CN112702321A - Distributed transaction current limiting method, device, equipment and storage medium - Google Patents
Distributed transaction current limiting method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN112702321A CN112702321A CN202011482247.3A CN202011482247A CN112702321A CN 112702321 A CN112702321 A CN 112702321A CN 202011482247 A CN202011482247 A CN 202011482247A CN 112702321 A CN112702321 A CN 112702321A
- Authority
- CN
- China
- Prior art keywords
- transaction
- current limiting
- preset
- behavior
- flow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000000670 limiting effect Effects 0.000 title claims abstract description 190
- 238000000034 method Methods 0.000 title claims abstract description 63
- 230000007123 defense Effects 0.000 claims abstract description 102
- 230000006399 behavior Effects 0.000 claims description 220
- 238000004458 analytical method Methods 0.000 claims description 14
- 238000010219 correlation analysis Methods 0.000 claims description 13
- 238000012300 Sequence Analysis Methods 0.000 claims description 9
- 238000012882 sequential analysis Methods 0.000 claims description 9
- 238000012360 testing method Methods 0.000 claims description 5
- 238000005516 engineering process Methods 0.000 abstract description 7
- 238000004891 communication Methods 0.000 description 16
- 230000002159 abnormal effect Effects 0.000 description 8
- 206010000117 Abnormal behaviour Diseases 0.000 description 7
- 230000008569 process Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000005856 abnormality Effects 0.000 description 3
- 238000001514 detection method Methods 0.000 description 3
- 230000035772 mutation Effects 0.000 description 3
- 238000007476 Maximum Likelihood Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000003213 activating effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000011109 contamination Methods 0.000 description 1
- 230000001066 destructive effect Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000001617 sequential probability ratio test Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention belongs to the technical field of computer security, and discloses a distributed transaction current limiting method, a distributed transaction current limiting device, distributed transaction current limiting equipment and a storage medium. The method comprises the steps of obtaining transaction behavior statistical parameters of a user according to a transaction request data packet; judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not, and generating a defense request and sending the defense request to a defense request server when the transaction behavior statistical parameters do not accord with the preset transaction behavior parameters so that the defense request server determines a current limiting node through the defense request and a preset current limiting decision; and receiving a current limiting node fed back by the defense request server, and controlling the transaction flow of the user according to the current limiting node. In the invention, the transaction flow of the user on the financial platform is controlled by adopting a flow rate limiting technology, the limited network resources of the financial platform are ensured not to be consumed by the attack flow, the flow is controlled within the bearing capacity range of the limited resources, and the distributed transaction flow limiting method can effectively resist DDoS attack.
Description
Technical Field
The invention relates to the technical field of computer security, in particular to a distributed transaction current limiting method, a distributed transaction current limiting device, distributed transaction current limiting equipment and a storage medium.
Background
With the rapid development of modern financial platforms, the requirements of users on the network service capability of the financial platforms are increasingly increased. Due to the limitation of network bandwidth, network facilities and other factors, the efficiency of financial platform network service can be improved through a distributed network at present, a typical distributed network can realize that a user can visit the content of a financial platform nearby, and the transaction efficiency of the financial platform is greatly improved.
However, a Denial of Service (DoS) attack is an attack form that makes a legitimate user unable to obtain a normal Service response, and an attacker generally has stronger power in a Distributed Denial of Service (DDoS) attack that uses a large amount of illegal attack packets to occupy too many Service resources to achieve the purpose of an attack, and uses a large amount of puppet hosts to complete a larger scale Denial of Service attack. Because existing attack tools are rampant on the network, the attack is easier to launch, and network worm viruses abused in recent years also play a role in promoting the development of DDoS attack, at present, the DDoS attack becomes the most threatening and destructive attack form in the financial platform transaction network, so that the financial platform has great transaction risk.
The above is only for the purpose of assisting understanding of the technical aspects of the present invention, and does not represent an admission that the above is prior art.
Disclosure of Invention
The invention mainly aims to provide a distributed transaction current limiting method, a distributed transaction current limiting device, distributed transaction current limiting equipment and a storage medium, and aims to solve the technical problem that a financial platform transaction network has great transaction risk due to existing distributed denial of service attacks.
In order to achieve the above object, the present invention provides a distributed transaction current limiting method, which comprises the following steps:
when a transaction request data packet of a user is received, acquiring transaction behavior statistical parameters of the user according to the transaction request data packet;
judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not;
when the transaction behavior statistical parameters do not accord with the preset transaction behavior parameters, generating a defense request and sending the defense request to a defense request server so that the defense request server determines a current limiting node through the defense request and a preset current limiting decision;
and receiving the current limiting node fed back by the defense request server, and controlling the transaction flow of the user according to the current limiting node.
Optionally, the step of determining whether the transaction behavior statistical parameter meets a preset transaction behavior parameter includes:
acquiring a predicted normal behavior flow value according to the preset transaction behavior parameters, and acquiring a current transaction behavior flow value according to the transaction behavior statistical parameters;
comparing the predicted normal behavior flow value with the current transaction behavior flow value to obtain a transaction flow innovation sequence;
and analyzing the transaction flow innovation sequence, and judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not according to the analysis result.
Optionally, the step of analyzing the transaction flow information sequence and judging whether the transaction behavior statistical parameter meets a preset transaction behavior parameter according to the analysis result includes:
determining corresponding statistical characteristics according to the transaction flow innovation sequence;
analyzing the statistical characteristics based on a preset multivariate sequential analysis algorithm to obtain sample statistics;
performing correlation analysis on the sample statistics according to a preset correlation test algorithm to obtain a correlation analysis result;
and judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not according to the correlation analysis result.
Optionally, the step of obtaining the transaction behavior statistical parameter of the user according to the transaction request data packet includes:
acquiring a data packet header and time sequence information according to the transaction request data packet;
acquiring the header of the data packet and the characteristic information of the time sequence information, and generating a current transaction behavior flow value according to the characteristic information;
and generating a transaction behavior statistical parameter of the user according to the current transaction behavior flow value.
Optionally, before the step of determining whether the transaction behavior statistical parameter meets a preset transaction behavior parameter, the method further includes:
constructing a normal transaction flow model;
acquiring a predicted normal behavior flow value through the transaction normal flow model based on a preset time sequence analysis algorithm;
and generating a preset transaction behavior parameter according to the predicted normal behavior flow value.
Optionally, the step of generating a defense request and sending the defense request to a defense request server so that the defense request server determines a current limiting node through the defense request and a preset current limiting decision includes:
generating a defense request and sending the defense request to a defense request server so that the defense request server constructs a flow tree through the defense request and a preset attack source tracking strategy, determining a target attack sub-tree according to the flow tree, and determining a current limiting node through the target attack sub-tree according to a preset current limiting decision.
Optionally, the step of controlling the user transaction flow according to the flow limiting node, where the flow limiting node receives the feedback of the defense request server, includes:
receiving a current limiting node fed back by the defense request server, and determining leaf node information corresponding to the current limiting node;
determining a current limit corresponding to a current limit node according to the leaf node information, and determining a preset packet loss probability according to the preset current limit decision;
and controlling the transaction flow of the user according to the current limit and the preset packet loss probability.
In addition, to achieve the above object, the present invention further provides a distributed transaction current limiting device, including:
the acquisition module is used for acquiring transaction behavior statistical parameters of a user according to a transaction request data packet when the transaction request data packet of the user is received;
the judging module is used for judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not;
the decision module is used for generating a defense request and sending the defense request to a defense request server when the transaction behavior statistical parameter does not accord with the preset transaction behavior parameter, so that the defense request server determines a current limiting node through the defense request and a preset current limiting decision;
and the control module is used for receiving the current limiting node fed back by the defense request server and controlling the transaction flow of the user according to the current limiting node.
In addition, to achieve the above object, the present invention further provides a distributed transaction current limiting device, which is characterized in that the distributed transaction current limiting device includes: a memory, a processor, and a distributed transaction current limiting program stored on the memory and executable on the processor, the distributed transaction current limiting program configured to implement the steps of the distributed transaction current limiting method as described above.
In addition, to achieve the above object, the present invention further provides a storage medium, wherein the storage medium stores a distributed transaction current limiting program, and the distributed transaction current limiting program, when executed by a processor, implements the steps of the distributed transaction current limiting method as described above.
When a transaction request data packet of a user is received, acquiring transaction behavior statistical parameters of the user according to the transaction request data packet; judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not; when the transaction behavior statistical parameters do not accord with the preset transaction behavior parameters, generating a defense request and sending the defense request to a defense request server so that the defense request server determines a current limiting node through the defense request and a preset current limiting decision; and receiving the current limiting node fed back by the defense request server, and controlling the transaction flow of the user according to the current limiting node. In the invention, the transaction flow of a user on a financial platform is controlled by adopting a flow rate limiting technology, the limited network resources of the financial platform are ensured not to be consumed by attack flows, and the flow is controlled within the bearing capacity range of the limited resources.
Drawings
Fig. 1 is a schematic structural diagram of a distributed transaction current limiting device of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flow chart illustrating a distributed transaction throttling method according to a first embodiment of the present invention;
FIG. 3 is a flow chart illustrating a distributed transaction throttling method according to a second embodiment of the present invention;
FIG. 4 is a flow chart illustrating a distributed transaction throttling method according to a third embodiment of the present invention;
fig. 5 is a block diagram illustrating a first embodiment of a distributed transaction current limiting apparatus according to the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a distributed transaction current limiting device in a hardware operating environment according to an embodiment of the present invention.
As shown in fig. 1, the distributed transaction current limiting device may include: a processor 1001, such as a Central Processing Unit (CPU), a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a WIreless interface (e.g., a WIreless-FIdelity (WI-FI) interface). The Memory 1005 may be a Random Access Memory (RAM) Memory, or may be a Non-Volatile Memory (NVM), such as a disk Memory. The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the configuration shown in fig. 1 does not constitute a limitation of the distributed transaction current limiting device and may include more or fewer components than shown, or some components in combination, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a storage medium, may include therein an operating system, a network communication module, a user interface module, and a distributed transaction current limiting program.
In the distributed transaction throttling device shown in fig. 1, the network interface 1004 is mainly used for data communication with a network server; the user interface 1003 is mainly used for data interaction with a user; the processor 1001 and the memory 1005 in the distributed transaction current limiting device of the present invention may be disposed in the distributed transaction current limiting device, and the distributed transaction current limiting device invokes the distributed transaction current limiting program stored in the memory 1005 through the processor 1001 and executes the distributed transaction current limiting method provided by the embodiment of the present invention.
An embodiment of the present invention provides a distributed transaction current limiting method, and referring to fig. 2, fig. 2 is a schematic flow diagram of a first embodiment of a distributed transaction current limiting method according to the present invention.
In this embodiment, the distributed transaction current limiting method includes the following steps:
step S10: and when a transaction request data packet of a user is received, acquiring transaction behavior statistical parameters of the user according to the transaction request data packet.
It should be noted that the execution main body of this embodiment is the distributed transaction current limiting device, and the distributed transaction current limiting device may be an electronic device such as a personal computer or a server, which is not limited in this embodiment. When a transaction request data packet of a user is received, the transaction behavior statistical parameters of the user are obtained according to the transaction request data packet, and the method can be implemented in various ways, and two ways are described below as an example, and certainly, the method can also be implemented by combining at least two ways. In addition, the manner of obtaining the transaction behavior statistical parameter of the user according to the transaction request data packet may also be other manners according to actual needs, which is not limited in this embodiment. The transaction request of the user may be operations of registering, trading, transferring, passing through the account of the financial asset on the financial platform, and the like, and the specific transaction operation is not limited in this embodiment.
Specifically, one of the ways to obtain the transaction behavior statistical parameter of the user according to the transaction request data packet is as follows: acquiring a data packet header and time sequence information according to the transaction request data packet; acquiring the header of the data packet and the characteristic information of the time sequence information, and generating a current transaction behavior flow value according to the characteristic information; and generating a transaction behavior statistical parameter of the user according to the current transaction behavior flow value. The method comprises the steps of obtaining a transaction request data packet of a current system network, carrying out characteristic data acquisition on behavior characteristics of the transaction request data packet, obtaining a data packet header and time sequence information, mainly focusing on the time variation trend of specific parameters in the transaction request data packet, and extracting the time sequence of the specific parameters to obtain the time sequence information. Further, detection analysis may be performed using time-series characteristic changes of a plurality of parameters, and a wider range of flow rate abnormalities can be detected.
Specifically, another way of obtaining the transaction behavior statistical parameter of the user according to the transaction request data packet is as follows: acquiring a transaction request data packet of a current system network, performing characteristic data acquisition on behavior characteristics of the transaction request data packet, extracting network behavior statistical parameters by analyzing the acquired characteristic data, and taking the network behavior statistical parameters as transaction behavior statistical parameters of a user.
Step S20: and judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters.
It should be understood that, before performing distributed transaction throttling on a transaction request of a user, a preset transaction behavior parameter needs to be set, and the manner of setting the preset transaction behavior parameter may be implemented in various manners, which is described below by taking one manner as an example, of course, the manner of setting the preset transaction behavior parameter may also be other manners according to actual needs, which is not limited in this embodiment. Specifically, one of the ways to obtain the transaction behavior statistical parameter of the user according to the transaction request data packet is as follows: constructing a normal transaction flow model; acquiring a predicted normal behavior flow value through the transaction normal flow model based on a preset time sequence analysis algorithm; and generating a preset transaction behavior parameter according to the predicted normal behavior flow value.
It is easy to understand that the typical distributed network can realize that the user can visit the financial platform content nearby, and greatly improves the financial platform transaction efficiency. However, the distributed network is widely distributed on a plurality of links in the financial platform communication network, which causes attack influence on the financial platform communication network at the same time, the network is abnormally distributed on a plurality of links in the financial platform communication network, and a single branch link has small abnormal flow and is not easy to be noticed, but the plurality of links are summarized, so that the total abnormal flow is large, which can cause great influence on the operation of the financial platform communication network. In this embodiment, a predicted normal behavior flow value is obtained by using a preset time sequence analysis algorithm in combination with characteristic information of a distributed network traffic anomaly in a financial platform communication network, and the predicted normal behavior flow value is compared with a current transaction behavior flow value to generate a transaction traffic innovation sequence of network traffic.
Specifically, a predicted normal behavior flow value is obtained according to the preset transaction behavior parameters, and a current transaction behavior flow value is obtained according to the transaction behavior statistical parameters; comparing the predicted normal behavior flow value with the current transaction behavior flow value to obtain a transaction flow innovation sequence; and analyzing the transaction flow innovation sequence, and judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not according to the analysis result. The characteristics of transaction flow information sequences of a plurality of links can be analyzed through a sequential analysis method to judge whether the transaction behavior statistical parameters meet preset transaction behavior parameters, namely whether abnormal behavior of distributed network flow occurs or not is analyzed, and then the transaction flow of a user is controlled.
Step S30: and when the transaction behavior statistical parameters do not accord with the preset transaction behavior parameters, generating a defense request and sending the defense request to a defense request server so that the defense request server determines a current limiting node through the defense request and a preset current limiting decision.
It should be noted that when the statistical transaction behavior parameters are judged to be not in accordance with the preset transaction behavior parameters, the distributed abnormal network traffic behavior is analyzed, the current limiting node needs to be determined, and then the user transaction traffic is controlled according to the current limiting node. Specifically, a defense request is generated and sent to a defense request server, so that the defense request server constructs a flow tree through the defense request and a preset attack source tracking strategy, a target attack sub-tree is determined according to the flow tree, and a current limiting node is determined through the target attack sub-tree according to a preset current limiting decision. The defense request server DSP selects an attack source tracking (IP trace back) technology according to specific conditions, can reconstruct a flow tree taking network flow abnormal behaviors as a root, can separate attack subtrees from the flow tree, can obtain the most appropriate current limiting position, namely a current limiting node, according to an attack source tracking result, wherein the current limiting node is a leaf node of the flow tree, and can know which current limiters the attack flow passes through according to the attack source tracking result, so that the current limiting node can be selected in a targeted manner to limit the current, and the current limiting effect is improved.
Step S40: and receiving the current limiting node fed back by the defense request server, and controlling the transaction flow of the user according to the current limiting node.
It should be understood that the current limiting node fed back by the defense request server is received, and the leaf node information corresponding to the current limiting node is determined; determining a current limit corresponding to a current limit node according to the leaf node information, and determining a preset packet loss probability according to the preset current limit decision; and controlling the transaction flow of the user according to the current limit and the preset packet loss probability. The leaf node information is basic information of each leaf node, the basic information may include, for example, a node IP address, a node state (whether current limiting is being performed, a current limiting limit, a current limiting time limit, whether an attack flow passes through), traffic information collected from the node, and the like, the leaf node information is an important basis for controlling a user transaction traffic, and the leaf node information may also store a current limiting result obtained by a preset current limiting decision.
In the embodiment, when a transaction request data packet of a user is received, transaction behavior statistical parameters of the user are obtained according to the transaction request data packet; judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not; when the transaction behavior statistical parameters do not accord with the preset transaction behavior parameters, generating a defense request and sending the defense request to a defense request server so that the defense request server determines a current limiting node through the defense request and a preset current limiting decision; and receiving the current limiting node fed back by the defense request server, and controlling the transaction flow of the user according to the current limiting node. In the embodiment, the transaction flow of the user on the financial platform is controlled by adopting a flow rate limiting technology, the limited network resources of the financial platform are guaranteed not to be consumed by the attack flow, the flow is controlled within the bearing capacity range of the limited resources, the DDoS attack can be effectively resisted by the distributed transaction flow limiting method, and the technical problem that the transaction network of the financial platform has great transaction risk due to the existing distributed denial of service attack is solved.
Referring to fig. 3, fig. 3 is a flowchart illustrating a distributed transaction current limiting method according to a second embodiment of the present invention. Based on the first embodiment, in step S20, the distributed transaction current limiting method in this embodiment specifically includes:
step S201: and acquiring a predicted normal behavior flow value according to the preset transaction behavior parameters, and acquiring a current transaction behavior flow value according to the transaction behavior statistical parameters.
It should be noted that, before performing distributed transaction current limiting on a transaction request of a user, a preset transaction behavior parameter needs to be set, and the manner of setting the preset transaction behavior parameter may be: constructing a normal transaction flow model; acquiring a predicted normal behavior flow value through the transaction normal flow model based on a preset time sequence analysis algorithm; and generating a preset transaction behavior parameter according to the predicted normal behavior flow value. And acquiring a predicted normal behavior flow value according to the preset transaction behavior parameters.
It is easy to understand that, the data packet header and the timing information are obtained according to the transaction request data packet; acquiring the header of the data packet and the characteristic information of the time sequence information, and generating a current transaction behavior flow value according to the characteristic information; and generating a transaction behavior statistical parameter of the user according to the current transaction behavior flow value. The current transaction behavior flow value can be obtained according to the transaction behavior statistical parameters.
Step S202: and comparing the predicted normal behavior flow value with the current transaction behavior flow value to obtain a transaction flow innovation sequence.
It should be appreciated that comparing the predicted normal behavior traffic value with the current transaction behavior traffic value produces a predicted interest sequence of network traffic, which is a transaction traffic interest sequence. In this embodiment, a predicted normal behavior flow value is obtained by using a preset time sequence analysis algorithm in combination with characteristic information of a distributed network traffic anomaly in a financial platform communication network, and the predicted normal behavior flow value is compared with a current transaction behavior flow value to generate a transaction traffic innovation sequence of network traffic. The characteristics of transaction flow information sequences of a plurality of links can be analyzed through a sequential analysis method to judge whether the transaction behavior statistical parameters meet preset transaction behavior parameters, namely whether abnormal behavior of distributed network flow occurs or not is analyzed, and then the transaction flow of a user is controlled.
Step S203: and analyzing the transaction flow innovation sequence, and judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not according to the analysis result.
It should be noted that, the process of analyzing the transaction flow information sequence and judging whether the transaction behavior statistical parameter meets the preset transaction behavior parameter according to the analysis result may be: determining corresponding statistical characteristics according to the transaction flow innovation sequence; analyzing the statistical characteristics based on a preset multivariate sequential analysis algorithm to obtain sample statistics; performing correlation analysis on the sample statistics according to a preset correlation test algorithm to obtain a correlation analysis result; and judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not according to the correlation analysis result. The method comprises the steps of analyzing statistical characteristics of transaction flow information sequences corresponding to a plurality of links based on a preset sequential analysis method, and constructing a log probability likelihood ratio judgment function to obtain sample statistics. The method comprises the steps of utilizing the characteristics that the characteristics of the distributed network abnormity are similar on a plurality of links, analyzing whether the distributed network flow abnormal behavior occurs or not by carrying out correlation analysis on the mutation values of the sample statistics corresponding to the links based on a preset correlation test algorithm, and judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not.
It is easy to understand that the abnormal network behavior sequence can be constructed by presetting a multi-sequential analysis algorithm, so that specific fine components in the network can be prevented from being analyzed, and abnormal spatial features in a network link are extracted for analysis, so that the flow detection is simpler and more convenient. By respectively and sequentially analyzing the transaction flow information sequences in different links on the same node in the network, the log probability likelihood ratio statistic can be obtained, namely the sample statistic is obtained. And reflecting the characteristic information of the transaction flow innovation sequence by using the analysis variable of the mutation value of the maximum likelihood ratio in the sequential probability ratio test, and indirectly analyzing whether distributed abnormality exists in the transaction behavior statistical parameters by analyzing the correlation characteristics of the mutation values of the maximum likelihood ratio in two different links.
In the embodiment, a predicted normal behavior flow value is obtained according to the preset transaction behavior parameters, and a current transaction behavior flow value is obtained according to the transaction behavior statistical parameters; comparing the predicted normal behavior flow value with the current transaction behavior flow value to obtain a transaction flow innovation sequence; and analyzing the transaction flow innovation sequence, and judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not according to the analysis result. In the embodiment, the transaction flow of the user on the financial platform is controlled by adopting a flow rate limiting technology, the limited network resources of the financial platform are guaranteed not to be consumed by the attack flow, the flow is controlled within the bearing capacity range of the limited resources, the DDoS attack can be effectively resisted by the distributed transaction flow limiting method, and the technical problem that the transaction network of the financial platform has great transaction risk due to the existing distributed denial of service attack is solved.
Referring to fig. 4, fig. 4 is a flowchart illustrating a distributed transaction current limiting method according to a third embodiment of the present invention. Based on the first embodiment, in step S40, the distributed transaction current limiting method in this embodiment specifically includes:
step S401: and receiving the current limiting node fed back by the defense request server, and determining the leaf node information corresponding to the current limiting node.
It should be noted that, the defense request server DSP selects an attack source tracing (IP traceback) technique according to specific situations, may reconstruct a traffic tree with network traffic abnormal behavior as a root, and may separate an attack sub-tree from the traffic tree, may obtain the most appropriate current limiting position, i.e., a current limiting node, according to the attack source tracing result, the current limiting node is a leaf node of the traffic tree, and may also know which current limiters the attack flow passes through according to the attack source tracing result, so that the current limiting node may be selected in a targeted manner to limit the current, and improve the current limiting effect.
Specifically, a current limiting node fed back by the defense request server is received, and leaf node information corresponding to the current limiting node is determined; the leaf node information is basic information of each leaf node, the basic information may include, for example, a node IP address, a node state (whether current limiting is being performed, a current limiting limit, a current limiting time limit, whether an attack flow passes through), traffic information collected from the node, and the like, the leaf node information is an important basis for controlling a user transaction traffic, and the leaf node information may also store a current limiting result obtained by a preset current limiting decision.
Step S402: and determining a current limit corresponding to the current limit node according to the leaf node information, and determining a preset packet loss probability according to the preset current limit decision.
It should be understood that, the current limit amount corresponding to the current limit node is determined according to the leaf node information, and there may be a plurality of specific current limit methods, and in this embodiment, a random packet loss manner is adopted, and a preset packet loss probability is determined according to the preset current limit decision.
It is easy to understand that, according to the tracing result of the attack source, it can be determined which restrictors the attack flows pass through, if only the legal flows pass through the restrictors, the defense request server DSP can allocate the resources to the restrictors preferentially, after allocating the resources to the restrictors that only the legal flows pass through, the remaining resources can be allocated to those restrictors contaminated by the attack flows fairly according to the maximum and minimum criteria, wherein the contamination does not represent that only the attack flows pass through, and there is also a possibility that the legal flows are mixed, and the preset flow limiting decision can effectively protect the legal flows.
Step S403: and controlling the transaction flow of the user according to the current limit and the preset packet loss probability.
It should be noted that, in order to prevent a forged current limiting request, after receiving the current limiting request, firstly verifying the validity, and then performing a current limiting operation, a variety of current limiting methods may be used, in this embodiment, a random packet loss manner is used, the transaction traffic of the user is controlled according to the current Limit and the preset packet loss probability, and the preset packet loss probability P may be determined by (0, 1-Limit/Rate), where Limit refers to the current Limit of the current limiting node, and Rate refers to the current traffic of the current limiting node fed back by the defense request server, and if Limit is greater than or equal to Rate, the packet loss probability is 0, that is, the current is not limited, the transaction traffic of the user is controlled according to the current Limit of the current limiting node itself, and the current limiting node can control the transaction traffic of the user within a certain range by using the random packet loss manner.
It is easy to understand that the preset current limit decision needs to be updated periodically to adapt to the dynamic change of the environment, otherwise, a deviation is caused in the current limit, and the preset current limit decision updating process: and recalculating the current limit according to a decision algorithm, and issuing a new current limit command according to a decision result, wherein the current limit command can comprise adjusting the current limit, activating a new current limit node and the like.
In this embodiment, a current limiting node fed back by the defense request server is received, and leaf node information corresponding to the current limiting node is determined; determining a current limit corresponding to a current limit node according to the leaf node information, and determining a preset packet loss probability according to the preset current limit decision; and controlling the transaction flow of the user according to the current limit and the preset packet loss probability. In the embodiment, the transaction flow of the user on the financial platform is controlled by adopting a flow rate limiting technology, the limited network resources of the financial platform are guaranteed not to be consumed by the attack flow, the flow is controlled within the bearing capacity range of the limited resources, the DDoS attack can be effectively resisted by the distributed transaction flow limiting method, and the technical problem that the transaction network of the financial platform has great transaction risk due to the existing distributed denial of service attack is solved.
In addition, an embodiment of the present invention further provides a storage medium, where a distributed transaction current limiting program is stored on the storage medium, and the distributed transaction current limiting program is executed by a processor to perform the steps of the distributed transaction current limiting method described above.
Since the storage medium adopts all technical solutions of all the embodiments, at least all the beneficial effects brought by the technical solutions of the embodiments are achieved, and no further description is given here.
Referring to fig. 5, fig. 5 is a block diagram illustrating a first embodiment of a distributed transaction current limiting apparatus according to the present invention.
As shown in fig. 5, the distributed transaction current limiting apparatus according to the embodiment of the present invention includes:
the obtaining module 10 is configured to obtain a transaction behavior statistical parameter of a user according to a transaction request data packet when the transaction request data packet of the user is received.
It should be noted that, when a transaction request data packet of a user is received, obtaining a transaction behavior statistical parameter of the user according to the transaction request data packet may be implemented in multiple ways, and two ways are described below as an example, and of course, at least two ways may also be implemented in combination. In addition, the manner of obtaining the transaction behavior statistical parameter of the user according to the transaction request data packet may also be other manners according to actual needs, which is not limited in this embodiment. The transaction request of the user may be operations of registering, trading, transferring, passing through the account of the financial asset on the financial platform, and the like, and the specific transaction operation is not limited in this embodiment.
Specifically, one of the ways to obtain the transaction behavior statistical parameter of the user according to the transaction request data packet is as follows: acquiring a data packet header and time sequence information according to the transaction request data packet; acquiring the header of the data packet and the characteristic information of the time sequence information, and generating a current transaction behavior flow value according to the characteristic information; and generating a transaction behavior statistical parameter of the user according to the current transaction behavior flow value. The method comprises the steps of obtaining a transaction request data packet of a current system network, carrying out characteristic data acquisition on behavior characteristics of the transaction request data packet, obtaining a data packet header and time sequence information, mainly focusing on the time variation trend of specific parameters in the transaction request data packet, and extracting the time sequence of the specific parameters to obtain the time sequence information. Further, detection analysis may be performed using time-series characteristic changes of a plurality of parameters, and a wider range of flow rate abnormalities can be detected.
Specifically, another way of obtaining the transaction behavior statistical parameter of the user according to the transaction request data packet is as follows: acquiring a transaction request data packet of a current system network, performing characteristic data acquisition on behavior characteristics of the transaction request data packet, extracting network behavior statistical parameters by analyzing the acquired characteristic data, and taking the network behavior statistical parameters as transaction behavior statistical parameters of a user.
And the judging module 20 is configured to judge whether the transaction behavior statistical parameter meets a preset transaction behavior parameter.
It should be understood that, before performing distributed transaction throttling on a transaction request of a user, a preset transaction behavior parameter needs to be set, and the manner of setting the preset transaction behavior parameter may be implemented in various manners, which is described below by taking one manner as an example, of course, the manner of setting the preset transaction behavior parameter may also be other manners according to actual needs, which is not limited in this embodiment. Specifically, one of the ways to obtain the transaction behavior statistical parameter of the user according to the transaction request data packet is as follows: constructing a normal transaction flow model; acquiring a predicted normal behavior flow value through the transaction normal flow model based on a preset time sequence analysis algorithm; and generating a preset transaction behavior parameter according to the predicted normal behavior flow value.
It is easy to understand that the typical distributed network can realize that the user can visit the financial platform content nearby, and greatly improves the financial platform transaction efficiency. However, the distributed network is widely distributed on a plurality of links in the financial platform communication network, which causes attack influence on the financial platform communication network at the same time, the network is abnormally distributed on a plurality of links in the financial platform communication network, and a single branch link has small abnormal flow and is not easy to be noticed, but the plurality of links are summarized, so that the total abnormal flow is large, which can cause great influence on the operation of the financial platform communication network. In this embodiment, a predicted normal behavior flow value is obtained by using a preset time sequence analysis algorithm in combination with characteristic information of a distributed network traffic anomaly in a financial platform communication network, and the predicted normal behavior flow value is compared with a current transaction behavior flow value to generate a transaction traffic innovation sequence of network traffic.
Specifically, a predicted normal behavior flow value is obtained according to the preset transaction behavior parameters, and a current transaction behavior flow value is obtained according to the transaction behavior statistical parameters; comparing the predicted normal behavior flow value with the current transaction behavior flow value to obtain a transaction flow innovation sequence; and analyzing the transaction flow innovation sequence, and judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not according to the analysis result. The characteristics of transaction flow information sequences of a plurality of links can be analyzed through a sequential analysis method to judge whether the transaction behavior statistical parameters meet preset transaction behavior parameters, namely whether abnormal behavior of distributed network flow occurs or not is analyzed, and then the transaction flow of a user is controlled.
And the decision module 30 is configured to generate a defense request and send the defense request to a defense request server when the transaction behavior statistical parameter does not conform to the preset transaction behavior parameter, so that the defense request server determines a current limiting node through the defense request and a preset current limiting decision.
It should be noted that when the statistical transaction behavior parameters are judged to be not in accordance with the preset transaction behavior parameters, the distributed abnormal network traffic behavior is analyzed, the current limiting node needs to be determined, and then the user transaction traffic is controlled according to the current limiting node. Specifically, a defense request is generated and sent to a defense request server, so that the defense request server constructs a flow tree through the defense request and a preset attack source tracking strategy, a target attack sub-tree is determined according to the flow tree, and a current limiting node is determined through the target attack sub-tree according to a preset current limiting decision. The defense request server DSP selects an attack source tracking (IP trace back) technology according to specific conditions, can reconstruct a flow tree taking network flow abnormal behaviors as a root, can separate attack subtrees from the flow tree, can obtain the most appropriate current limiting position, namely a current limiting node, according to an attack source tracking result, wherein the current limiting node is a leaf node of the flow tree, and can know which current limiters the attack flow passes through according to the attack source tracking result, so that the current limiting node can be selected in a targeted manner to limit the current, and the current limiting effect is improved.
And the control module 40 is used for receiving the current limiting node fed back by the defense request server and controlling the transaction flow of the user according to the current limiting node.
It should be understood that the current limiting node fed back by the defense request server is received, and the leaf node information corresponding to the current limiting node is determined; determining a current limit corresponding to a current limit node according to the leaf node information, and determining a preset packet loss probability according to the preset current limit decision; and controlling the transaction flow of the user according to the current limit and the preset packet loss probability. The leaf node information is basic information of each leaf node, the basic information may include, for example, a node IP address, a node state (whether current limiting is being performed, a current limiting limit, a current limiting time limit, whether an attack flow passes through), traffic information collected from the node, and the like, the leaf node information is an important basis for controlling a user transaction traffic, and the leaf node information may also store a current limiting result obtained by a preset current limiting decision.
The distributed transaction current limiting device in this embodiment includes an obtaining module 10, configured to obtain a transaction behavior statistical parameter of a user according to a transaction request data packet when the transaction request data packet of the user is received; the judging module 20 is configured to judge whether the transaction behavior statistical parameter meets a preset transaction behavior parameter; the decision module 30 is configured to generate a defense request and send the defense request to a defense request server when the transaction behavior statistical parameter does not conform to the preset transaction behavior parameter, so that the defense request server determines a current limiting node through the defense request and a preset current limiting decision; and the control module 40 is used for receiving the current limiting node fed back by the defense request server and controlling the transaction flow of the user according to the current limiting node.
In an embodiment, the determining module 20 is further configured to obtain a predicted normal behavior flow value according to the preset transaction behavior parameter, and obtain a current transaction behavior flow value according to the transaction behavior statistical parameter;
comparing the predicted normal behavior flow value with the current transaction behavior flow value to obtain a transaction flow innovation sequence;
and analyzing the transaction flow innovation sequence, and judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not according to the analysis result.
In an embodiment, the determining module 20 is further configured to determine a corresponding statistical characteristic according to the transaction flow information sequence;
analyzing the statistical characteristics based on a preset multivariate sequential analysis algorithm to obtain sample statistics;
performing correlation analysis on the sample statistics according to a preset correlation test algorithm to obtain a correlation analysis result;
and judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not according to the correlation analysis result.
In an embodiment, the obtaining module 10 is further configured to obtain a packet header and timing information according to the transaction request packet;
acquiring the header of the data packet and the characteristic information of the time sequence information, and generating a current transaction behavior flow value according to the characteristic information;
and generating a transaction behavior statistical parameter of the user according to the current transaction behavior flow value.
In an embodiment, the obtaining module 10 is further configured to construct a normal transaction flow model;
acquiring a predicted normal behavior flow value through the transaction normal flow model based on a preset time sequence analysis algorithm;
and generating a preset transaction behavior parameter according to the predicted normal behavior flow value.
In an embodiment, the decision module 30 is further configured to generate a defense request and send the defense request to a defense request server, so that the defense request server constructs a traffic tree through the defense request and a preset attack source tracking policy, determines a target attack sub-tree according to the traffic tree, and determines a current limiting node through the target attack sub-tree according to a preset current limiting decision.
In an embodiment, the control module 40 is further configured to receive a current limiting node fed back by the defense request server, and determine leaf node information corresponding to the current limiting node;
determining a current limit corresponding to a current limit node according to the leaf node information, and determining a preset packet loss probability according to the preset current limit decision;
and controlling the transaction flow of the user according to the current limit and the preset packet loss probability.
Other embodiments or specific implementation manners of the distributed transaction current limiting device according to the present invention may refer to the above embodiments of the distributed transaction current limiting method, and are not described herein again.
It should be understood that the above is only an example, and the technical solution of the present invention is not limited in any way, and in a specific application, a person skilled in the art may set the technical solution as needed, and the present invention is not limited thereto.
It should be noted that the above-described work flows are only exemplary, and do not limit the scope of the present invention, and in practical applications, a person skilled in the art may select some or all of them to achieve the purpose of the solution of the embodiment according to actual needs, and the present invention is not limited herein.
In addition, the technical details that are not described in detail in this embodiment may refer to the distributed transaction current limiting method provided in any embodiment of the present invention, and are not described herein again.
Further, it is to be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention or portions thereof that contribute to the prior art may be embodied in the form of a software product, where the computer software product is stored in a storage medium (e.g. Read Only Memory (ROM)/RAM, magnetic disk, optical disk), and includes several instructions for enabling a terminal device (e.g. a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A distributed transaction current limiting method is characterized in that the distributed transaction current limiting method comprises the following steps:
when a transaction request data packet of a user is received, acquiring transaction behavior statistical parameters of the user according to the transaction request data packet;
judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not;
when the transaction behavior statistical parameters do not accord with the preset transaction behavior parameters, generating a defense request and sending the defense request to a defense request server so that the defense request server determines a current limiting node through the defense request and a preset current limiting decision;
and receiving the current limiting node fed back by the defense request server, and controlling the transaction flow of the user according to the current limiting node.
2. The distributed transaction current limiting method of claim 1, wherein the step of determining whether the transaction behavior statistical parameter meets a preset transaction behavior parameter comprises:
acquiring a predicted normal behavior flow value according to the preset transaction behavior parameters, and acquiring a current transaction behavior flow value according to the transaction behavior statistical parameters;
comparing the predicted normal behavior flow value with the current transaction behavior flow value to obtain a transaction flow innovation sequence;
and analyzing the transaction flow innovation sequence, and judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not according to the analysis result.
3. The distributed transaction current limiting method according to claim 2, wherein the step of analyzing the transaction flow information sequence and determining whether the transaction behavior statistical parameter meets a preset transaction behavior parameter according to the analysis result comprises:
determining corresponding statistical characteristics according to the transaction flow innovation sequence;
analyzing the statistical characteristics based on a preset multivariate sequential analysis algorithm to obtain sample statistics;
performing correlation analysis on the sample statistics according to a preset correlation test algorithm to obtain a correlation analysis result;
and judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not according to the correlation analysis result.
4. The distributed transaction throttling method of claim 1, wherein the step of obtaining the statistical parameters of the transaction behavior of the user according to the transaction request packet comprises:
acquiring a data packet header and time sequence information according to the transaction request data packet;
acquiring the header of the data packet and the characteristic information of the time sequence information, and generating a current transaction behavior flow value according to the characteristic information;
and generating a transaction behavior statistical parameter of the user according to the current transaction behavior flow value.
5. The distributed transaction current limiting method of claim 1, wherein before the step of determining whether the transaction behavior statistical parameter meets a preset transaction behavior parameter, the method further comprises:
constructing a normal transaction flow model;
acquiring a predicted normal behavior flow value through the transaction normal flow model based on a preset time sequence analysis algorithm;
and generating a preset transaction behavior parameter according to the predicted normal behavior flow value.
6. The distributed transaction current limiting method of any one of claims 1 to 5, wherein the step of generating a defensive request and sending the defensive request to a defensive request server such that the defensive request server determines a current limiting node through the defensive request and a preset current limiting decision comprises:
generating a defense request and sending the defense request to a defense request server so that the defense request server constructs a flow tree through the defense request and a preset attack source tracking strategy, determining a target attack sub-tree according to the flow tree, and determining a current limiting node through the target attack sub-tree according to a preset current limiting decision.
7. The distributed transaction throttling method of any of claims 1 to 5, wherein the step of the throttling node receiving the defensive request server feedback controlling the user transaction traffic according to the throttling node comprises:
receiving a current limiting node fed back by the defense request server, and determining leaf node information corresponding to the current limiting node;
determining a current limit corresponding to a current limit node according to the leaf node information, and determining a preset packet loss probability according to the preset current limit decision;
and controlling the transaction flow of the user according to the current limit and the preset packet loss probability.
8. A distributed transaction current limiting device, the distributed transaction current limiting device comprising:
the acquisition module is used for acquiring transaction behavior statistical parameters of a user according to a transaction request data packet when the transaction request data packet of the user is received;
the judging module is used for judging whether the transaction behavior statistical parameters accord with preset transaction behavior parameters or not;
the decision module is used for generating a defense request and sending the defense request to a defense request server when the transaction behavior statistical parameter does not accord with the preset transaction behavior parameter, so that the defense request server determines a current limiting node through the defense request and a preset current limiting decision;
and the control module is used for receiving the current limiting node fed back by the defense request server and controlling the transaction flow of the user according to the current limiting node.
9. A distributed transaction current limiting device, the distributed transaction current limiting device comprising: a memory, a processor, and a distributed transaction current limiting program stored on the memory and executable on the processor, the distributed transaction current limiting program configured to implement the steps of the distributed transaction current limiting method of any of claims 1 to 7.
10. A storage medium having stored thereon a distributed transaction current limiting program which, when executed by a processor, performs the steps of the distributed transaction current limiting method of any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011482247.3A CN112702321B (en) | 2020-12-15 | 2020-12-15 | Distributed transaction current limiting method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011482247.3A CN112702321B (en) | 2020-12-15 | 2020-12-15 | Distributed transaction current limiting method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112702321A true CN112702321A (en) | 2021-04-23 |
| CN112702321B CN112702321B (en) | 2023-04-07 |
Family
ID=75508287
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011482247.3A Active CN112702321B (en) | 2020-12-15 | 2020-12-15 | Distributed transaction current limiting method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112702321B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114338811A (en) * | 2021-12-30 | 2022-04-12 | 中国农业银行股份有限公司 | Transaction current limiting method, device, server, storage medium and product |
| CN115134301A (en) * | 2022-06-29 | 2022-09-30 | 中国工商银行股份有限公司 | Flow control method and device, computer equipment and storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160028755A1 (en) * | 2014-07-23 | 2016-01-28 | Cisco Technology, Inc. | Traffic segregation in ddos attack architecture |
| US20180026994A1 (en) * | 2016-07-22 | 2018-01-25 | Alibaba Group Holding Limited | Network attack defense system and method |
| CN109831453A (en) * | 2019-03-07 | 2019-05-31 | 北京华安普特网络科技有限公司 | A kind of ddos attack defence method |
| CN110149321A (en) * | 2019-05-06 | 2019-08-20 | 长沙市智为信息技术有限公司 | A kind of detection and defence method and device applied to DDOS attack in SDN network |
| CN110380985A (en) * | 2019-08-02 | 2019-10-25 | 中国工商银行股份有限公司 | Flow control methods, device, equipment and storage medium based on trade link |
| CN110430141A (en) * | 2019-08-08 | 2019-11-08 | 北京字节跳动网络技术有限公司 | Current-limiting method and device |
| CN111181932A (en) * | 2019-12-18 | 2020-05-19 | 广东省新一代通信与网络创新研究院 | DDOS attack detection and defense method, device, terminal device and storage medium |
| US20200351207A1 (en) * | 2019-04-30 | 2020-11-05 | Wangsu Science & Technology Co., Ltd. | Method and system of limiting traffic |
-
2020
- 2020-12-15 CN CN202011482247.3A patent/CN112702321B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160028755A1 (en) * | 2014-07-23 | 2016-01-28 | Cisco Technology, Inc. | Traffic segregation in ddos attack architecture |
| US20180026994A1 (en) * | 2016-07-22 | 2018-01-25 | Alibaba Group Holding Limited | Network attack defense system and method |
| CN109831453A (en) * | 2019-03-07 | 2019-05-31 | 北京华安普特网络科技有限公司 | A kind of ddos attack defence method |
| US20200351207A1 (en) * | 2019-04-30 | 2020-11-05 | Wangsu Science & Technology Co., Ltd. | Method and system of limiting traffic |
| CN110149321A (en) * | 2019-05-06 | 2019-08-20 | 长沙市智为信息技术有限公司 | A kind of detection and defence method and device applied to DDOS attack in SDN network |
| CN110380985A (en) * | 2019-08-02 | 2019-10-25 | 中国工商银行股份有限公司 | Flow control methods, device, equipment and storage medium based on trade link |
| CN110430141A (en) * | 2019-08-08 | 2019-11-08 | 北京字节跳动网络技术有限公司 | Current-limiting method and device |
| CN111181932A (en) * | 2019-12-18 | 2020-05-19 | 广东省新一代通信与网络创新研究院 | DDOS attack detection and defense method, device, terminal device and storage medium |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114338811A (en) * | 2021-12-30 | 2022-04-12 | 中国农业银行股份有限公司 | Transaction current limiting method, device, server, storage medium and product |
| CN114338811B (en) * | 2021-12-30 | 2024-01-30 | 中国农业银行股份有限公司 | Transaction flow limiting method, device, server, storage medium and product |
| CN115134301A (en) * | 2022-06-29 | 2022-09-30 | 中国工商银行股份有限公司 | Flow control method and device, computer equipment and storage medium |
| CN115134301B (en) * | 2022-06-29 | 2024-04-05 | 中国工商银行股份有限公司 | Flow control method, flow control device, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112702321B (en) | 2023-04-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3588898B1 (en) | Defense against apt attack | |
| RU2668710C1 (en) | Computing device and method for detecting malicious domain names in network traffic | |
| EP2863611B1 (en) | Device for detecting cyber attack based on event analysis and method thereof | |
| EP3577589B1 (en) | Prevention of malicious automation attacks on a web service | |
| US8935785B2 (en) | IP prioritization and scoring system for DDoS detection and mitigation | |
| US9386036B2 (en) | Method for detecting and preventing a DDoS attack using cloud computing, and server | |
| CN107465648B (en) | Abnormal equipment identification method and device | |
| CN107645478B (en) | Network attack defense system, method and device | |
| CN105939350B (en) | Network access control method and system | |
| EP3337106B1 (en) | Identification system, identification device and identification method | |
| Feng et al. | Application-layer DDoS defense with reinforcement learning | |
| CN113852625B (en) | A weak password monitoring method, device, equipment and storage medium | |
| US10757029B2 (en) | Network traffic pattern based machine readable instruction identification | |
| CN112702321A (en) | Distributed transaction current limiting method, device, equipment and storage medium | |
| US20240244079A1 (en) | Techniques for generating signatures characterizing advanced application layer flood attack tools | |
| CN117294517A (en) | Network security protection method and system for solving abnormal traffic | |
| Yassin et al. | SQLIIDaaS: A SQL injection intrusion detection framework as a service for SaaS providers | |
| CN111628961A (en) | DNS (Domain name Server) anomaly detection method | |
| CN114363059A (en) | An attack identification method, device and related equipment | |
| Fan et al. | Modeling the propagation of peer-to-peer worms | |
| CN112968891A (en) | Network attack defense method and device and computer readable storage medium | |
| KR20210076455A (en) | Method and apparatus for automated verifying of xss attack | |
| Sivabalan et al. | Detecting IoT zombie attacks on web servers | |
| CN113014601A (en) | Communication detection method, device, equipment and medium | |
| JP2022541250A (en) | Inline malware detection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 518000 Room 516, building 501, Tairan 6th Road, chegongmiao, Futian District, Shenzhen City, Guangdong Province Patentee after: Shenzhen Kuaifu Tong Payment Co.,Ltd. Country or region after: China Address before: Room 516, Building 501, Tairan 6th Road, Chegongmiao, Futian District, Shenzhen, Guangdong Province Patentee before: SHENZHEN KFTPAY FINANCE NETWORK TECHNOLOGY SERVICE CO.,LTD. Country or region before: China |
|
| CP03 | Change of name, title or address |