CN107612946A - Detection method, detection means and the electronic equipment of IP address - Google Patents
Detection method, detection means and the electronic equipment of IP address Download PDFInfo
- Publication number
- CN107612946A CN107612946A CN201711070037.1A CN201711070037A CN107612946A CN 107612946 A CN107612946 A CN 107612946A CN 201711070037 A CN201711070037 A CN 201711070037A CN 107612946 A CN107612946 A CN 107612946A
- Authority
- CN
- China
- Prior art keywords
- address
- normal
- detected
- equipment
- user equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiments of the invention provide the detection method of IP address, detection means and electronic equipment.For the network equipment by obtaining target UE, the target UE passes through IP address to be detected and network device communications;The network equipment obtains the total quantity of the first user equipment, and the first user equipment is in the current or historical record of the network equipment, passes through IP address to be detected and normal IP address and the equipment of network device communications.When total quantity is not less than predetermined number threshold value, the network equipment determines that IP address to be detected is normal IP address.This method can utilize existing believable normal IP address, IP address to be detected be analyzed, it is normal IP address to determine the IP address to be detected, so as to prevent that normal IP address from being manslaughtered.
Description
Technical field
The present invention relates to big data technical field, more particularly to the agreement (Internet interconnected between a kind of network
Protocol, abbreviation IP) address detection method, detection means and electronic equipment.
Background technology
In the security fields of big data, IP address dimension is always a dimension for being difficult to accurate evaluation, i.e., from IP
Whether one IP address of angle estimator of location is that safe IP address is very difficult.The way of assessment IP address traditional at present
Mainly detected to what a single IP address isolated.
However, inventor has found that at least there are the following problems for prior art during the present invention is realized:
Traditional IP address detection method is to be directed to a single IP address, by counting user equipment using the IP
Whether the service request that location is sent, the service request for analyzing IP address transmission occurred some irregularities, and this is abnormal
Behavior (or malicious act) can be:Whether the behavior of stealing user account, the row that whether is transmitted across spam were occurred
For, or whether disseminated the behavior of virus etc..That is, what traditional IP address detection method possessed is more abnormal row
For information, and lack normal behaviour information, by taking the detection time of one day as an example, third company makes detecting a user equipment
During IP1 addresses, detect the IP1 addresses in the morning 8 when have sent an envelope spam, can now assert this
IP1 addresses are malicious IP addresses, so as to which the IP1 addresses be closed down.But other times of the IP1 addresses in one day (remove 8
Time outside point) what is sent is all normal email, it is seen that and the ratio that the normal behaviour of the IP1 addresses occupies is very high, very general
It is the normal IP address of no threat in rate, so as to cause the IP1 addresses to be manslaughtered.Secondly, if the business that the IP address is sent please
The amount of asking is less, then can not accurately analyze the behavioural characteristic that user equipment is occurred using the IP address, and behavior feature is included not
Normal behaviour and normal behaviour.
It can be seen that the result that traditional IP address detection method detects may be inaccurate, with easily causing normal IP
The risk that location is manslaughtered.
The content of the invention
The purpose of the embodiment of the present invention is to provide a kind of detection method of IP address, detection means and electronic equipment, with
Realize using existing believable normal IP address, IP address to be detected is analyzed, determines that the IP address to be detected is just
Normal IP address, so as to prevent that normal IP address from being manslaughtered.Concrete technical scheme is as follows:
First aspect, there is provided a kind of detection method of IP address, this method can include:Obtain target UE,
Target UE passes through IP address to be detected and network device communications;The network equipment obtains the total quantity of the first user equipment,
First user equipment is in the current or historical record of the network equipment, passes through IP address to be detected and normal IP address and net
The equipment of network equipment communication;When total quantity is not less than predetermined number threshold value, the network equipment determines that IP address to be detected is normal
IP address.This method is realized using existing believable normal IP address, and IP address to be detected is analyzed, determines that this is to be checked
It is normal IP address to survey IP address, so as to prevent that normal IP address from being manslaughtered.
