CN111970269A - Server access behavior identification method and device and server - Google Patents
Server access behavior identification method and device and server Download PDFInfo
- Publication number
- CN111970269A CN111970269A CN202010817655.3A CN202010817655A CN111970269A CN 111970269 A CN111970269 A CN 111970269A CN 202010817655 A CN202010817655 A CN 202010817655A CN 111970269 A CN111970269 A CN 111970269A
- Authority
- CN
- China
- Prior art keywords
- access
- preset
- behavior
- access behavior
- track
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The method determines at least one preset normal access track corresponding to the target service according to a preset access flow after determining the target service corresponding to a preset service port receiving an access request, then compares an actual access track corresponding to the current access behavior with each preset normal access track, judges that the current access behavior is a normal access behavior if the actual access track is consistent with any one of the preset normal access tracks, and judges that the current access behavior is an abnormal access behavior if the actual access track is not consistent with each normal access track. Compared with the prior art, the method can effectively avoid misjudgment of the access behavior of the passenger with high-frequency access requirement, and improve the accuracy of the identification result.
Description
Technical Field
The invention belongs to the technical field of computers, and particularly relates to a method and a device for identifying server access behaviors and a server.
Background
With the application development of the internet technology, a plurality of industries provide convenient and fast services for customers based on the server, and in terms of civil aviation industry, the server of an airline company can provide various services such as airline ticket booking, booking off, check-in, paying-in and the like for passengers according to specific access behaviors of the passengers, so that users can obtain good service experience.
In practical applications, the airline server not only needs to handle normal access behaviors of passengers, but also is interfered by abnormal access behaviors initiated by a machine crawler. The abnormal access behavior initiated by the machine crawler not only occupies a large amount of hardware resources and network resources of the server, but also more importantly, poses a serious threat to the information security of the server, and therefore, the access behavior of the server needs to be identified, and corresponding processing measures are taken for the abnormal access behavior to ensure the safe operation of the server.
In the prior art, server access behaviors are mostly identified by counting the occurrence frequency of the access behaviors, specifically, if the access frequency of a certain passenger for the same service exceeds a preset frequency threshold, the current access behavior of the passenger is determined to be an abnormal access behavior, and corresponding abnormal access behavior processing measures are taken. However, for the passengers who really have high frequency access requirements, the existing identification method has the possibility of misjudgment and is not high in identification accuracy.
Disclosure of Invention
In view of this, an object of the present invention is to provide a method, an apparatus, and a server for identifying a server access behavior, in which a preset normal access trajectory is compared with an obtained actual access trajectory to identify the server access behavior, so as to improve accuracy of an identification result, and a specific scheme is as follows:
in a first aspect, the present invention provides a method for identifying a server access behavior, including:
responding to an access request received by a preset service port, and determining a target service corresponding to the preset service port;
determining at least one preset normal access track corresponding to the target service according to a preset access flow;
acquiring an actual access track of a current access behavior, and comparing the actual access track with the consistency of each preset normal access track;
if the actual access track is consistent with any one of the preset normal access tracks, judging that the current access behavior is a normal access behavior;
and if the actual access track is not consistent with each normal access track, judging that the current access behavior is an abnormal access behavior.
In a second aspect, the present invention provides a server access behavior recognition apparatus, including:
a first determining unit, configured to determine, in response to an access request received by a preset service port, a target service corresponding to the preset service port;
a second determining unit, configured to determine, according to a preset access flow, at least one preset normal access trajectory corresponding to processing the target service;
the comparison unit is used for acquiring an actual access track of the current access behavior and comparing the consistency of the actual access track and each preset normal access track;
a first determination unit, configured to determine that the current access behavior is a normal access behavior if the actual access trajectory matches any one of the preset normal access trajectories;
and the second judging unit is used for judging that the current access behavior is an abnormal access behavior if the actual access trajectory is not consistent with each normal access trajectory.
In a third aspect, the present invention provides a server, comprising: a memory and a processor; the memory stores a program suitable for the processor to execute, so as to implement the server access behavior identification method provided by the first aspect of the present invention.
Based on the above technical solution, the server access behavior identification method provided by the present invention determines, after determining a target service corresponding to a preset service port that receives an access request, at least one preset normal access trajectory corresponding to processing the target service according to a preset access flow, then obtains an actual access trajectory of a current access behavior, and compares the obtained actual access trajectory with the consistency of the aforementioned preset normal access trajectories, determines that the current access behavior is a normal access behavior if the actual access trajectory coincides with any one of the preset normal access trajectories, and determines that the current access behavior is an abnormal access behavior if the actual access trajectory does not coincide with any of the normal access trajectories. The identification method provided by the invention takes the preset normal access track corresponding to the target service as a reference, compares the actual access track corresponding to the current access behavior with the preset normal access track, and judges whether the current access behavior is normal according to the comparison result.
Drawings
The above and other features, advantages and aspects of various embodiments of the present disclosure will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. Throughout the drawings, the same or similar reference numbers refer to the same or similar elements. It should be understood that the drawings are schematic and that elements and features are not necessarily drawn to scale.
Fig. 1 is a flowchart of a method for identifying a server access behavior according to an embodiment of the present invention;
fig. 2 is a flowchart of another method for identifying a server access behavior according to an embodiment of the present invention;
fig. 3 is a block diagram illustrating a structure of a server access behavior recognition apparatus according to an embodiment of the present invention;
fig. 4 is a block diagram illustrating another server access behavior recognition apparatus according to an embodiment of the present invention;
fig. 5 is a block diagram illustrating a structure of still another apparatus for identifying a server access behavior according to an embodiment of the present invention;
fig. 6 is a block diagram illustrating a structure of another apparatus for identifying server access behavior according to an embodiment of the present invention;
fig. 7 is a block diagram illustrating another server access behavior recognition apparatus according to an embodiment of the present invention;
fig. 8 is a block diagram of a server according to an embodiment of the present invention.
Detailed Description
Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure are shown in the drawings, it is to be understood that the present disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but rather are provided for a more thorough and complete understanding of the present disclosure. It should be understood that the drawings and embodiments of the disclosure are for illustration purposes only and are not intended to limit the scope of the disclosure.
The term "include" and variations thereof as used herein are open-ended, i.e., "including but not limited to". The term "based on" is "based, at least in part, on". The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; the term "some embodiments" means "at least some embodiments". Relevant definitions for other terms will be given in the following description.
It should be noted that the terms "first", "second", and the like in the present disclosure are only used for distinguishing different devices, modules or units, and are not used for limiting the order or interdependence relationship of the functions performed by the devices, modules or units.
It is noted that references to "a", "an", and "the" modifications in this disclosure are intended to be illustrative rather than limiting, and that those skilled in the art will recognize that "one or more" may be used unless the context clearly dictates otherwise.
Optionally, referring to fig. 1, fig. 1 is a flowchart of a method for identifying a server access behavior according to an embodiment of the present invention, where the method may include:
s100, responding to an access request received by a preset service port, and determining a target service corresponding to the preset service port.
In the existing application, a passenger can access a server of an airline company through various client sides, and a user can perform relevant operations of a clicked service by clicking a virtual key of corresponding application software on the client side. For example, when clicking a ticket purchasing button, the traveler can perform operations related to ticket purchasing, and when clicking a query button, the traveler can perform operations such as flight information query. For the server of the airline company, along with each click of the passenger, the server receives a corresponding access request from a corresponding preset service port, and further responds to the access request, executes a preset operation or feeds back corresponding information to the user.
In the embodiment of the invention, after receiving an access request of any preset service port, a target service corresponding to the preset service port is determined. For example, if the server receives an access request from an on-duty service port, the on-duty service is the target service described in this embodiment; accordingly, the server receives the access request of the ticket purchasing port, and the ticket purchasing service is the target service in this embodiment. As to how the corresponding relationship between the preset service port and each service is specifically established, the present invention is not limited.
S110, determining at least one preset normal access track corresponding to the processing target service according to the preset access flow.
In the field of civil aviation, an airline company pre-establishes a corresponding business process for each business, and the processing processes of different businesses are often different. The aviation officer executes corresponding business processing flows according to the operation rule of the aviation officer and the specific type of the service product, and when the user accesses the server through the client to handle the businesses, the access flow to the server corresponds to the business processing flow, so that the access flow can be preset in advance for each business according to the known business processing flow, for example, the user wants to handle check-in business, and the normal server access flow is ticket lifting-flight state-check-in. Certainly, in specific applications, the preset access flow of each service may be different from the offline service processing flow, and the airline company may preset the access flow for each service according to its own needs.
Based on the above, in the identification method provided in the embodiment of the present invention, after the target service is determined, at least one preset normal access track corresponding to the processing of the target service is further determined according to the preset access flow. In the former case, when a passenger transacts check-in service, the normal access track on the server corresponds to ticket extraction, flight state inquiry and check-in.
Optionally, in a specific implementation, a preset normal access trajectory set may be set in the server for each service, where the set includes all possible normal access trajectories corresponding to the service; or, establishing a mapping relation between the service and the preset normal access track, after determining the target service, inquiring the mapping relation corresponding to the target service, and directly obtaining all the preset normal access tracks.
It is conceivable that the setting of the preset normal access trajectory should also take into account the fact that the access line of the traveler has a great randomness and a great part of the access behavior is not performed according to the established operation sequence.
And S120, acquiring an actual access track of the current access behavior.
The access behavior is directly interactive with the server, so the server can directly obtain the actual access track of the current access behavior.
S130, judging whether the actual access track is consistent with each preset normal access track, if so, executing S140, and if not, executing S150.
After the actual access trajectory and the preset normal access trajectory corresponding to the target service are obtained, the identification method provided by this embodiment further performs consistency comparison between the actual access trajectory and each preset normal access trajectory, and if the actual access trajectory matches any one of the preset normal access trajectories, executes S140; on the contrary, if the actual access trajectory does not coincide with each of the preset normal access trajectories, S150 is performed.
And S140, judging the current access behavior to be a normal access behavior.
And under the condition that the actual access track of the current access behavior is consistent with any one of the preset normal access tracks, judging that the current access behavior is the normal access behavior and is not the access initiated by the machine crawler.
And S150, judging that the current access behavior is an abnormal access behavior.
And under the condition that the actual access track of the current access behavior is not consistent with each preset normal access track, preliminarily judging that the current access behavior is an abnormal access behavior.
Optionally, for abnormal access behavior, the embodiment of the present invention provides a method for further distinguishing.
After the target service is determined, at least one typical abnormal access track corresponding to the target service can be determined according to a preset access flow. For the setting of the typical abnormal access trajectory, the setting method is similar to that of the preset normal access trajectory, and the setting can be implemented by referring to the preset normal access trajectory during specific setting, which is not described herein again.
And if the actual access track of the current access behavior is consistent with any one of the typical abnormal access tracks, judging that the current access behavior is an abnormal access behavior, and if the actual access track of the current access behavior is not consistent with any one of the typical abnormal access tracks, judging that the current access behavior is an undetermined access behavior.
Further, for the pending access behavior, the embodiment of the present invention provides a method for further identification based on the service verification ratio. Firstly, counting a service check ratio corresponding to an actual access track, then comparing the size relationship between the service check ratio of the current access behavior and a preset check ratio threshold, if the service check ratio is greater than the preset check ratio threshold, sending preset notification information representing that the undetermined access behavior exists, optionally, sending the preset notification information to a background, and carrying out manual intervention processing. Correspondingly, if the service check ratio is less than or equal to the preset check ratio threshold, the current access behavior is determined to be a normal access behavior.
It is conceivable that the setting of the preset check ratio threshold value may be performed according to an actual check ratio counted by the airline company when the passenger accesses the server.
In summary, the identification method provided by the present invention compares the actual access track corresponding to the current access behavior with the preset normal access track based on the preset normal access track corresponding to the target service, and determines whether the current access behavior is normal according to the comparison result.
It is to be noted that the flow charts in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Optionally, referring to fig. 2, fig. 2 is a flowchart of another method for identifying a server access behavior according to an embodiment of the present invention, and on the basis of the embodiment shown in fig. 1, the embodiment further performs verification and identification on the identity of a passenger. Only the execution steps that are different from the embodiment shown in fig. 1 will be described below, and the rest of the relevant steps can be implemented by referring to the implementation process of the embodiment shown in fig. 1.
S200, resolving the access request to obtain the passenger identity information.
Optionally, the access request received by the preset service port may further include passenger identification information, and after the access request is obtained, the access request is analyzed, so that the passenger identification information is obtained.
Optionally, in order to improve the reliability of the passenger identification information, the server may also participate in the setting process of the passenger identification information. Specifically, the server first obtains the passenger identity information provided by the client, then encrypts the obtained passenger identity information according to a preset encryption rule to obtain an encrypted ciphertext, and further adds a preset validity period to the obtained encrypted ciphertext to obtain the passenger identity information with the preset validity period.
Optionally, the passenger identity information may be information that can uniquely represent the identity of the passenger, such as identity card information and ticket information of the passenger.
After the passenger identity information is generated, the passenger identity information is fed back to the client, and when the client initiates an access request, the access request including the passenger identity information can be generated.
S210, judging whether the passenger identification information is valid, if so, executing S220, and if not, executing S150.
Optionally, the server first verifies the authenticity of the passenger identification information. As described above, the passenger identification information of the client is provided by the server, and therefore, the server itself can store each piece of passenger identification information generated by the server in a preset storage region, and traverse the preset storage region after analyzing the passenger identification information, and if the passenger identification information obtained by analysis is stored in the preset storage region, it can be determined that the passenger identification information is real. Of course, other authentication methods may be used, and are not listed here.
As mentioned above, the passenger identification information is provided with a preset validity period, and if the passenger identification information is true and is within the preset validity period, the passenger identification information is determined to be valid; on the contrary, if the obtained passenger identification information is false or not within the preset validity period, the passenger identification information is determined to be invalid.
Optionally, if the obtained passenger identification information is true and is only not within the preset validity period, the preset validity period of the passenger identification information may be updated, so that the passenger may continue to use the passenger identification information. Of course, after the validity period of updating the passenger identification information, a notification may also be sent to the background.
S220, judging whether the actual access track is consistent with each preset normal access track, if so, executing S140, and if not, executing S150.
Optionally, the optional implementation process of S220 may refer to the content of S130 in the embodiment shown in fig. 1, and will not be repeated here. If the actual access trajectory coincides with any one of the preset normal access trajectories, executing S140; on the contrary, if the actual access trajectory does not coincide with each of the preset normal access trajectories, S150 is performed.
In summary, by the server access behavior recognition method provided by the embodiment of the present invention, based on the embodiment shown in fig. 1, the identity of the passenger is further verified, if the passenger identification information is invalid, the passenger is directly determined as an abnormal access behavior, if the passenger identification information is valid, the actual access trajectory is further determined, and through multiple determinations, the accuracy of the access behavior recognition result can be effectively improved.
It should be noted that while the operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order. Under certain circumstances, multitasking and parallel processing may be advantageous.
It should be understood that the various steps recited in the method embodiments of the present disclosure may be performed in a different order, and/or performed in parallel. Moreover, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the present disclosure is not limited in this respect.
The server access behavior recognition apparatus provided in the embodiment of the present invention is introduced below, and the server access behavior recognition apparatus described below may be regarded as a functional module architecture that needs to be set in the central device to implement the server access behavior recognition method provided in the embodiment of the present invention; the following description may be cross-referenced with the above.
Fig. 3 is a block diagram of a server access behavior recognition apparatus according to an embodiment of the present invention, and referring to fig. 3, the apparatus may include:
a first determining unit 10, configured to respond to an access request received by a preset service port, and determine a target service corresponding to the preset service port;
a second determining unit 20, configured to determine, according to a preset access flow, at least one preset normal access trajectory corresponding to the processing of the target service;
a comparison unit 30, configured to obtain an actual access trajectory of a current access behavior, and compare consistency between the actual access trajectory and each preset normal access trajectory;
a first determining unit 40, configured to determine that the current access behavior is a normal access behavior if the actual access trajectory matches any one of the preset normal access trajectories;
a second determining unit 50, configured to determine that the current access behavior is an abnormal access behavior if the actual access trajectory does not match each of the normal access trajectories.
Optionally, the second determining unit 50 is configured to determine that the current access behavior is an abnormal access behavior, and includes:
determining at least one typical abnormal access track corresponding to the target service according to the preset access flow;
if the actual access track is consistent with any one of the typical abnormal access tracks, judging that the current access behavior is an abnormal access behavior;
and if the actual access track is not consistent with each typical abnormal access track, judging that the current access behavior is an undetermined access behavior.
Optionally, the access request includes passenger identification information, and the comparing unit 30 is configured to, when comparing the actual access trajectory with the consistency of each preset normal access trajectory, specifically include:
analyzing the access request to obtain the passenger identity information;
judging whether the passenger identification information is valid;
if the passenger identity identification information is valid, comparing the consistency of the actual access track with each preset normal access track;
and if the passenger identification information is invalid, judging that the current access behavior is an abnormal access behavior.
Optionally, the passenger identification information includes a preset validity period, and the comparing unit 30 is configured to determine whether the passenger identification information is valid, and specifically includes:
verifying the authenticity of the passenger identification information;
if the passenger identity information is true and is within the preset validity period, judging that the passenger identity information is valid;
and if the passenger identification information is false or not in the preset validity period, judging that the passenger identification information is invalid.
Optionally, referring to fig. 4, fig. 4 is a block diagram of another structure of a server access behavior recognition apparatus according to an embodiment of the present invention, where on the basis of the embodiment shown in fig. 3, the apparatus further includes:
an updating unit 60, configured to update the preset validity period of the passenger id information if the passenger id information is true and is not within the preset validity period.
Optionally, referring to fig. 5, fig. 5 is a block diagram of a structure of a server access behavior recognition apparatus according to another embodiment of the present invention, where on the basis of the embodiment shown in fig. 3, the apparatus further includes:
a statistic unit 70, configured to count a service determination ratio corresponding to the actual access trajectory;
a sending unit 80, configured to send a preset notification message indicating that an undetermined access behavior exists if the service determination ratio is greater than a preset determination ratio threshold;
a third determining unit 90, configured to determine that the current access behavior is a normal access behavior if the service verification ratio is less than or equal to the verification ratio threshold.
Optionally, referring to fig. 6, fig. 6 is a block diagram of a structure of another server access behavior recognition apparatus according to an embodiment of the present invention, where on the basis of the embodiment shown in fig. 3, the apparatus further includes:
an obtaining unit 100, configured to obtain passenger identity information;
the encryption unit 110 is configured to encrypt the passenger identity information according to a preset encryption rule to obtain an encrypted ciphertext;
a setting unit 120, configured to add the preset validity period to the encrypted ciphertext to obtain the passenger identity information.
Optionally, referring to fig. 7, fig. 7 is a block diagram of another structure of a server access behavior recognition apparatus according to an embodiment of the present invention, where on the basis of the embodiment shown in fig. 6, the apparatus further includes:
a feedback unit 130, configured to feed back the passenger identification information to a client, so that the client generates an access request including the passenger identification information.
It should be noted that the units described in the embodiments of the present disclosure may be implemented by software, and may also be implemented by hardware. Where the name of a unit does not in some cases constitute a limitation of the unit itself, for example, the first determination unit may also be described as a "unit that determines a target service".
Referring now to FIG. 8, a block diagram of a server 600 suitable for use in implementing embodiments of the present disclosure is shown. The server 600 may include a processing device (e.g., central processing unit, graphics processor, etc.) 601 that may perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)602 or a program loaded from a storage device 606 into a Random Access Memory (RAM) 603. The memory stores a program suitable for being executed by the processor to implement the server access behavior identification method provided by any one of the above embodiments of the present invention. In the RAM 603, various programs and data necessary for the operation of the electronic apparatus 600 are also stored. The processing device 601, the ROM 602, and the RAM 603 are connected to each other via a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
Generally, the following devices may be connected to the I/O interface 605: input devices 606 including, for example, a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; output devices 607 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 606 including, for example, magnetic tape, hard disk, etc.; and a communication device 609. The communication means 609 may allow the electronic device 600 to communicate with other devices wirelessly or by wire to exchange data. While fig. 8 illustrates a server 600 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided.
Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.
While several specific implementation details are included in the above discussion, these should not be construed as limitations on the scope of the disclosure. Certain features that are described in the context of separate embodiments can also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment can also be implemented in multiple embodiments separately or in any suitable subcombination.
The foregoing description is only exemplary of the preferred embodiments of the disclosure and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the disclosure herein is not limited to the particular combination of features described above, but also encompasses other embodiments in which any combination of the features described above or their equivalents does not depart from the spirit of the disclosure. For example, the above features and (but not limited to) the features disclosed in this disclosure having similar functions are replaced with each other to form the technical solution.
Claims (10)
1. A method for identifying server access behavior, comprising:
responding to an access request received by a preset service port, and determining a target service corresponding to the preset service port;
determining at least one preset normal access track corresponding to the target service according to a preset access flow;
acquiring an actual access track of a current access behavior, and comparing the actual access track with the consistency of each preset normal access track;
if the actual access track is consistent with any one of the preset normal access tracks, judging that the current access behavior is a normal access behavior;
and if the actual access track is not consistent with each normal access track, judging that the current access behavior is an abnormal access behavior.
2. The method according to claim 1, wherein the determining that the current access behavior is an abnormal access behavior includes:
determining at least one typical abnormal access track corresponding to the target service according to the preset access flow;
if the actual access track is consistent with any one of the typical abnormal access tracks, judging that the current access behavior is an abnormal access behavior;
and if the actual access track is not consistent with each typical abnormal access track, judging that the current access behavior is an undetermined access behavior.
3. The method for identifying the access behavior of the server according to claim 2, further comprising, after determining that the current access behavior is a pending access behavior:
counting a service check ratio corresponding to the actual access track;
if the service check ratio is larger than a preset check ratio threshold value, sending preset notification information representing that the pending access behavior exists;
and if the service check ratio is less than or equal to the preset check ratio threshold, judging the current access behavior as a normal access behavior.
4. The method according to claim 1, wherein the access request includes passenger identification information, and the comparing the consistency between the actual access trajectory and each of the preset normal access trajectories includes:
analyzing the access request to obtain the passenger identity information;
judging whether the passenger identification information is valid;
if the passenger identity identification information is valid, comparing the consistency of the actual access track with each preset normal access track;
and if the passenger identification information is invalid, judging that the current access behavior is an abnormal access behavior.
5. The method according to claim 4, wherein the passenger identification information includes a preset validity period, and the determining whether the passenger identification information is valid includes:
verifying the authenticity of the passenger identification information;
if the passenger identity information is true and is within the preset validity period, judging that the passenger identity information is valid;
and if the passenger identification information is false or not in the preset validity period, judging that the passenger identification information is invalid.
6. The method for identifying server access behavior according to claim 5, further comprising:
and if the passenger identity information is true and is not in the preset validity period, updating the preset validity period of the passenger identity information.
7. The server access behavior recognition method of any of claims 5-6, further comprising:
acquiring passenger identity information;
encrypting the passenger identity information according to a preset encryption rule to obtain an encrypted ciphertext;
and adding the preset validity period to the encrypted ciphertext to obtain the passenger identity information.
8. The method for identifying server access behavior according to claim 7, further comprising:
and feeding back the passenger identification information to a client so as to enable the client to generate an access request comprising the passenger identification information.
9. An apparatus for identifying a server access behavior, comprising:
a first determining unit, configured to determine, in response to an access request received by a preset service port, a target service corresponding to the preset service port;
a second determining unit, configured to determine, according to a preset access flow, at least one preset normal access trajectory corresponding to processing the target service;
the comparison unit is used for acquiring an actual access track of the current access behavior and comparing the consistency of the actual access track and each preset normal access track;
a first determination unit, configured to determine that the current access behavior is a normal access behavior if the actual access trajectory matches any one of the preset normal access trajectories;
and the second judging unit is used for judging that the current access behavior is an abnormal access behavior if the actual access trajectory is not consistent with each normal access trajectory.
10. A server, comprising: a memory and a processor; the memory stores a program adapted to be executed by the processor to implement the server access behavior recognition method according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010817655.3A CN111970269B (en) | 2020-08-14 | 2020-08-14 | Server access behavior identification method and device and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010817655.3A CN111970269B (en) | 2020-08-14 | 2020-08-14 | Server access behavior identification method and device and server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111970269A true CN111970269A (en) | 2020-11-20 |
| CN111970269B CN111970269B (en) | 2022-04-08 |
Family
ID=73366054
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010817655.3A Active CN111970269B (en) | 2020-08-14 | 2020-08-14 | Server access behavior identification method and device and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111970269B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112231700A (en) * | 2020-12-17 | 2021-01-15 | 腾讯科技(深圳)有限公司 | Behavior recognition method and apparatus, storage medium, and electronic device |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1259894A2 (en) * | 2000-02-11 | 2002-11-27 | Farelogix Inc. | Realtime online travel information and reservations systems and service |
| EP1501035A1 (en) * | 2003-07-21 | 2005-01-26 | Emirates | System and method for processing flight booking request |
| WO2012104229A1 (en) * | 2011-01-31 | 2012-08-09 | Sita Information Networking Computing Uk Limited | Improved inventory system and method therefor |
| US20140214461A1 (en) * | 2003-07-03 | 2014-07-31 | Priceline.Com Llc | Indexing travel accommodations in a network environment |
| CN106779126A (en) * | 2016-12-30 | 2017-05-31 | 中国民航信息网络股份有限公司 | Malice accounts for the processing method and system of an order |
| CN108628998A (en) * | 2018-05-02 | 2018-10-09 | 百度在线网络技术(北京)有限公司 | A kind of air ticket, which is looked into, to be ordered than control method, device, server and storage medium |
| CN111339122A (en) * | 2020-02-13 | 2020-06-26 | 南京意博软件科技有限公司 | Active caching method of travel platform, travel query method and related products |
-
2020
- 2020-08-14 CN CN202010817655.3A patent/CN111970269B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1259894A2 (en) * | 2000-02-11 | 2002-11-27 | Farelogix Inc. | Realtime online travel information and reservations systems and service |
| US20140214461A1 (en) * | 2003-07-03 | 2014-07-31 | Priceline.Com Llc | Indexing travel accommodations in a network environment |
| EP1501035A1 (en) * | 2003-07-21 | 2005-01-26 | Emirates | System and method for processing flight booking request |
| WO2012104229A1 (en) * | 2011-01-31 | 2012-08-09 | Sita Information Networking Computing Uk Limited | Improved inventory system and method therefor |
| CN106779126A (en) * | 2016-12-30 | 2017-05-31 | 中国民航信息网络股份有限公司 | Malice accounts for the processing method and system of an order |
| CN108628998A (en) * | 2018-05-02 | 2018-10-09 | 百度在线网络技术(北京)有限公司 | A kind of air ticket, which is looked into, to be ordered than control method, device, server and storage medium |
| CN111339122A (en) * | 2020-02-13 | 2020-06-26 | 南京意博软件科技有限公司 | Active caching method of travel platform, travel query method and related products |
Non-Patent Citations (6)
| Title |
|---|
| 吴向阳等: "面向订票服务器端爬虫的可视检测方法研究", 《计算机辅助设计与图形学学报》 * |
| 宋超: "试论计算机网站技术在铁道网络的应用", 《电脑编程技巧与维护》 * |
| 航旅IT圈: ""说说航空公司网站的反爬虫"", 《HTTPS://WWW.SOHU.COM/A/215557046_311208》 * |
| 贾宇清等: "数据同步新机制在民航实时交易系统中的应用", 《中国民航大学学报》 * |
| 邱鹏等: "基于用户行为分析的在线订票系统缓存优化策略研究", 《计算机与现代化》 * |
| 陈万烤: ""航空订票服务器爬虫检测技术研究"", 《中国优秀硕士学位论文全文数据库(电子期刊) 信息科技辑》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112231700A (en) * | 2020-12-17 | 2021-01-15 | 腾讯科技(深圳)有限公司 | Behavior recognition method and apparatus, storage medium, and electronic device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111970269B (en) | 2022-04-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11176573B2 (en) | Authenticating users for accurate online audience measurement | |
| CN108199852B (en) | Authentication method, authentication system and computer readable storage medium | |
| CN111917773B (en) | Service data processing method and device and server | |
| CN108885666B (en) | System and method for detecting and preventing counterfeiting | |
| CN108352021B (en) | Method and system for authentication data collection and reporting associated with online transactions | |
| US9230066B1 (en) | Assessing risk for third-party data collectors | |
| CN106650350B (en) | Identity authentication method and system | |
| CN108521405B (en) | Risk control method and device and storage medium | |
| CN108681676B (en) | Data management method and apparatus, system, electronic device, program, and storage medium | |
| US11429698B2 (en) | Method and apparatus for identity authentication, server and computer readable medium | |
| CN112966168B (en) | Business label query method and device for realizing privacy protection | |
| CN111970269B (en) | Server access behavior identification method and device and server | |
| CN111371889B (en) | Message processing method and device, internet of things system and storage medium | |
| CN110336787B (en) | Data encryption method and device, computer equipment and storage medium | |
| US20230046813A1 (en) | Selecting communication schemes based on machine learning model predictions | |
| CN112182520A (en) | Illegal account identification method and device, readable medium and electronic equipment | |
| CN114826604A (en) | Applet login verification method, device and equipment based on face recognition and storage medium | |
| CN108881513B (en) | Method, device, equipment and storage medium for generating equipment code | |
| US11468084B2 (en) | Information processing device, and image data generating device | |
| CN111832015A (en) | Abnormal request identification method, device, system, medium and electronic equipment | |
| KR101874174B1 (en) | Method and apparatus for personal authentication on business transaction based on network | |
| CN109639688A (en) | A kind of Internet of Things security protection system and its means of defence | |
| US10009330B1 (en) | Method, apparatus and article of manufacture for fast tracking authentication | |
| CN111611473A (en) | Information push processing method and device, storage medium and terminal | |
| CN107612763A (en) | Metadata management method, application server, operation system, medium and controller |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |