a server, and the server responds to the service access request of the user and allows the user to perform service access. The embodiment of the invention allows the user to borrow the access frequency of the subsequent time period in advance in the specific time period, not only can limit the access frequency of the user, but also can flexibly compensate the deficiency of the available access frequency of the user in a certain period of time.
The time period refers to a continuous time period, for example, the time period is set to be t, that is, the duration of each time period is t. The successive time periods are represented by an array t [ n ], where t [0] represents the current time period, t [1] represents the next time period, &.& gt, t [ n ] represents the nth time period. The access frequency refers to the access amount or the number of accesses. The access frequency threshold refers to the maximum number of times a user is allowed to make service accesses per time period.
The frequency to be accessed refers to the number of times of access initiated by the user, and the number of times of access initiated by the user in the current time period is required to be acquired in the step and is used for judging whether the frequency of access exceeds the access frequency threshold value of the current time period.
The server identifies the user by obtaining a unique identification for each user. There are various ways in which the unique identification of the user may be used, for example, by the embodiment of the present invention, to identify the unique key of the user via a device fingerprint (deviceID/ip). Each user on the server has a respective access time queue. When a user initiates a request for the first time, the first access time of the user is added to the tail of the access time queue of the user. The earlier in time the access, the closer its access time is to the head of the access time queue. When the user accesses again, searching an access time queue corresponding to the user in a server cache through a key, and thus obtaining the frequency to be accessed of the user in the current time period. Specifically, in some embodiments, after step 110, the method further comprises:
step 111, adding the access time of the service access request into an access time queue corresponding to the user;
Step 112, obtaining the queue size of the access time including the access time of the current time period in the access time queue, and updating the frequency to be accessed of the user in the current time period according to the queue size.
In this step, the queue size may be set to be the storage capacity of the queue, or may be set to be the number of access times, both of which are numerical values. The access frequency threshold is also a number, belonging to a numerical value. Accordingly, the frequency to be accessed by the user in the current time period may be updated according to the queue size, so that the frequency to be accessed may be compared with the access frequency threshold in a subsequent step. For example, when the queue size is set as the storage capacity of the queue, a correspondence between the queue size and the access frequency threshold is preset (for example, 1KB of storage capacity may store one piece of access time data, and a corresponding piece of access time data corresponds to a value of 1 of the frequency to be accessed, the correspondence is set as a ratio of 1:1), and assuming that the queue size is 100KB, the frequency to be accessed of the user in the current time period is updated to be 100. For another example, when the queue size is set as the number of access times, a correspondence between the queue size and the access frequency threshold is preset (for example, a value of 1 corresponding to the frequency to be accessed for one piece of access time data is set as a ratio of 1:1), and if the queue size is 100, the frequency to be accessed for the user in the current time period is updated to be 100.
Because each user has only one access time queue, in order to keep only the access time of the user in the current time period in the access time queue, the access time data of the 'access time > the current access time-access period' existing in the access time queue can be deleted by comparing the data in the access time queue, and the access time of the current service access request is added into the access time queue.
Step 120, determining whether the frequency to be accessed exceeds the access frequency threshold.
Step 120 entails comparing the frequency to be accessed with the access frequency threshold. In step 112, the queue size of the access time queue including the access time of the current time period is obtained, so in some embodiments, step 120 specifically includes:
step 121, judging whether the size of the queue exceeds the access frequency threshold of the current time period;
Step 122, if the queue size exceeds the access frequency threshold of the current time period, determining that the frequency to be accessed exceeds the access frequency threshold.
If the queue size exceeds the access frequency threshold of the current time period, the frequency to be accessed exceeds the access frequency threshold, and the number of times of access which the user has occurred exceeds the access frequency threshold, so that further follow-up operation is required.
And 130, when the frequency to be accessed exceeds the access frequency threshold, acquiring a part of access frequency from the access frequency threshold of a subsequent time period as a supplementary access frequency to compensate the current time period, wherein the subsequent time period is a time period after the current time period in the plurality of time periods.
This step allows the user to borrow in advance the access frequency for a subsequent time period. First, since the total amount of access allowed during a total time period is unchanged, and the access frequency for a single time period is allowed to be debited for the time period preceding it, the available access frequency for a certain time period will decrease after it is partially debited for other time periods. Thus, the available access frequency, i.e. its access frequency threshold, needs to be updated in real time for each time period. In some embodiments, if a portion of the access frequency has been obtained from the subsequent time periods as a supplemental access frequency offset to other time periods, the access frequency threshold for each of the subsequent time periods is subtracted from the access frequency for which it has been offset to other time periods to update the access frequency threshold for each of the time periods. That is, the access frequency threshold value for each time period = the access frequency threshold value set in step 110-the access frequency lent to other time periods.
In some embodiments, step 130 of obtaining a portion of the access frequency from the access frequency threshold for a subsequent time period as a supplemental access frequency compensation to the current time period includes:
And starting from the later time period of the current time period, acquiring access frequencies in a preset proportion from the access frequency threshold value of each time period in turn until the sum of the access frequency threshold value of the current time period and all acquired access frequencies is equal to the frequency to be accessed of the current time period, or the access frequency threshold value of a certain time period in the later time period is a first threshold value, or the access frequency acquired from the access frequency threshold value of a certain time period is a second threshold value. The first threshold may be 1 or other values, and the second threshold may be 1 or other values.
In some embodiments, the lending of the access frequency may be performed in an equal-ratio array. Starting from the (n+1) th time period, the preset proportion of each time period is q n, wherein n is an integer, and n is more than or equal to 1, and 0< q <1. The preset proportion can be flexibly configured according to the service, and can accurately control the high-frequency access times and master the lending times.
For example, a time period is set to t, an access frequency threshold is set to m (similar to the a1 leader of the equal-ratio series) in a unit time period, a preset proportion of the loan access frequency is set to q (also referred to as a loan proportion, similar to the series of the equal-ratio series, where 0< q < 1), and the frequency to be accessed is set to k.
The successive time periods are represented by an array t [ n ], where t [0] represents the current time period, t [1] represents the next time period, &.& gt, t [ n ] represents the nth time period.
The access times of t [0] capable of lending t [1] time period are m x q 1, the access times of lending t [2] time period are m x q 2, the access times of lending t [ n ] time period are m x q n, and the lending termination conditions comprise:
(1) When k tends to infinity, the loan termination condition is m×q n > =1, that is, the loan is not completed until the last time period, or the access frequency of the last time period is 1, which can not be loaned to other time periods;
(2) When k is small, the loan ending condition is m+m (q 1+q2+…+qn) > =k, i.e., the time period from the loan to the last time period or before, can satisfy the loan requirement.
The total number of accesses that can be debited during the time period t [ n ] is m (q 1+q2+…+qn). The loan flow is illustrated in fig. 4, taking the above (1) end of loan condition as an example, where the left shaded portion of each time period indicates the number of accesses held (i.e., the access frequency threshold), and the right side indicates the number of loans out or into. In the first stage, the access times in the unit time t are limited to m, and the time periods t are consecutive from top to bottom. In the second stage, when the number k of times to be accessed is greater than m times in unit time, the lending needs to be performed to the next time period. In the third stage, when the next time unit borrowing times cannot meet the requirement of the access times k, the access frequency of the next time period is borrowed again, and the processes are repeated. The above operation continues until, in the nth stage, the loan is stopped until the last time period and m×q n > =1.
It can be seen that the greater the proportion q of loans, the more time period n of the loan and the access frequency of the loan, but the loan itself cannot exceed the access frequency held by the time period, and the loan is stopped when the access frequency held by the nth time period is 1 or the number of the loans is 1. Fig. 5 simulates the access frequency of the time period x loan in the subsequent time period in turn, when the access frequency y is set to 100, and the loan ratio q is 1/2, 1/4/, 1/8/, 1/16, respectively.
The following describes the recursive algorithm for loans:
The lending action occurs when the current access volume reaches a set maximum access volume, by first defining a set of arrays of object classes Borrower. The fields mainly comprise a maximum access amount (maxCount), a current access amount (curCount), a maximum lending amount (maxLendCount), a current lending amount (curLendCount), a residual access amount (restCount), a start time (startTime) and an end time (endTime). Where Borrower [0] identifies the current access time period, field maxLendCount, curLendCount represents the maximum amount of access that can be borrowed, the current amount of access borrowed, other Borrower [ 1..n ] objects, maxLendCount, curLendCount represents the maximum amount of access that can be borrowed, and the current amount of access borrowed.