In an optional example, the network equipment obtains target UE, including:The network equipment obtains second user
The service request that equipment is sent;The IP address that the second user equipment carried in service request uses is obtained afterwards;When acquisition
When IP address is not tested, the IP address of acquisition is defined as IP address to be detected by the network equipment, and the second equipment is determined
For target device.Which can obtain the IP address to be detected not detected that user equipment uses in real time.
In an optional example, in historical record of first equipment for the current or described network equipment,
First use normal IP address and use the number of devices of the user equipment of IP address to be detected afterwards.Which can determine normal IP
Whether address and the related information of IP address to be detected are normal so as to analyze IP address to be detected using normal IP address.
In an optional example, the network equipment determines IP address to be detected after normal IP address, will to detect
Normal IP address be stored in normal IP address storehouse.
Second aspect, there is provided a kind of detection means, the detection means can include:
First acquisition module, for obtaining the identification information for the user equipment for using normal IP address.
Second acquisition module, for obtaining the total quantity of the first user equipment, first user equipment to be current or
In the historical record of the network equipment, pass through the IP address to be detected and normal IP address and the network device communications
Equipment;
Address determination module, it is additionally operable to when total quantity is not less than predetermined number threshold value, determines IP address to be detected for just
Normal IP address.
In an optional example, the first acquisition module, the business sent specifically for obtaining second user equipment please
Ask, and obtain the IP address that the second user equipment carried in service request uses, when the IP address of acquisition is not tested,
The IP address of acquisition is defined as IP address to be detected, and the second equipment is defined as target device.
In an optional example, in historical record of first equipment for the current or described network equipment,
First use normal IP address and use the number of devices of the user equipment of IP address to be detected afterwards.
In an optional example, the device also includes memory module, to be detected for being determined in address determination module
IP address be normal IP address after, the normal IP address detected is stored in normal IP address storehouse.
The third aspect, there is provided a kind of electronic equipment, the electronic equipment can include processor, communication interface, memory
And communication bus, wherein, processor, communication interface, memory completes mutual communication by communication bus;
Memory, for depositing computer program;
Processor, during for performing the program deposited on memory, realize any described side in above-mentioned first aspect
Method step.
At the another aspect that the present invention is implemented, a kind of computer-readable recording medium is additionally provided, it is described computer-readable
Instruction is stored with storage medium, when run on a computer so that computer performs any of the above-described described IP address
Detection method.
At the another aspect that the present invention is implemented, the embodiment of the present invention additionally provides a kind of computer program production comprising instruction
Product, when run on a computer so that computer performs the detection method of any of the above-described described IP address.
Detection method, detection means and the electronic equipment of IP address provided in an embodiment of the present invention.The network equipment obtains mesh
User equipment is marked, the target UE passes through IP address to be detected and network device communications;The network equipment obtains the first user
The total quantity of equipment, the first user equipment in the current or historical record of the network equipment, by IP address to be detected and
The equipment of normal IP address and network device communications.When total quantity is not less than predetermined number threshold value, the network equipment is determined to treat
Detection IP address is normal IP address, and to realize using existing normal IP address, IP address to be detected is analyzed, can be with
The precision for identifying normal IP address is improved, prevents that normal IP address from being manslaughtered.Certainly, any product or the side of the present invention is implemented
Method must be not necessarily required to reach all the above advantage simultaneously.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is the required accompanying drawing used in technology description to be briefly described.
Fig. 1 is a kind of schematic diagram of network system architecture provided in an embodiment of the present invention;
Fig. 2 is a kind of configuration diagram of IP address dimension provided in an embodiment of the present invention;
Fig. 3 is a kind of detection method schematic flow sheet of IP address provided in an embodiment of the present invention;
Fig. 4 is the system structure diagram of a kind of server provided in an embodiment of the present invention and user equipment composition;
Fig. 5 is a kind of structural representation of detection means provided in an embodiment of the present invention;
Fig. 6 is the structural representation of a kind of electronic equipment provided in an embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is described.
The detection method of IP address provided in an embodiment of the present invention can be applied in the network system framework described in Fig. 1,
The network system can include the network equipment and user equipment.The network equipment and user equipment can carry out business number by network
According to transmission, wherein, the network equipment can be server.
IP address dimension refers to using IP address as summit, with to individual consumer, cell or enterprise using the IP address etc.
User equipment is the tree architecture of branch road composition, as shown in Figure 2.It should be noted that the branch road under IP address shown in Fig. 2 is also
Can be other kinds of user equipment, the application is not limited herein.It is understood that an IP address can be multiple
User equipment uses.
When the attacker (such as hacker) for being engaged in black industrial technology is attacked using a normal IP address, this is used
The user equipment of IP address can be under attack, and the attack can be stolen user account behavior, the behavior of brush amount, disseminate network
The abnormal behaviours such as virus behavior.Wherein, reality when normal IP address refers to access network using the normal users equipment of the IP address
Apply the IP address of normal behaviour.Normal IP address can be that public outlet IP address, family's IP address etc. are assert by user equipment
For believable IP address.Above-mentioned brush amount behavior can brush the flow of website, the download of brush application, brush order volume etc..
However, being engaged in the attacker of black industrial technology in order that attack is smoothed out, most of attackers can lead to
The larger network implementation attack of bandwidth is crossed, this just needs attacker to possess the proprietary network of oneself, i.e., most of attacks are equal
From proprietary network, big broadband network is not needed to the IP address used for normal users, therefore normal users can seldom be used
This proprietary network.It can be seen that the network that attacker and normal users use has significant difference.
Traditional IP address detection method is that the abnormal behaviour for being directed to an independent IP address is analyzed, i.e., traditional IP
Address detection method can only collect abnormal behaviour information, wherein the acquisition for abnormal behaviour information is needed from the big of IP transmissions
Amount service request is counted, i.e., can not carry out the analysis of abnormal behaviour for the few IP address of service request amount, and the application
Normal IP address storehouse is established first with normal IP address, then by the normal IP address in normal IP address storehouse to be checked
The IP address of survey is analyzed, it is determined that the number of devices of the user equipment of normal IP address and IP address to be detected was used, when
When number of devices is not less than predetermined number threshold value, it is normal IP address to determine the IP address to be detected.For example, normal users make
During with the application of same server, when being used for multiple times within particularly more days, due to may be used in different location, therefore it can use multiple
IP address, if wherein there is believable normal IP address, then remaining unknown IP address that the user equipment uses can also recognize
To be normal IP address.It can be seen that this method not by IP address to be detected send service request amount it is few limited, knowledge can be improved
The degree of accuracy of abnormal IP address, so as to prevent that the normal IP address from being manslaughtered.
It is described below so that the network equipment is server as an example.
Fig. 3 is a kind of detection method schematic flow sheet of IP address provided in an embodiment of the present invention.As shown in figure 3, the party
The executive agent of method can be server, and this method can include:
Step 310, server obtain target UE.Target UE is led to by IP address to be detected with server
Letter.
Before the step is performed, server establishes normal IP address storehouse to having determined as believable normal IP address,
And stored local.Normal IP address storehouse can include at least one normal IP address.
User equipment using normal IP address is marked server, obtains the identification information of user equipment, the mark
It can be that server is the device number that uniquely distributes of each user equipment to know information, or the personal account that user logs in.Namely
Say, when user uses any one normal IP address in normal IP address storehouse, server will enter to respective user equipment
Line flag, and each user equipment has a unique identification information, to distinguish other users equipment.Server obtains user and set
After standby identification information, the identification information is notified into respective user equipment, so that user equipment is asked to server transmission business
Seek middle carrying identification information.
So that 3 user equipmenies use normal IP address login service device A as an example, server A is to using normal IP address
After user equipment is marked, the identification information (such as device number) of user equipment can be not only got, user can be also got and set
The standby corresponding relation with identification information.As shown in table 1:
Table 1
| The normal IP address used | User equipment title | Device number |
| IP1 addresses | User equipment 1 | 001 |
| IP2 addresses | User equipment 2 | 002 |
| IP1 addresses | User equipment 3 | 003 |
In table 1, user equipment 1 uses IP1 address registration server As, and server A marks to user equipment 1, and distributes and set
Standby number 001;User equipment 2 uses IP2 address registration server As, and server A marks to user equipment 2, and distributing equipment number
002;User equipment 3 uses IP1 address registration server As, and server A marks to user equipment 3, and distributing equipment number 003.Can
See, server distributes user equipment different device numbers according to the difference of user equipment.
Specifically, server can obtain the currently transmitted service request of second user equipment, and the service request obtained
The IP address that the second user equipment of middle carrying uses;Normal IP address storehouse is searched, when the IP is not present in normal IP address storehouse
Address, i.e., when the IP address is not tested, the IP address of acquisition is defined as IP address to be detected, and the second equipment is determined
For target device.
It should be noted that " user equipment for using normal IP address " in the embodiment of the present invention, refers to by just
The user equipment of normal IP address access destination server, server here can be specific server, such as video server
Deng such as the server in Fig. 1.
In addition, the user equipment (User Equipment, abbreviation UE) in the embodiment of the present invention, involved by the embodiment of the present invention
And to user equipment (UE) can include setting with the handheld device of radio communication function, mobile unit, wearable device, calculating
Other processing equipments that are standby or being connected to radio modem, and various forms of user equipmenies, mobile station (Mobile
Station, abbreviation MS), terminal (terminal), terminal device (Terminal Equipment) etc..For convenience of description, sheet
In inventive embodiments, referred to as user equipment or UE.
Step 320, server obtain the total quantity of the first user equipment.
First user equipment is in the current or historical record of server, by IP address to be detected and normal IP
Location and the equipment of server communication.
The service request that server is sent according to user equipment and the corresponding relation of identification information, user equipment to server
In the identification information comprising the user equipment and the corresponding IP address that uses.Server record identification information and corresponding user set
Standby used IP address.From the identification information and the used IP address of corresponding user equipment of record, server statistics
Go out in the current or preset time period of historical record, the identification information using normal IP address and IP address to be detected is corresponding
The total quantity of first user equipment.
Further, the first equipment is in the current or historical record of server, first using normal IP address and after
Use IP address to be detected and the equipment of server communication.If the user equipment with identification information in the preset time period,
Not only normal IP address had first been used but also had used IP address to be detected, then server counts on the user equipment in total quantity;
If the user equipment with identification information in the preset time period, used normal IP address, IP to be detected was not used
Address, then server the user equipment will not be counted in total quantity.
It should be noted that preset time period can be set according to actual conditions.Such as when user logs in subway
During video server, because the flow of the people on subway is larger, and the action of user is not fixed, i.e., using the user of the user equipment
It may may be gone to travel after a period of time in company after a period.In this case, the used IP of the user equipment
Address can be more, and in other words, the user equipment used the probability of normal IP address larger, therefore the preset time period set can
Think one week.When user equipment logs in video server in company, because the employee in company will be in working state, no
Company can be arbitrarily left, therefore the user equipment is smaller using the probability of normal IP address, therefore the preset time period set can be relative
Lengthen, such as one month.In other words, the action of user is not fixed, and the preset time period is set shorter.
Step 330, when total quantity is not less than predetermined number threshold value, server determines IP address to be detected for normal IP
Location.
Predetermined number threshold value is used to weigh the default number of devices that IP address is normal IP address.It is understood that one
The user equipment of individual IP address is more, and the IP address is bigger for the probability of normal IP address, such as the public outlet IP address of subway.
It is not less than predetermined number threshold when using the number of devices of the user equipment of normal IP address and IP address to be detected
During value, it is normal IP address to determine IP address to be detected.
Further, it is determined that IP address to be detected be normal IP address after, server can be normal by what is detected
IP address is stored into normal IP address storehouse, to expand normal IP address storehouse, in order to detect the IP address that other are not detected.
Alternatively, server can not only store the normal IP address detected into normal IP address storehouse, can be with
The number of devices of the user equipment of normal IP address and IP address to be detected, and user equipment will be used to use normal IP
The related information of address and IP address to be detected is stored into normal IP address storehouse.The related information can be that user equipment uses
The order information of normal IP address and IP address to be detected.
In one example, the system construction drawing of server as shown in Figure 4 and user equipment composition, wherein, the server
400 can include normal IP address storehouse 410, Mk system 420, service server 430 and analysis system 440.If server is
Through successfully identifying subway WiFi IP address, and subway WiFi IP address is normal IP address, and server is stored to just
In normal IP address storehouse 410.Subway WiFi is used by user equipment 300 in the subway that one normal users is gone to work in the morning
IP address logs in the application of the server, and at this moment the Mk system 420 of the server is carried out to the user equipment 300 of this user
Mark, distribute to user equipment 300 unique device numbers (such as personal account) of the user.After the user is to company
When logging on the application of the server, sending business to the service server 430 of server again by user equipment 300 please
Ask, the analysis system 440 of the server detects that another is used not in the user according to the device number of the user equipment 300
Know IP address (or IP address to be detected).By current or historical record, count first makes the analysis system 440 of server
With subway WiFi IP address, afterwards using unknown IP address other users equipment total quantity, when identifying that the total quantity is more than
During predetermined number threshold value, it is normal IP address to determine the unknown IP address, and is stored in normal IP address storehouse 410.
In summary, identification information of the application this method by statistics using the user equipment of IP address to be detected, and
The identification information of the user equipment of normal IP address was used, it is determined that using the user of normal IP address and IP address to be detected
The number of devices of equipment.When number of devices is not less than predetermined number threshold value, you can determine IP address to be detected for normal IP
Location, to realize using existing normal IP address, IP address to be detected is analyzed, wherein not sent by IP address to be detected
The few limitation of service request amount, the precision for identifying normal IP address is improved, so as to prevent that normal IP address from being manslaughtered.
The embodiment of the present invention corresponding with the above method also provides a kind of detection means, as shown in figure 5, the detection means can
With including:First acquisition module 510, the second acquisition module 520 and address determination module 530.
First acquisition module 510, for obtaining target UE, target UE passes through IP address to be detected and net
Network equipment communication.
Second acquisition module 520, for obtaining the total quantity of the first user equipment, the first user equipment is current or net
In the historical record of network equipment, pass through IP address to be detected and normal IP address and the equipment of network device communications.
Address determination module 530, for when total quantity is not less than predetermined number threshold value, determining IP address to be detected for just
Normal IP address.
Alternatively, the first acquisition module 510, the service request sent specifically for obtaining second user equipment;
Obtain the IP address that the second user equipment carried in service request uses;
When the IP address of acquisition is not tested, the IP address of acquisition is defined as IP address to be detected, and by second
Equipment is defined as target device.
Alternatively, the first equipment is in the current or historical record of the network equipment, first using normal IP address and after
Use IP address to be detected and the equipment of the network device communications.
Alternatively, the device also includes memory module 540, for determining IP address to be detected in address determination module 530
After normal IP address, the normal IP address detected is stored in normal IP address storehouse.
The function of each functional module at the detection means end, it can be realized by each step of embodiment in above-mentioned Fig. 3,
Its specific implementation process is referred to the associated description of above method embodiment, therefore, detection dress provided in an embodiment of the present invention
Specific work process and beneficial effect are put, is not repeated again herein.
Fig. 6 is the structural representation of a kind of electronic equipment provided in an embodiment of the present invention.As shown in fig. 6, the electronic equipment
It can include:
Processor 610, communication interface 620, memory 630 and communication bus 640, wherein, processor 610, communication interface
620, memory 630 completes mutual communication by communication bus 640,
Memory 630, for depositing computer program;
Processor 610, during for performing the program deposited on memory 630, realize following steps:
Target UE is obtained, target UE passes through IP address to be detected and network device communications;
The network equipment obtains the total quantity of the first user equipment, and the first user equipment is current or the network equipment history
In record, pass through IP address to be detected and normal IP address and the equipment of network device communications
When total quantity is not less than predetermined number threshold value, it is normal IP address to determine IP address to be detected.
Alternatively, target UE is obtained, including:Obtain the service request that second user equipment is sent;
Obtain the IP address that the second user equipment carried in service request uses;
When the IP address of acquisition is not tested, the IP address of acquisition is defined as IP address to be detected, and by second
Equipment is defined as target device.
Alternatively the first equipment is in the current or historical record of the network equipment, first using normal IP address and after make
With IP address to be detected and the equipment of network device communications.
Optionally it is determined that IP address to be detected be normal IP address after, the normal IP address detected is stored in just
In normal IP address storehouse.
The communication bus that above-mentioned electronic equipment is mentioned can be Peripheral Component Interconnect standard (Peripheral Component
Interconnect, PCI) bus or EISA (Extended Industry Standard
Architecture, EISA) bus etc..The communication bus can be divided into address bus, data/address bus, controlling bus etc..For just
Only represented in expression, figure with a thick line, it is not intended that an only bus or a type of bus.
The communication that communication interface is used between above-mentioned electronic equipment and other equipment.
Memory can include random access memory (Random Access Memory, RAM), can also include non-easy
The property lost memory (Non-Volatile Memory, NVM), for example, at least a magnetic disk storage.Optionally, memory may be used also
To be at least one storage device for being located remotely from aforementioned processor.
Above-mentioned processor can be general processor, including central processing unit (Central Processing Unit,
CPU), network processing unit (Network Processor, NP) etc.;It can also be digital signal processor (Digital Signal
Processing, DSP), it is application specific integrated circuit (Application Specific Integrated Circuit, ASIC), existing
It is field programmable gate array (Field-Programmable Gate Array, FPGA) or other PLDs, discrete
Door or transistor logic, discrete hardware components.
In another embodiment provided by the invention, a kind of computer-readable recording medium is additionally provided, the computer can
Read to be stored with instruction in storage medium, when run on a computer so that computer performs any institute in above-described embodiment
The detection method for the IP address stated.
In another embodiment provided by the invention, a kind of computer program product for including instruction is additionally provided, when it
When running on computers so that computer performs the detection method of any described IP address in above-described embodiment.
In the above-described embodiments, can come wholly or partly by software, hardware, firmware or its any combination real
It is existing.When implemented in software, can realize in the form of a computer program product whole or in part.The computer program
Product includes one or more computer instructions.When loading on computers and performing the computer program instructions, all or
Partly produce according to the flow or function described in the embodiment of the present invention.The computer can be all-purpose computer, special meter
Calculation machine, computer network or other programmable devices.The computer instruction can be stored in computer-readable recording medium
In, or the transmission from a computer-readable recording medium to another computer-readable recording medium, for example, the computer
Instruction can pass through wired (such as coaxial cable, optical fiber, numeral from a web-site, computer, server or data center
User's line (DSL)) or wireless (such as infrared, wireless, microwave etc.) mode to another web-site, computer, server or
Data center is transmitted.The computer-readable recording medium can be any usable medium that computer can access or
It is the data storage devices such as server, the data center integrated comprising one or more usable mediums.The usable medium can be with
It is magnetic medium, (for example, floppy disk, hard disk, tape), optical medium (for example, DVD) or semiconductor medium (such as solid state hard disc
Solid State Disk (SSD)) etc..
It should be noted that herein, such as first and second or the like relational terms are used merely to a reality
Body or operation make a distinction with another entity or operation, and not necessarily require or imply and deposited between these entities or operation
In any this actual relation or order.Moreover, term " comprising ", "comprising" or its any other variant are intended to
Nonexcludability includes, so that process, method, article or equipment including a series of elements not only will including those
Element, but also the other element including being not expressly set out, or it is this process, method, article or equipment also to include
Intrinsic key element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that
Other identical element also be present in process, method, article or equipment including the key element.
Each embodiment in this specification is described by the way of related, identical similar portion between each embodiment
Divide mutually referring to what each embodiment stressed is the difference with other embodiment.It is real especially for system
For applying example, because it is substantially similar to embodiment of the method, so description is fairly simple, related part is referring to embodiment of the method
Part explanation.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the scope of the present invention.It is all
Any modification, equivalent substitution and improvements made within the spirit and principles in the present invention etc., are all contained in protection scope of the present invention
It is interior.
Claims (10)
1. a kind of detection method of IP address, it is characterised in that methods described includes:
The network equipment obtains target UE, and the target UE is led to by IP address to be detected and the network equipment
Letter;
The network equipment obtains the total quantity of the first user equipment, and first user equipment sets for current or described network
In standby historical record, pass through the IP address to be detected and normal IP address and the equipment of the network device communications;
When the total quantity is not less than predetermined number threshold value, the network equipment determines that the IP address to be detected is normal IP
Address.
2. according to the method for claim 1, it is characterised in that the network equipment obtains target UE, including:
The network equipment obtains the service request that second user equipment is sent;
The network equipment obtains the IP address that the second user equipment carried in the service request uses;
When the IP address of acquisition is not tested, the IP address of acquisition is defined as IP address to be detected by the network equipment,
And second equipment is defined as the target device.
3. according to the method for claim 1, it is characterised in that first equipment is the current or described network equipment
In historical record, equal first using normal IP address and rear setting using the IP address to be detected and the network device communications
It is standby.
4. according to the method for claim 1, it is characterised in that the network equipment determines the IP address to be detected for just
After normal IP address, methods described also includes:
The normal IP address detected is stored in normal IP address storehouse by the network equipment.
5. a kind of detection means, it is characterised in that described device includes:
First acquisition module, for obtaining target device, the target UE passes through IP address to be detected and the network
Equipment communication;
Second acquisition module, for obtaining the total quantity of the first user equipment, first user equipment is current or described
In the historical record of the network equipment, equal setting by the IP address to be detected and normal IP address and the network device communications
It is standby;
Address determination module, for when the total quantity is not less than predetermined number threshold value, determining that the IP address to be detected is
Normal IP address.
6. device according to claim 5, it is characterised in that first acquisition module, used specifically for obtaining second
The service request that family equipment is sent;
Obtain the IP address that the second user equipment carried in the service request uses;
When the IP address of acquisition is not tested, the IP address of acquisition is defined as IP address to be detected, and by described second
Equipment is defined as the target device.
7. device according to claim 5, it is characterised in that first equipment is the current or described network equipment
In historical record, equal first using normal IP address and rear setting using the IP address to be detected and the network device communications
It is standby.
8. device according to claim 5, it is characterised in that described device also includes memory module;
The memory module, after determining the IP address to be detected for normal IP address in the address determination module,
The normal IP address detected is stored in normal IP address storehouse.
9. a kind of electronic equipment, it is characterised in that it is total that the electronic equipment includes processor, communication interface, memory and communication
Line, wherein, processor, communication interface, memory completes mutual communication by communication bus;
Memory, for depositing computer program;
Processor, during for performing the program deposited on memory, realize any described method and steps of claim 1-4.
10. a kind of computer-readable recording medium, it is characterised in that the computer-readable recording medium internal memory contains computer
Program, the computer program realize claim 1-4 any described method and steps when being executed by processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711070037.1A CN107612946B (en) | 2017-11-03 | 2017-11-03 | IP address detection method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711070037.1A CN107612946B (en) | 2017-11-03 | 2017-11-03 | IP address detection method and device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107612946A true CN107612946A (en) | 2018-01-19 |
| CN107612946B CN107612946B (en) | 2021-09-03 |
Family
ID=61085098
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711070037.1A Active CN107612946B (en) | 2017-11-03 | 2017-11-03 | IP address detection method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107612946B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111224936A (en) * | 2019-11-07 | 2020-06-02 | 中冶赛迪重庆信息技术有限公司 | User abnormal request detection method, system, device and machine readable medium |
| CN112839018A (en) * | 2019-11-25 | 2021-05-25 | 华为技术有限公司 | Degree value generation method and related equipment |
| CN113067913A (en) * | 2021-03-19 | 2021-07-02 | 北京达佳互联信息技术有限公司 | Positioning method, device, server, medium and product |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014079265A1 (en) * | 2012-11-21 | 2014-05-30 | 华为技术有限公司 | Method, apparatus and access device for releasing ip address |
| CN104836696A (en) * | 2014-02-12 | 2015-08-12 | 腾讯科技(深圳)有限公司 | Method and device for detecting IP address |
| CN104980446A (en) * | 2015-06-30 | 2015-10-14 | 百度在线网络技术(北京)有限公司 | Detection method and system for malicious behavior |
| CN105450619A (en) * | 2014-09-28 | 2016-03-30 | 腾讯科技(深圳)有限公司 | Method, device and system of protection of hostile attacks |
| CN106685899A (en) * | 2015-11-09 | 2017-05-17 | 阿里巴巴集团控股有限公司 | Method and device for identifying malicious access |
| CN106878249A (en) * | 2016-08-12 | 2017-06-20 | 阿里巴巴集团控股有限公司 | The recognition methods of illegal purposes resource and device |
-
2017
- 2017-11-03 CN CN201711070037.1A patent/CN107612946B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014079265A1 (en) * | 2012-11-21 | 2014-05-30 | 华为技术有限公司 | Method, apparatus and access device for releasing ip address |
| CN104836696A (en) * | 2014-02-12 | 2015-08-12 | 腾讯科技(深圳)有限公司 | Method and device for detecting IP address |
| CN105450619A (en) * | 2014-09-28 | 2016-03-30 | 腾讯科技(深圳)有限公司 | Method, device and system of protection of hostile attacks |
| CN104980446A (en) * | 2015-06-30 | 2015-10-14 | 百度在线网络技术(北京)有限公司 | Detection method and system for malicious behavior |
| CN106685899A (en) * | 2015-11-09 | 2017-05-17 | 阿里巴巴集团控股有限公司 | Method and device for identifying malicious access |
| CN106878249A (en) * | 2016-08-12 | 2017-06-20 | 阿里巴巴集团控股有限公司 | The recognition methods of illegal purposes resource and device |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111224936A (en) * | 2019-11-07 | 2020-06-02 | 中冶赛迪重庆信息技术有限公司 | User abnormal request detection method, system, device and machine readable medium |
| CN112839018A (en) * | 2019-11-25 | 2021-05-25 | 华为技术有限公司 | Degree value generation method and related equipment |
| CN113067913A (en) * | 2021-03-19 | 2021-07-02 | 北京达佳互联信息技术有限公司 | Positioning method, device, server, medium and product |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107612946B (en) | 2021-09-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11716344B2 (en) | Elastic asset-based licensing model for use in a vulnerability management system | |
| US9462009B1 (en) | Detecting risky domains | |
| US9154516B1 (en) | Detecting risky network communications based on evaluation using normal and abnormal behavior profiles | |
| US9641545B2 (en) | Methods, systems, and computer program products for detecting communication anomalies in a network based on overlap between sets of users communicating with entities in the network | |
| CN111314285B (en) | Method and device for detecting route prefix attack | |
| CN105917632A (en) | A method for scalable distributed network traffic analytics in telco | |
| CN101505247A (en) | Detection method and apparatus for number of shared access hosts | |
| CN110417747B (en) | Method and device for detecting violent cracking behavior | |
| CN110460587A (en) | A kind of exception account detection method, device and computer storage medium | |
| US20150163235A1 (en) | Methods and apparatus to identify an internet protocol address blacklist boundary | |
| CN108596738A (en) | A kind of user behavior detection method and device | |
| CN107682345B (en) | IP address detection method and device and electronic equipment | |
| CN109831462B (en) | Virus detection method and device | |
| CN107733867B (en) | Botnet discovery and protection method, system and storage medium | |
| CN109067794B (en) | Network behavior detection method and device | |
| EP3395035B1 (en) | Malicious network traffic identification | |
| CN105959290A (en) | Detection method and device of attack message | |
| CN107992738A (en) | A kind of account logs in method for detecting abnormality, device and electronic equipment | |
| CN107612946A (en) | Detection method, detection means and the electronic equipment of IP address | |
| US20230283641A1 (en) | Dynamic cybersecurity scoring using traffic fingerprinting and risk score improvement | |
| CN110266668B (en) | Method and device for detecting port scanning behavior | |
| CN106921671B (en) | network attack detection method and device | |
| US20240146753A1 (en) | Automated identification of false positives in dns tunneling detectors | |
| CN109729054B (en) | Access data monitoring method and related equipment | |
| US10819732B1 (en) | Computing device, software application, and computer-implemented method for system-specific real-time threat monitoring |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |