CN108667783A - A kind of Accurate Interception methods, devices and systems for IP address - Google Patents
A kind of Accurate Interception methods, devices and systems for IP address Download PDFInfo
- Publication number
- CN108667783A CN108667783A CN201710214259.XA CN201710214259A CN108667783A CN 108667783 A CN108667783 A CN 108667783A CN 201710214259 A CN201710214259 A CN 201710214259A CN 108667783 A CN108667783 A CN 108667783A
- Authority
- CN
- China
- Prior art keywords
- address
- credit
- interception
- data
- informations
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention provides a kind of Accurate Interception methods, devices and systems for IP address.It is related to internet security field;It solves the problems, such as that fire wall is be easy to cause accidentally to block.This method includes:Judge an IP address be it is doubtful launch a offensive IP address when, initiated to IP credit grade platforms to the inquiry request of the IP address;The response message that the IP credit grades platform returns is received, the credit data of the IP address is carried in the response message;According to preset configuration file, in conjunction with the credit data of the IP address, determine a need for intercepting the IP address.Technical solution provided by the invention realizes high-precision IP address and intercepts.
Description
Technical field
The present invention relates to internet security field more particularly to a kind of Accurate Interception method and systems for IP address.
Background technology
Network level firewall can be considered a kind of IP Packet Filters, operate on the ICP/IP protocol storehouse of bottom.It can be with
In a manner of enumerating, the package for only permitting compliance with ad hoc rules passes through, remaining forbid passing through without exception fire wall (except virus,
Fire wall cannot prevent Virus entry).These rules usually can be defined or be changed via administrator, but certain fire walls are set
It is standby can only to apply mechanically built-in rule.
Firewall rule can also be formulated with another looser angle, as long as not meet any one " no for package
Set pattern is then " just let pass.Operating system and the network equipment built-in firewall function mostly.
Newer fire wall can be filtered using various attribute of package, such as:Source IP addresses, source port
Number, purpose IP address or port numbers, service type (such as HTTP or FTP).Also can via communication protocol, ttl value, source net
Domain name claims or the network segment ... waits attributes to be filtered.
Existing interception scheme is intercepted by unalterable rules, and the granularity analyzed access request is excessive, dimension is too low, to visiting
The person's of asking analysis is insufficient, causes normally to access and accidentally be blocked, seriously reduces network transmission efficiency and reliability.
Invention content
Present invention seek to address that problem as described above.
According to the first aspect of the invention, a kind of Accurate Interception method for IP address is provided, including:
Judge an IP address be it is doubtful launch a offensive IP address when, to IP credit grade platforms initiate to the IP address
Inquiry request;
The response message that the IP credit grades platform returns is received, the IP address is carried in the response message
Credit data;
According to preset configuration file, in conjunction with the credit data of the IP address, determine a need for the IP address
It is intercepted.
Preferably, the credit data of the IP address includes at least any or arbitrary multinomial in following information:
IP attribute informations, IP behavioural informations and IP stain data informations,
Wherein, the IP attribute informations are specially the probability of the IP address user identity, the IP behavioural informations tool
Body is the IP address number of users information and/or IP liveness information, and the IP stains data information is specially the IP
The stain score of location.
Preferably, the configuration file includes multiple interceptions rule, and each rule that intercepts includes at least appointing in the following conditions
One or arbitrary is multinomial:
Number of users restrictive condition and/or IP liveness restrictive conditions, IP address user's identity probabilistic constraints, IP
Stain score restrictive condition,
According to preset configuration file, in conjunction with the credit data of the IP address, determine a need for the IP address
The step of being intercepted include:
When any interception rule match in credit data and the configuration file of the IP address, judge to described
IP address is intercepted;
When the credit data of the IP address is mismatched with any interception rule in the configuration file, judgement is not
The IP address is intercepted.
According to another aspect of the present invention, a kind of Accurate Interception method for IP address is provided, including:
Receive intercepting system judge an IP address be it is doubtful launch a offensive IP address when initiate to the IP address
Inquiry request;
To the intercepting system returning response message, the credit number of the IP address is carried in the response message
According to judging whether to intercept the IP address for the intercepting system.
Preferably, the credit data of the IP address includes at least any or arbitrary multinomial in following information:
IP attribute informations, IP behavioural informations and IP stain data informations,
Wherein, the IP attribute informations are specially the probability of the IP address user identity, the IP behavioural informations tool
Body is the IP address number of users information and/or IP liveness information, and the IP stains data information is specially the IP
The stain score of location.
Preferably, this method further includes:
Collector journal file, analysis collect obtained journal file, obtain the credit data of each IP address.
According to another aspect of the present invention, a kind of Accurate Interception device for IP address is provided, including:
Enquiry module, for judge an IP address be it is doubtful launch a offensive IP address when, to IP credit grade platforms send out
Play the inquiry request to the IP address;
Data reception module, the response message returned for receiving the IP credit grades platform, in the response message
In carry the credit data of the IP address;
Determination module is intercepted, for determining whether in conjunction with the credit data of the IP address according to preset configuration file
It needs to intercept the IP address.
Preferably, the credit data of the IP address includes at least any or arbitrary multinomial in following information:
IP attribute informations, IP behavioural informations and IP stain data informations,
Wherein, the IP attribute informations are specially the probability of the IP address user identity, the IP behavioural informations tool
Body is the IP address number of users information and/or IP liveness information, and the IP stains data information is specially the IP
The stain score of location,
The configuration file includes multiple interceptions rule, and each interception rule includes at least any or arbitrary in the following conditions
It is multinomial:
Number of users restrictive condition and/or IP liveness restrictive conditions, IP address user's identity probabilistic constraints, IP
Stain score restrictive condition,
The interception determination module is specifically used for the credit data in the IP address and any in the configuration file
When intercepting rule match, judgement intercepts the IP address, in credit data and the configuration file of the IP address
In any interception rule when mismatching, judgement does not intercept the IP address.
According to another aspect of the present invention, a kind of Accurate Interception device for IP address is provided, including:
Inquire-receive module, for receive intercepting system judge an IP address be it is doubtful launch a offensive IP address when initiate
The inquiry request to the IP address;
Data return to module, for the intercepting system returning response message, being carried in the response message
The credit data for stating IP address judges whether to intercept the IP address for the intercepting system.
Preferably, which further includes:
IP analysis modules, are used for collector journal file, and analysis collects obtained journal file, obtains the credit of each IP address
Data.
According to another aspect of the present invention, a kind of Accurate Interception system for IP address is provided, including intercepts subsystem
System and IP credit grade platforms;
The interception subsystem, for judge an IP address be it is doubtful launch a offensive IP address when, to IP credit grades
Platform initiates the inquiry request to the IP address, the response message that the IP credit grades platform returns is received, in the sound
The credit data that the IP address is carried in message is answered, according to preset configuration file, in conjunction with the credit number of the IP address
According to determining a need for intercepting the IP address;
The IP credit grades platform is judging that an IP address is doubtful launches a offensive for receiving the interception subsystem
The inquiry request to the IP address initiated when IP address, to the interception subsystem returning response message, in the response
The credit data that the IP address is carried in message judges whether to block the IP address for the interception subsystem
It cuts.
Preferably, the credit data of the IP address includes at least any or arbitrary multinomial in following information:
IP attribute informations, IP behavioural informations and IP stain data informations,
Wherein, the IP attribute informations are specially the probability of the IP address user identity, the IP behavioural informations tool
Body is the IP address number of users information and/or IP liveness information, and the IP stains data information is specially the IP
The stain score of location,
The configuration file includes multiple interceptions rule, and each interception rule includes at least any or arbitrary in the following conditions
It is multinomial:
Number of users restrictive condition and/or IP liveness restrictive conditions, IP address user's identity probabilistic constraints, IP
Stain score restrictive condition,
The interception subsystem is blocked specifically for the credit data in the IP address with any in the configuration file
When cut rule matches, judgement intercepts the IP address, in the credit data and the configuration file of the IP address
Any interception rule when mismatching, judgement does not intercept the IP address.
Being described below for exemplary embodiment is read with reference to the drawings, other property features of the invention and advantage will
It is apparent from.
Description of the drawings
It is incorporated into specification and the attached drawing of a part for constitution instruction shows the embodiment of the present invention, and with
Principle for explaining the present invention together is described.In the drawings, similar reference numeral is for indicating similar element.Under
Attached drawing in the description of face is some embodiments of the present invention, rather than whole embodiments.Those of ordinary skill in the art are come
It says, it without creative efforts, can be obtain other attached drawings according to these attached drawings.
Fig. 1 schematically illustrates a kind of Accurate Interception method for IP address of the offer of the embodiment of the present invention one
Flow;
Fig. 2 schematically illustrates existing WEB firewall systems framework;
Fig. 3 schematically illustrates a kind of knot of Accurate Interception device for IP address of the offer of implementation two of the present invention
Structure;
Fig. 4 schematically illustrate that the implementation two of the present invention provides another for IP address Accurate Interception device
Structure;
Fig. 5 schematically illustrates a kind of Accurate Interception system for IP address of the offer of the embodiment of the present invention two
Application scenarios.
Specific implementation mode
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
The every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.It needs
Illustrate, in the absence of conflict, the features in the embodiments and the embodiments of the present application mutually can be combined arbitrarily.
Existing interception scheme is intercepted by unalterable rules, and the granularity analyzed access request is excessive, dimension is too low, to visiting
The person's of asking analysis is insufficient, causes normally to access and accidentally be blocked, seriously reduces network transmission efficiency and reliability.
To solve the above-mentioned problems, the Accurate Interception method that the embodiment provides a kind of for IP address, dress
It sets and system.The technical solution that embodiment through the invention provides, on the basis for not influencing fire wall original structure and function
On, it increases to the secondary authentication mechanism of suspicious IP address, interception is improved on the basis for ensureing fire wall intercepting efficiency
Accuracy rate effectively prevents the generation accidentally blocked.
First in conjunction with attached drawing, the embodiment of the present invention one is illustrated.
An embodiment of the present invention provides a kind of Accurate Interception methods for IP address, complete IP address using this method and block
The flow cut is as shown in Figure 1, include:
Step 101, intercepting system judge an IP address be it is doubtful launch a offensive IP address when, to IP credit grade platforms
Initiate the inquiry request to the IP address;
In this step, intercepting system is filtered access request according to preset filtering rule, is detecting doubtful hair
When playing the IP address of attack, directly the IP address is not intercepted, but is directed to the doubtful IP address to IP credit grades
Platform initiates inquiry request, starts the secondary verification to the IP address.
Intercepting system involved in the embodiment of the present invention is to have the system for intercepting and operating to IP, generally uses single fixation
Interception rule (such as doubtful launch a offensive intercept), response speed is very fast, but owes accurate to the judgement that IP address intercepts.Specifically
, intercepting system can be fire wall or firewall system.
It is illustrated by taking fire wall as an example below.
Step 102, to the intercepting system returning response message, the IP address is carried in the response message
Credit data judges whether to intercept the IP address for the intercepting system;
In this step, IP credit grade platforms receive fire wall judge an IP address be it is doubtful launch a offensive IP address when
The inquiry request to the IP address initiated, specifically, doubtful IP address of launching a offensive can be the black and white of firewall configuration
IP other than list, alternatively, the IP of the blacklist of firewall configuration and not in blacklist but being detected as abnormal IP, certainly
It can also be all access IP, inquire local IP address credit data, obtain the credit number of the IP address of fire wall inquiry
According to the credit data is returned to fire wall by response message.
Configuration file can be used as a part for intercepting system, be judged by intercepting system combination configuration file work.It can also make
For a function module independently of existing intercepting system, the judgement for intercepting operation is completed with intercepting system collective effect, such as
It is integrated on IP credit grade platforms.
The credit data of IP address includes, but is not limited to any or arbitrary multinomial in following information:
IP attribute informations, IP behavioural informations and IP stain data informations,
Wherein, the IP attribute informations are specially the probability of the IP address user identity, the IP behavioural informations tool
Body is the IP address number of users information and/or IP liveness information, and the IP stains data information is specially the IP
The stain score of location.
Wherein, IP liveness information is to react the active index of certain IP internet access behavior.
Specifically, the stain score of IP address, can obtain according to the number being present in third party's blacklist, such as
The number that certain IP address is present in third party's blacklist is more, and credit stain score is higher, is not present in blacklist then
Stain score is 0.
The credit data of IP address can be fixed configurations, subsequently edit according to actual needs to IP address credit data
Configuration;Can also be to be based on big data platform, collector journal file generates after analyzing journal file.
Configuration file can be arranged according to the needs of current application in fire wall, in conjunction with credit data and the configuration text of IP address
Part, relative to the single verification mode of fire wall, IP credit grades platform can verify the IP using multiple verification condition multidimensional
The legitimacy of address.IP credit grades platform can also be collected arrangement to the related data of IP address, in data mining
On the basis of analyzing IP address behavioural characteristic, the credit data of IP address is established with this, for precise IP Address interception foundation is provided.
Step 103, intercepting system determine whether according to preset configuration file in conjunction with the credit data of the IP address
It needs to intercept the IP address;
In this step, fire wall receives the response message and is matched in conjunction with preset according to IP address credit data therein
File is set, to that whether should carry out intercepting the secondary judgement of progress.
The configuration file includes multiple interceptions rule, and each interception rule includes at least any or arbitrary in the following conditions
It is multinomial:
Number of users restrictive condition and/or IP liveness restrictive conditions, IP address user's identity probabilistic constraints, IP
Stain score restrictive condition,
According to preset configuration file, in conjunction with the credit data of the IP address, determine a need for the IP address
The step of being intercepted include:
When any interception rule match in credit data and the configuration file of the IP address, judge to described
IP address is intercepted;
When the credit data of the IP address is mismatched with any interception rule in the configuration file, judgement is not
The IP address is intercepted.
For example, the credit data of IP address shows:For example, IP address is export enterprise IP probability 55%, exported for family
IP probability 30% is true man's probability 15%, and creditable stain, IP credit stain scores are 2, and number of users is 51-100 people, such as
Configuration file is configured with interception condition:True man's probability is intercepted less than 30%, then is intercepted.
Preferably, include also clearance condition in the configuration file, meet the release permit in the credit data of IP address
When part, the IP address is without intercepting and/or being added white list.It is configured with pass-through rule for the example above, such as configuration file:
Number of users is more than 10 people without interception and white list is permanently added, then white list is added in the IP address.
Preferably, it is additionally provided with blacklist and white list in intercepting system, can also be configured with and block in configuration file
Under certain condition the existing blacklist of intercepting system or white list is added in IP address by the condition of cutting, instruction.
Below in conjunction with the accompanying drawings, the embodiment of the present invention three is illustrated.
Traditional IP intercepting systems are generally intercepted by single condition, WEB firewall systems as shown in Figure 2, IP
Comprising three kinds of blacklist, white list and abnormality detection classification in the administrative mechanism of location, the IP indicate blacklist and abnormality detection
Location directly intercepts, and the single machinery of Rule of judgment be easy to cause and accidentally blocks.
In view of the above problems, an embodiment of the present invention provides a kind of Accurate Interception system for IP address, including intercept
Subsystem and IP credit grade platforms;
The interception subsystem, for judge an IP address be it is doubtful launch a offensive IP address when, to IP credit grades
Platform initiates the inquiry request to the IP address, the response message that the IP credit grades platform returns is received, in the sound
The credit data that the IP address is carried in message is answered, according to preset configuration file, in conjunction with the credit number of the IP address
According to determining a need for intercepting the IP address;
The IP credit grades platform is judging that an IP address is doubtful launches a offensive for receiving the interception subsystem
The inquiry request to the IP address initiated when IP address, to the interception subsystem returning response message, in the response
The credit data that the IP address is carried in message judges whether to block the IP address for the interception subsystem
It cuts.
Preferably, the credit data of the IP address includes at least any or arbitrary multinomial in following information:
IP attribute informations, IP behavioural informations and IP stain data informations,
Wherein, the IP attribute informations are specially the probability of the IP address user identity, the IP behavioural informations tool
Body is the IP address number of users information and/or IP liveness information, and the IP stains data information is specially the IP
The stain score of location,
The configuration file includes multiple interceptions rule, and each interception rule includes at least any or arbitrary in the following conditions
It is multinomial:
Number of users restrictive condition and/or IP liveness restrictive conditions, IP address user's identity probabilistic constraints, IP
Stain score restrictive condition,
The interception subsystem is blocked specifically for the credit data in the IP address with any in the configuration file
When cut rule matches, judgement intercepts the IP address, in the credit data and the configuration file of the IP address
Any interception rule when mismatching, judgement does not intercept the IP address.
The embodiment of the present invention additionally provides a kind of Accurate Interception device for IP address, and structure is as shown in figure 3, packet
It includes:
Enquiry module 301, for judge an IP address be it is doubtful launch a offensive IP address when, to IP credit grade platforms
Initiate the inquiry request to the IP address;
Data reception module 302, the response message returned for receiving the IP credit grades platform disappear in the response
The credit data of the IP address is carried in breath;
Determination module 303 is intercepted, for judging in conjunction with the credit data of the IP address according to preset configuration file
Whether need to intercept the IP address.
Preferably, the credit data of the IP address includes at least any or arbitrary multinomial in following information:
IP attribute informations, IP behavioural informations and IP stain data informations,
Wherein, the IP attribute informations are specially the probability of the IP address user identity, the IP behavioural informations tool
Body is the IP address number of users information and/or IP liveness information, and the IP stains data information is specially the IP
The stain score of location,
The configuration file includes multiple interceptions rule, and each interception rule includes at least any or arbitrary in the following conditions
It is multinomial:
Number of users restrictive condition and/or IP liveness restrictive conditions, IP address user's identity probabilistic constraints, IP
Stain score restrictive condition,
The interception determination module 303 is specifically used in the credit data and the configuration file of the IP address
When any interception rule match, judgement intercepts the IP address,
When the credit data of the IP address is mismatched with any interception rule in the configuration file, judgement is not
The IP address is intercepted.
Accurate Interception device for IP address as shown in Figure 3, which can be integrated in, to be intercepted in subsystem, by interception subsystem
Realize corresponding function.
The embodiment of the present invention additionally provides a kind of Accurate Interception device for IP address, and structure is as shown in figure 4, packet
It includes:
Inquire-receive module 401, for receive intercepting system judge an IP address be it is doubtful launch a offensive IP address when
The inquiry request to the IP address initiated;
Data return to module 402, for the intercepting system returning response message, being carried in the response message
The credit data of the IP address judges whether to intercept the IP address for the intercepting system.
Preferably, which further includes:
IP analysis modules 403, are used for collector journal file, and analysis collects obtained journal file, obtains each IP address
Credit data.
Accurate Interception device for IP address as shown in Figure 4 can be integrated in IP credit grade platforms, by IP credits etc.
Grade platform realizes corresponding function.
Accurate Interception system provided in an embodiment of the present invention for IP address can be used as an autonomous system, pass through interface
For existing IP hooking system service calls;Also can by intercept subsystem be integrated in existing IP intercepting systems, intercept subsystem with
IP credit grade platforms carry out data interaction, realize two more accurately refined of the unusual IP addresses detected to IP intercepting systems
Secondary verification.By taking IP intercepting systems are WEB firewall systems as an example, as shown in figure 5, provided in an embodiment of the present invention be directed to IP address
Accurate Interception system can be combined with existing WEB firewall systems, WEB firewall system original functions are constant, ensure
To the response speed of abnormal doubtful attack IP address, on the basis of Rapid Detection unusual IP addresses, further through for IP
The Accurate Interception system of location provides IP credit datas, the further judgement to the unusual IP addresses of detection is carried out, finally to determine
Whether intercepted, ensure that IP address intercepts the accuracy of operation.
The embodiment provides a kind of Accurate Interception methods, devices and systems for IP address, intercepting systems
Judge an IP address be it is doubtful launch a offensive IP address when, to IP credit grade platforms initiation the inquiry of the IP address is asked
It asks, IP credit grades platform carries the IP address to the intercepting system returning response message in the response message
Credit data, judge whether to intercept the IP address for the intercepting system, intercepting system receives the IP credits
The response message that grade platform returns, in conjunction with the credit data of the IP address, determines whether to need according to preset configuration file
The IP address is intercepted.On the basis of the intercepting systems structure such as existing fire wall, a kind of secondary verification is provided
Mechanism.Existing fire wall, which intercepts, is directed to the real-time behavior of IP address, although response speed is fast, due to fire wall processing capacity and
Network structure limits, and fire wall intercepts the single fixation of condition, be easy to cause and accidentally blocks.And the technical side that the embodiment of the present invention provides
Case can tentatively obtain fire wall by the platform doubtful according to the customized IP credit grade platforms of practical application request
The unusual IP addresses launched a offensive carry out the secondary verification of smaller particle size more various dimensions, are remaining firewall security sexual function
On the basis of, the accuracy of interception is further increased, network reliability is substantially increased and accesses quality, realize high-precision
IP address intercepts, and solves the problems, such as that fire wall is be easy to cause and accidentally blocks.
Descriptions above can combine implementation individually or in various ways, and these variants all exist
Within protection scope of the present invention.
Finally it should be noted that:The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations.Although
Present invention has been described in detail with reference to the aforementioned embodiments, it will be understood by those of ordinary skill in the art that:It still may be used
With technical scheme described in the above embodiments is modified or equivalent replacement of some of the technical features;
And these modifications or replacements, various embodiments of the present invention technical solution that it does not separate the essence of the corresponding technical solution spirit and
Range.
Claims (12)
1. a kind of Accurate Interception method for IP address, which is characterized in that including:
Judge an IP address be it is doubtful launch a offensive IP address when, to IP credit grade platforms initiation the IP address is looked into
Ask request;
The response message that the IP credit grades platform returns is received, the letter of the IP address is carried in the response message
Use data;
According to preset configuration file, in conjunction with the credit data of the IP address, determine a need for carrying out the IP address
It intercepts.
2. the Accurate Interception method according to claim 1 for IP address, which is characterized in that the credit of the IP address
Data include at least any or arbitrary multinomial in following information:
IP attribute informations, IP behavioural informations and IP stain data informations,
Wherein, the IP attribute informations are specially the probability of the IP address user identity, and the IP behavioural informations are specially
The IP address number of users information and/or IP liveness information, the IP stains data information are specially the IP address
Stain score.
3. the Accurate Interception method according to claim 3 for IP address, which is characterized in that the configuration file includes
Multiple interception rules, each rule that intercepts is including at least any or arbitrary multinomial in the following conditions:
Number of users restrictive condition and/or IP liveness restrictive conditions, IP address user's identity probabilistic constraints, IP stains
Score restrictive condition,
According to preset configuration file, in conjunction with the credit data of the IP address, determine a need for carrying out the IP address
The step of interception includes:
When any interception rule match in credit data and the configuration file of the IP address, judgement is to the IP
Location is intercepted;
When the credit data of the IP address is mismatched with any interception rule in the configuration file, judge not to institute
IP address is stated to be intercepted.
4. a kind of Accurate Interception method for IP address, which is characterized in that including:
Receive intercepting system judge an IP address be it is doubtful launch a offensive IP address when the inquiry to the IP address initiated
Request;
To the intercepting system returning response message, the credit data of the IP address is carried in the response message, is supplied
The intercepting system judges whether to intercept the IP address.
5. the Accurate Interception method according to claim 4 for IP address, which is characterized in that the credit of the IP address
Data include at least any or arbitrary multinomial in following information:
IP attribute informations, IP behavioural informations and IP stain data informations,
Wherein, the IP attribute informations are specially the probability of the IP address user identity, and the IP behavioural informations are specially
The IP address number of users information and/or IP liveness information, the IP stains data information are specially the IP address
Stain score.
6. the Accurate Interception method according to claim 4 for IP address, which is characterized in that this method further includes:
Collector journal file, analysis collect obtained journal file, obtain the credit data of each IP address.
7. a kind of Accurate Interception device for IP address, which is characterized in that including:
Enquiry module, for judge an IP address be it is doubtful launch a offensive IP address when, to IP credit grade platforms initiate pair
The inquiry request of the IP address;
Data reception module, the response message returned for receiving the IP credit grades platform, takes in the response message
Credit data with the IP address;
Determination module is intercepted, for being determined a need in conjunction with the credit data of the IP address according to preset configuration file
The IP address is intercepted.
8. the Accurate Interception device according to claim 7 for IP address, which is characterized in that the credit of the IP address
Data include at least any or arbitrary multinomial in following information:
IP attribute informations, IP behavioural informations and IP stain data informations,
Wherein, the IP attribute informations are specially the probability of the IP address user identity, and the IP behavioural informations are specially
The IP address number of users information and/or IP liveness information, the IP stains data information are specially the IP address
Stain score,
The configuration file includes multiple interceptions rule, and each interception rule includes at least any or arbitrary more in the following conditions
:
Number of users restrictive condition and/or IP liveness restrictive conditions, IP address user's identity probabilistic constraints, IP stains
Score restrictive condition,
The interception determination module is specifically used for the credit data in the IP address and any interception in the configuration file
When rule match, judgement intercepts the IP address, in the credit data and the configuration file of the IP address
When any interception rule mismatches, judgement does not intercept the IP address.
9. a kind of Accurate Interception device for IP address, which is characterized in that including:
Inquire-receive module, for receive intercepting system judge an IP address be it is doubtful launch a offensive IP address when pair initiated
The inquiry request of the IP address;
Data return to module, for the intercepting system returning response message, the IP to be carried in the response message
The credit data of address judges whether to intercept the IP address for the intercepting system.
10. the Accurate Interception device according to claim 9 for IP address, which is characterized in that the device further includes:
IP analysis modules, are used for collector journal file, and analysis collects obtained journal file, obtains the credit number of each IP address
According to.
11. a kind of Accurate Interception system for IP address, which is characterized in that flat with IP credit grades including intercepting subsystem
Platform;
The interception subsystem, for judge an IP address be it is doubtful launch a offensive IP address when, to IP credit grade platforms
The inquiry request to the IP address is initiated, the response message that the IP credit grades platform returns is received, is disappeared in the response
The credit data that the IP address is carried in breath is sentenced according to preset configuration file in conjunction with the credit data of the IP address
It is fixed whether to need to intercept the IP address;
The IP credit grades platform, for receive the interception subsystem judge an IP address be it is doubtful with launching a offensive IP
The inquiry request to the IP address initiated when location, to the interception subsystem returning response message, in the response message
In carry the credit data of the IP address, judge whether to intercept the IP address for the interception subsystem.
12. address intercepting system according to claim 11, which is characterized in that the credit data of the IP address at least wraps
It includes any or arbitrary multinomial in following information:
IP attribute informations, IP behavioural informations and IP stain data informations,
Wherein, the IP attribute informations are specially the probability of the IP address user identity, and the IP behavioural informations are specially
The IP address number of users information and/or IP liveness information, the IP stains data information are specially the IP address
Stain score,
The configuration file includes multiple interceptions rule, and each interception rule includes at least any or arbitrary more in the following conditions
:
Number of users restrictive condition and/or IP liveness restrictive conditions, IP address user's identity probabilistic constraints, IP stains
Score restrictive condition,
The interception subsystem is specifically used for advising with any interception in the configuration file in the credit data of the IP address
When then matching, judgement intercepts the IP address, in the credit data of the IP address and appointing in the configuration file
When one interception rule mismatches, judgement does not intercept the IP address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710214259.XA CN108667783B (en) | 2017-04-01 | 2017-04-01 | A kind of Accurate Interception methods, devices and systems for IP address |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710214259.XA CN108667783B (en) | 2017-04-01 | 2017-04-01 | A kind of Accurate Interception methods, devices and systems for IP address |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108667783A true CN108667783A (en) | 2018-10-16 |
| CN108667783B CN108667783B (en) | 2019-05-17 |
Family
ID=63784270
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710214259.XA Active CN108667783B (en) | 2017-04-01 | 2017-04-01 | A kind of Accurate Interception methods, devices and systems for IP address |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108667783B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109617914A (en) * | 2019-01-15 | 2019-04-12 | 成都知道创宇信息技术有限公司 | A kind of cloud security means of defence based on IP reference |
| CN109660552A (en) * | 2019-01-03 | 2019-04-19 | 杭州电子科技大学 | A kind of Web defence method combining address jump and WAF technology |
| CN113992358A (en) * | 2021-09-29 | 2022-01-28 | 杭州迪普科技股份有限公司 | Method and device for distributing network security policy |
| CN114157499A (en) * | 2021-12-07 | 2022-03-08 | 中信银行股份有限公司 | Elastic safety protection method and system based on IP value evaluation |
| CN115296893A (en) * | 2022-08-02 | 2022-11-04 | 北京天融信网络安全技术有限公司 | Method, device, system and medium for detecting address information abnormity |
| CN116260651A (en) * | 2023-03-14 | 2023-06-13 | 云盾智慧安全科技有限公司 | Method and device for judging Web request intercepted by mistake |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1746916A (en) * | 2005-10-25 | 2006-03-15 | 二六三网络通信股份有限公司 | Network IP address credit assessment and use in electronic mail system |
| US7610344B2 (en) * | 2004-12-13 | 2009-10-27 | Microsoft Corporation | Sender reputations for spam prevention |
| CN103618730A (en) * | 2013-12-04 | 2014-03-05 | 天津大学 | Website DDOS attack defense system and method based on integral strategy |
| CN103685318A (en) * | 2013-12-31 | 2014-03-26 | 山石网科通信技术有限公司 | Data processing method and device for protecting network security |
| CN105450619A (en) * | 2014-09-28 | 2016-03-30 | 腾讯科技(深圳)有限公司 | Method, device and system of protection of hostile attacks |
| CN106506553A (en) * | 2016-12-28 | 2017-03-15 | 北京神州绿盟信息安全科技股份有限公司 | A kind of Internet protocol IP filter methods and system |
-
2017
- 2017-04-01 CN CN201710214259.XA patent/CN108667783B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7610344B2 (en) * | 2004-12-13 | 2009-10-27 | Microsoft Corporation | Sender reputations for spam prevention |
| CN1746916A (en) * | 2005-10-25 | 2006-03-15 | 二六三网络通信股份有限公司 | Network IP address credit assessment and use in electronic mail system |
| CN103618730A (en) * | 2013-12-04 | 2014-03-05 | 天津大学 | Website DDOS attack defense system and method based on integral strategy |
| CN103685318A (en) * | 2013-12-31 | 2014-03-26 | 山石网科通信技术有限公司 | Data processing method and device for protecting network security |
| CN105450619A (en) * | 2014-09-28 | 2016-03-30 | 腾讯科技(深圳)有限公司 | Method, device and system of protection of hostile attacks |
| CN106506553A (en) * | 2016-12-28 | 2017-03-15 | 北京神州绿盟信息安全科技股份有限公司 | A kind of Internet protocol IP filter methods and system |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109660552A (en) * | 2019-01-03 | 2019-04-19 | 杭州电子科技大学 | A kind of Web defence method combining address jump and WAF technology |
| CN109617914A (en) * | 2019-01-15 | 2019-04-12 | 成都知道创宇信息技术有限公司 | A kind of cloud security means of defence based on IP reference |
| CN113992358A (en) * | 2021-09-29 | 2022-01-28 | 杭州迪普科技股份有限公司 | Method and device for distributing network security policy |
| CN113992358B (en) * | 2021-09-29 | 2023-07-07 | 杭州迪普科技股份有限公司 | Distribution method and device of network security policy |
| CN114157499A (en) * | 2021-12-07 | 2022-03-08 | 中信银行股份有限公司 | Elastic safety protection method and system based on IP value evaluation |
| CN115296893A (en) * | 2022-08-02 | 2022-11-04 | 北京天融信网络安全技术有限公司 | Method, device, system and medium for detecting address information abnormity |
| CN116260651A (en) * | 2023-03-14 | 2023-06-13 | 云盾智慧安全科技有限公司 | Method and device for judging Web request intercepted by mistake |
| CN116260651B (en) * | 2023-03-14 | 2024-08-16 | 云盾智慧安全科技有限公司 | Method and device for judging Web request intercepted by mistake |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108667783B (en) | 2019-05-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108667783B (en) | A kind of Accurate Interception methods, devices and systems for IP address | |
| CN110611723B (en) | Scheduling method and device of service resources | |
| US9503477B2 (en) | Network policy assignment based on user reputation score | |
| US7478429B2 (en) | Network overload detection and mitigation system and method | |
| CN109194680B (en) | Network attack identification method, device and equipment | |
| EP2136526A1 (en) | Method, device for identifying service flows and method, system for protecting against a denial of service attack | |
| JP6438534B2 (en) | System and method for performing secure online banking transactions | |
| CN111092910B (en) | Database security access method, device, equipment, system and readable storage medium | |
| US11128670B2 (en) | Methods, systems, and computer readable media for dynamically remediating a security system entity | |
| US11429698B2 (en) | Method and apparatus for identity authentication, server and computer readable medium | |
| CN107046516B (en) | Wind control method and device for identifying mobile terminal identity | |
| CN106471772B (en) | Utilize the method and system of client computer route control system test problems cause client computer | |
| WO2018177167A1 (en) | Method for analyzing ip address, system, computer readable storage medium, and computer device | |
| WO2017215553A1 (en) | Short message monitoring method, device and monitoring center | |
| Han et al. | Game traffic classification using statistical characteristics at the transport layer | |
| Sedaghat | The Forensics of DDoS Attacks in the Fifth Generation Mobile Networks Based on Software-Defined Networks. | |
| CN113922977A (en) | Anti-cheating method and system based on mobile terminal | |
| KR101160903B1 (en) | Blacklist extracting system and method thereof | |
| US8661102B1 (en) | System, method and computer program product for detecting patterns among information from a distributed honey pot system | |
| RU2303811C1 (en) | Remote user authentication method and the system for realization of the method | |
| CN107787500A (en) | Message provides and evaluation system | |
| CN111932290A (en) | Request processing method, device, equipment and storage medium | |
| CN117082147B (en) | Application network access control method, system, device and medium | |
| CN108134697B (en) | Hadoop architecture cloud platform risk assessment and early warning method | |
| CN115733632B (en) | Target object detection method, device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 100015 5 floor, block E, 201 IT tower, electronic city, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Applicant after: GUIZHOU BAISHANCLOUD TECHNOLOGY Co.,Ltd. Address before: 100015 5 floor, block E, 201 IT tower, electronic city, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Applicant before: GUIZHOU BAISHANCLOUD TECHNOLOGY Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20181107 Address after: 100015 Beijing Chaoyang District Jiuxianqiao North Road 10 hospital 201 Building 5 floor 505 inside 02 Applicant after: BEIJING SHUAN XINYUN INFORMATION TECHNOLOGY Co.,Ltd. Address before: 100015 5 floor, block E, 201 IT tower, electronic city, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Applicant before: GUIZHOU BAISHANCLOUD TECHNOLOGY Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1262067 Country of ref document: HK |