For a general service system, the access period set by the general service system is in the order of seconds, the frequency setting is not too large, the depth of the loan (i.e. the object of the loan) is not too deep, and the loan itself has the expected convergence effect (i.e. m×q n > =1), so that the sum of the loan amounts of each time period can be simply and clearly realized by adopting a recursive algorithm.
The specific number of future time periods that can be debited for the current period (i.e., borrower [0 ]) is recursively derived, wherein freCount represents the threshold and mulFoctor represents the debit/credit ratio. When a user enters the lending mechanism, the system will first determine whether the user enters the lending mechanism for the first time, if yes, change the current user lending mechanism identifier isLend =true (default to false), the user will directly enter the lending mechanism for a subsequent period of time request, when Borrower [0] access is too large and Borrower [1] access is up to the maximum lending upper limit, the system will continue to lend access to Borrower [2] until Borrower [ n ] lending is greater than 1. Subsequent time period Borrower [ 1..n ] maximum access = remaining access until the end of the lending period and change the lending identifier isLend = flase.
In some embodiments, when the frequency to be accessed exceeds the access frequency threshold, it may further determine whether the security of the user meets the security rule, so as to determine whether to allow the user to pre-borrow the access frequency for a subsequent time period, and only make access frequency compensation for the user with the security meeting the security rule. The step can judge the safety of the user (namely the normal property of the user or the legality of the user) through a certain safety rule chain, and if the safety of the user accords with the safety rule, the subsequent access frequency can be used in advance. If not, the subsequent access frequency cannot be used in advance. The security rule chain includes blacklist libraries, replay attack protection, etc.
In some embodiments, as shown in fig. 6, step 120 determining whether the frequency to be accessed exceeds the access frequency threshold comprises:
and step 120a, determining whether the frequency to be accessed exceeds the access frequency threshold value in the time when the total traffic volume of the service access is lower than a third threshold value and the traffic concurrency is lower than a fourth threshold value.
In this step, the user is not allowed to pre-lend use of subsequent access frequencies for high traffic, high concurrency times. The user is only allowed to pre-borrow subsequent access frequencies during low traffic, low concurrency times. Therefore, in this step, in a time when the total traffic volume of the service access is lower than the third threshold and the traffic concurrency is lower than the fourth threshold, it is determined whether the frequency to be accessed exceeds the access frequency threshold, and then step 130 and the subsequent steps are continuously performed. The total traffic of the traffic access is lower than the third threshold, which indicates that the traffic is low-traffic time at the moment, and the traffic concurrency is lower than the fourth threshold, which indicates that the traffic concurrency is low-concurrency time at the moment. The third threshold and the fourth threshold may be set according to actual conditions.
In some embodiments, as shown in fig. 7, after step 120 determines whether the frequency to be accessed exceeds the access frequency threshold, the method further comprises:
step 120b, determining whether the frequency to be accessed is greater than the sum of the access frequency threshold and all access frequencies which can be obtained from the access frequency threshold of the subsequent time period;
And step 120c, intercepting the service access request when the frequency to be accessed is larger than the sum of the access frequency threshold value and all access frequencies which can be acquired from the access frequency threshold value of the subsequent time period.
In this step, when the access amount reaches the sum of the maximum frequency and the maximum loan amount in the current time period, the subsequent requests in the time period are directly intercepted, and the loan cannot be continued.
According to the embodiment of the invention, when the frequency to be accessed of the user exceeds the access frequency threshold in the current time period, a part of access frequency is obtained from the access frequency threshold in the subsequent time period and is used as the supplementary access frequency to compensate for the current time period, so that the access frequency of the user can be limited, the deficiency of the available access frequency of the user in a certain period of time can be flexibly compensated, and the high-frequency access control is flexibly realized.
Fig. 8 is a schematic structural diagram of a service access frequency control device according to an embodiment of the present invention.
As shown in fig. 8, the apparatus 300 includes:
The system comprises an acquisition module 301, a determination module 302, a service access module and a control module, wherein the acquisition module 301 is used for acquiring a service access request of a user, the service access request comprises a frequency to be accessed of the user in a current time period, the service access request comprises a plurality of time periods, and each time period is provided with the same access frequency threshold;
and the compensation module 303 is configured to obtain, when the frequency to be accessed exceeds the access frequency threshold, a part of access frequencies from an access frequency threshold of a subsequent time period, where the subsequent time period is a time period after the current time period in the multiple time periods, as a complementary access frequency compensation to the current time period.
The functions or operation steps performed by the above modules are substantially the same as those of the above method embodiments, and are not described herein.
According to the embodiment of the invention, when the frequency to be accessed of the user exceeds the access frequency threshold in the current time period, a part of access frequency is obtained from the access frequency threshold in the subsequent time period and is used as the supplementary access frequency to compensate for the current time period, so that the access frequency of the user can be limited, the deficiency of the available access frequency of the user in a certain period of time can be flexibly compensated, and the high-frequency access control is flexibly realized.
Fig. 9 is a schematic structural diagram of a computing device according to an embodiment of the present invention, where the computing device may be a server or a server cluster, and the specific embodiment of the present invention is not limited to a specific implementation of the computing device.
As shown in FIG. 9, the computing device may include a processor 402, a communication interface (Communications Interface) 404, a memory 406, and a communication bus 408.
Wherein processor 402, communication interface 404, and memory 406 communicate with each other via communication bus 408. A communication interface 404 for communicating with other devices such as network elements of clients or other servers used by users, etc. Processor 402 is configured to execute program 410, and may specifically perform relevant steps in the above-described embodiments of the method for controlling a service access frequency.
In particular, program 410 may include program code including computer-executable instructions.
The processor 402 may be a central processing unit CPU, or an Application-specific integrated Circuit ASIC (Application SPECIFIC INTEGRATED Circuit), or one or more integrated circuits configured to implement embodiments of the present invention. The computing device may include one or more processors of the same type, such as one or more CPUs, or of different types, such as one or more CPUs and one or more ASICs.
Memory 406 for storing programs 410. Memory 406 may comprise high-speed RAM memory or may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
According to the embodiment of the invention, when the frequency to be accessed of the user exceeds the access frequency threshold in the current time period, a part of access frequency is obtained from the access frequency threshold in the subsequent time period and is used as the supplementary access frequency to compensate for the current time period, so that the access frequency of the user can be limited, the deficiency of the available access frequency of the user in a certain period of time can be flexibly compensated, and the high-frequency access control is flexibly realized.
An embodiment of the present invention provides a computer readable storage medium, where at least one executable instruction is stored, where the executable instruction when executed on a computing device causes the computing device to perform a service access frequency control method in any of the foregoing method embodiments.
The embodiment of the invention provides a service access frequency control device which is used for executing the service access frequency control method.
Embodiments of the present invention provide a computer program that is callable by a processor to cause a computing device to perform the service access frequency control method of any of the method embodiments described above.
An embodiment of the present invention provides a computer program product, including a computer program stored on a computer readable storage medium, the computer program including program instructions which, when run on a computer, cause the computer to perform the method for controlling a service access frequency in any of the method embodiments described above.
The algorithms or displays presented herein are not inherently related to any particular computer, virtual system, or other apparatus. Various general-purpose systems may also be used with the teachings herein. The required structure for a construction of such a system is apparent from the description above. In addition, embodiments of the present invention are not directed to any particular programming language. It will be appreciated that the teachings of the present invention described herein may be implemented in a variety of programming languages, and the above description of specific languages is provided for disclosure of enablement and best mode of the present invention.
In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the above description of exemplary embodiments of the invention, various features of the embodiments of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim.
Those skilled in the art will appreciate that the modules in the apparatus of the embodiments may be adaptively changed and disposed in one or more apparatuses different from the embodiments. The modules or units or components of the embodiments may be combined into one module or unit or component, and they may be divided into a plurality of sub-modules or sub-units or sub-components. Any combination of all features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or units of any method or apparatus so disclosed, may be used in combination, except insofar as at least some of such features and/or processes or units are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings), may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, third, etc. do not denote any order. These words may be interpreted as names. The steps in the above embodiments should not be construed as limiting the order of execution unless specifically stated.

Claims (8)

1. A method for controlling service access frequency, the method comprising:
the method comprises the steps of obtaining a service access request of a user, wherein the service access request comprises the frequency to be accessed of the user in the current time period;
Determining whether the frequency to be accessed exceeds the access frequency threshold;
When the frequency to be accessed exceeds the access frequency threshold, a part of access frequency is obtained from the access frequency threshold of a subsequent time period and used as a supplementary access frequency to compensate the current time period, wherein the method comprises the steps of sequentially obtaining access frequencies with preset proportion from the access frequency threshold of each time period from the subsequent time period of the current time period until the sum of the access frequency threshold of the current time period and all the obtained access frequencies is equal to the frequency to be accessed of the current time period, or the access frequency threshold of a certain time period in the subsequent time period is a first threshold, or the access frequency obtained from the access frequency threshold of the certain time period is a second threshold, wherein the subsequent time period is a time period after the current time period in the multiple time periods, and the preset proportion of each time period is q n from the n+1th time period, wherein n is an integer, and n is more than or equal to 1,0< q <1.
2. The method according to claim 1, wherein the method further comprises:
If a part of the access frequency is obtained from the subsequent time periods and is compensated for other time periods as a supplementary access frequency, subtracting the access frequency threshold of each of the subsequent time periods from the access frequency threshold of each of the time periods and which is compensated for other time periods to update the access frequency threshold of each of the time periods.
3. The method according to claim 1 or 2, characterized in that after said obtaining a service access request of a user, the method further comprises:
Adding the access time of the service access request into an access time queue corresponding to the user;
and acquiring the queue size of the access time including the access time of the current time period in the access time queue, and updating the frequency to be accessed of the user in the current time period according to the queue size.
4. The method according to claim 1 or 2, wherein said determining whether said frequency to be accessed exceeds said access frequency threshold comprises:
and determining whether the frequency to be accessed greatly exceeds the access frequency threshold value in the time when the total traffic flow of the service access is lower than a third threshold value and the traffic concurrency is lower than a fourth threshold value.
5. The method according to claim 1 or 2, characterized in that after said determining whether the frequency to be accessed exceeds the access frequency threshold, the method further comprises:
determining whether the frequency to be accessed is greater than the sum of the access frequency threshold and all access frequencies which can be obtained from the access frequency threshold of the subsequent time period;
And intercepting the service access request when the frequency to be accessed is larger than the sum of the access frequency threshold value and all access frequencies which can be acquired from the access frequency threshold value of the subsequent time period.
6. A traffic access frequency control apparatus, the apparatus comprising:
The system comprises an acquisition module, a determining module, a processing module and a processing module, wherein the acquisition module is used for acquiring a service access request of a user, the service access request comprises a frequency to be accessed of the user in a current time period, the service access request comprises a plurality of time periods, and each time period is provided with the same access frequency threshold;
The compensation module is used for acquiring a part of access frequency from the access frequency threshold of a subsequent time period when the to-be-accessed frequency exceeds the access frequency threshold and compensating the access frequency as a complementary access frequency for the current time period, and comprises the steps of sequentially acquiring a preset proportion of access frequency from the access frequency threshold of each time period from the subsequent time period of the current time period until the sum of the access frequency threshold of the current time period and all acquired access frequencies is equal to the to-be-accessed frequency of the current time period, or the access frequency threshold of a certain time period in the subsequent time period is a first threshold, or the access frequency acquired from the access frequency threshold of a certain time period is a second threshold, wherein the subsequent time period is a time period after the current time period in the multiple time periods, and the preset proportion of each time period is q n from the n+1th time period, n is an integer, and n is more than or equal to 1, and 0< q <1.
7. A computing device comprising a processor, a memory, a communication interface, and a communication bus, the processor, the memory, and the communication interface completing communication with each other over the communication bus;
The memory is configured to store at least one executable instruction that causes the processor to perform the operations of the traffic access frequency control method according to any one of claims 1 to 5.
8. A computer readable storage medium, wherein at least one executable instruction is stored in the storage medium, which when executed on a computing device, causes the computing device to perform the operations of the traffic access frequency control method according to any one of claims 1-5.
CN202110838672.XA 2021-07-23 2021-07-23 Service access frequency control method, device, computing device and storage medium Active CN113553528B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110838672.XA CN113553528B (en) 2021-07-23 2021-07-23 Service access frequency control method, device, computing device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110838672.XA CN113553528B (en) 2021-07-23 2021-07-23 Service access frequency control method, device, computing device and storage medium

Publications (2)

Publication Number Publication Date
CN113553528A CN113553528A (en) 2021-10-26
CN113553528B true CN113553528B (en) 2024-12-13

Family

ID=78104300

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110838672.XA Active CN113553528B (en) 2021-07-23 2021-07-23 Service access frequency control method, device, computing device and storage medium

Country Status (1)

Country Link
CN (1) CN113553528B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109784065A (en) * 2018-12-04 2019-05-21 北京达佳互联信息技术有限公司 Access control method, device, server and storage medium
CN110084496A (en) * 2019-04-15 2019-08-02 北京三快在线科技有限公司 A kind of resource allocation methods and device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030028440A1 (en) * 2001-08-03 2003-02-06 Allen Arthur L. Method for pricing access to a plurality of software programs
CN104486298B (en) * 2014-11-27 2018-03-09 小米科技有限责任公司 Identify the method and device of user behavior
CN105808443B (en) * 2014-12-29 2019-01-18 华为技术有限公司 A kind of method, apparatus and system of Data Migration
CN108632365B (en) * 2018-04-13 2020-11-27 腾讯科技(深圳)有限公司 Service resource adjusting method, related device and equipment
CN110858161B (en) * 2018-08-24 2023-05-12 阿里巴巴集团控股有限公司 Resource allocation method, device, system, equipment and medium

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109784065A (en) * 2018-12-04 2019-05-21 北京达佳互联信息技术有限公司 Access control method, device, server and storage medium
CN110084496A (en) * 2019-04-15 2019-08-02 北京三快在线科技有限公司 A kind of resource allocation methods and device

Also Published As

Publication number Publication date
CN113553528A (en) 2021-10-26

Similar Documents

Publication Publication Date Title
US7614059B2 (en) System and method for the discovery and usage of local resources by a mobile agent object
JP5530562B2 (en) Validating domain name system record updates
US20160241576A1 (en) Detection of anomalous network activity
US20020166052A1 (en) System and methods for caching in connection with authorization in a computer system
CN112653679B (en) Dynamic identity authentication method, device, server and storage medium
CN104639650A (en) Fine granularity distributive interface access control method and device
JP6859518B2 (en) How to prevent attacks on servers and devices
CN113553528B (en) Service access frequency control method, device, computing device and storage medium
CN110401618A (en) Method and device for blockchain data access control
US20240106830A1 (en) Managing access level permissions by a distributed ledger network
CN115987696A (en) Block chain structure-based zero-trust security gateway implementation method and device
US10263955B2 (en) Multi-tiered protection platform
JPWO2022186911A5 (en)
US20240291803A1 (en) Zero Trust Support for Secure Networks Via Modified Virtual Private Network
CN114240059B (en) Resource online application processing method, device, computer equipment and storage medium
CN117034324A (en) Data access authority control method, device, computer equipment and storage medium
CN115834238A (en) Network attack detection method, device, system and storage medium
US10104099B2 (en) System and method for monitoring a computer system using machine interpretable code
CN117171093A (en) Intelligent access isolation method and device for heterogeneous multi-core systems
CN111404898B (en) Anti-stealing-link method and device, storage medium and electronic equipment
CN111770126B (en) Service request processing method, device and storage medium
CN116842299B (en) Dynamic data access risk control system and method
CN120768565B (en) Methods, apparatus, devices, and storage media for implementing cross-system token access
CN120321653B (en) Access control method and system for 5G communication server
US20250126175A1 (en) Concurrency-aware session establishment with a web-based authentication service

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant