Search

CN-116192415-B - Access request processing method and device, electronic equipment and storage medium

CN116192415BCN 116192415 BCN116192415 BCN 116192415BCN-116192415-B

Abstract

The embodiment of the specification provides a processing method, a device, electronic equipment and a storage medium for an access request. The method comprises the steps of receiving a first access request, generating and storing a first appointed identification when an access page pointed by the first access request is a first page, sending the first appointed identification and page data of the first page to a request sender of the first access request, receiving a second access request sent by the request sender, and recognizing the second access request as an attack behavior when a matching result of the second access request for matching the first appointed identification indicates that matching fails. The recognition accuracy rate for the attack behavior can be improved.

Inventors

  • TIAN JIN
  • ZENG LINCHENGXI
  • YANG YING
  • WU HAIYING
  • JIANG NING
  • CHEN XIAOXU

Assignees

  • 马上消费金融股份有限公司

Dates

Publication Date
20260512
Application Date
20220826

Claims (9)

  1. 1. A method for processing an access request, the method being applied to a server, the method comprising: receiving a first access request; generating and storing a first appointed identification under the condition that an access page pointed by the first access request is a first page; Transmitting the first specified identifier and the page data of the first page to a request sender of the first access request; Receiving a second access request sent by the request sender after receiving the page data of the first page; When the matching result of the second access request for matching the first appointed identifier shows that the matching is failed, the second access request is considered as an attack behavior; Acquiring page data of a second page pointed by the second access request under the condition that a matching result of the first specified identifier in the second access request indicates that the matching is successful; Generating a second designated identifier; And sending the second appointed identification and the page data of the second page to a request sender which sends the second access request, so that the access request sent by the request sender based on the page data of the second page carries the second appointed identification.
  2. 2. The method of claim 1, wherein said matching the first specified identification in the second access request comprises: The second access request is matched with the effective identifiers included in the effective identifier set, wherein the matching result indicates that the matching is successful when the matching result is that the appointed identifiers matched with the second access request exist in the effective identifier set, the matching result indicates that the matching is failed when the matching result is that the appointed identifiers matched with the second access request do not exist in the effective identifier set, and the effective identifier set comprises a plurality of appointed identifiers in an effective state.
  3. 3. The method according to claim 2, wherein the method further comprises: the first appointed identification which is successfully matched with the second access request in the effective identification set is moved out of the effective identification set, or Performing increment operation on the number of times of using the first appointed identification successfully matched with the second access request in the valid identification set, or And under the condition that the using times of the first specified mark reach a set threshold value, the first specified mark is moved out of the effective mark set.
  4. 4. The method of claim 1, wherein matching the specified identification in the second access request comprises: And matching the first specified identifier stored correspondingly by the request sender of the second access request with the second access request.
  5. 5. The method of claim 1, further comprising establishing identification information of a request sender of the second access request based on the second access request; And transmitting the identification information of the request sender to computer equipment which is associated with the server, so that the computer equipment identifies the request sender according to the identification information.
  6. 6. The method according to claim 1, wherein the method further comprises: generating response data for the second access request; And analyzing the loopholes of the server according to the response data.
  7. 7. An apparatus for processing an access request, the apparatus comprising: a first receiving unit, configured to receive a first access request; A generating unit, configured to generate and store a first specified identifier when the access page pointed to by the first access request is a first page; A sending unit, configured to send the first specified identifier and page data of the first page to a request sender of the first access request; A second receiving unit, configured to receive a second access request sent by the request sender; the identification unit is used for identifying the second access request as an attack behavior when the matching result of the first specified identifier in the second access request indicates that the matching is failed; the acquiring unit is used for acquiring page data of a second page pointed by the second access request under the condition that the matching result of the first specified identifier in the second access request indicates that the matching is successful; an identification generating unit for generating a second specified identification; The sending unit is further configured to send the second specific identifier and page data of the second page to a request sender that sends the second access request, so that the access request sent by the request sender based on the page data of the second page carries the second specific identifier.
  8. 8. An electronic device, the electronic device comprising: a memory, and one or more processors communicatively coupled to the memory; Stored in the memory are instructions executable by the one or more processors to cause the one or more processors to implement the method of any one of claims 1 to 6.
  9. 9. A computer storage medium storing a computer program which, when executed by a processor, implements the method of any one of the preceding claims 1 to 6.

Description

Access request processing method and device, electronic equipment and storage medium Technical Field Embodiments in the present disclosure relate to the field of network security, and in particular, to a method, an apparatus, an electronic device, and a storage medium for processing an access request. Background With the rapid development of computer networks, network security is becoming increasingly important. In the prior art, the network attack behavior is usually mixed with normal network access. And the method brings great challenges to network security protection. In the prior art, the attack behavior can be generally identified by adopting a regular matching technology. Specifically, a regular expression library may be provided, in which a plurality of regular expressions are included. And matching the received network access request with regular expressions in the regular expression library, and considering the network access request as an attack behavior under the condition of successful matching. However, as attack measures of attackers are more and more, accuracy of recognition of network attack behaviors by the technology of regular matching is gradually reduced. Disclosure of Invention Various embodiments in the present specification provide a method, an apparatus, an electronic device, and a storage medium for processing an access request. The recognition accuracy rate for network attack behaviors can be improved to a certain extent. One embodiment of the specification provides a processing method of an access request, which is applied to a server and comprises the steps of receiving a first access request, generating and storing a first appointed identification when an access page pointed by the first access request is a first page, sending the first appointed identification and page data of the first page to a request sender of the first access request, receiving a second access request sent by the request sender, and recognizing the second access request as an attack behavior when a matching result of the second access request for matching the first appointed identification indicates that matching fails. One embodiment of the specification provides a processing device of an access request, which comprises a first receiving unit, a generating unit, a sending unit and a recognizing unit, wherein the first receiving unit is used for receiving the first access request, the generating unit is used for generating and storing a first appointed identification when an access page pointed by the first access request is a first page, the sending unit is used for sending the first appointed identification and page data of the first page to a request sender of the first access request, the second receiving unit is used for receiving a second access request sent by the request sender, and the recognizing unit is used for recognizing the second access request as an attack behavior when a matching result of the second access request, which is matched with the first appointed identification, indicates that matching fails. An embodiment of the present specification provides an electronic device comprising a memory and one or more processors communicatively coupled to the memory, the memory having stored therein instructions executable by the one or more processors to cause the one or more processors to implement the method of any of the above embodiments. An embodiment of the present specification provides a computer storage medium storing a computer program which, when executed by a processor, implements the method of any of the above embodiments. The embodiments provided herein utilize network communication protocols in which parameters are communicated between access requests and response data sent by a requestor and a responder, respectively, between multiple normal communications. In this way, by feeding back the specified identifier and the page data to the request sender of the first access request, in the case where the specified identifier is not included in the second access request based on the page data, it is explained that the second access request is modified, and the second access request can be regarded as an attack. Therefore, the network attack behavior can be timely discovered, and the recognition accuracy of the network attack behavior is improved. Drawings The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings: Fig. 1 is a schematic diagram of network interaction provided in one embodiment of the present description. Fig. 2 is a flowchart of a method for processing an access request according to an embodiment of the present disclosure. Fig. 3 is an interaction schematic diagram of a processing met