Search

CN-121984697-A - Method for adaptively preventing request replay based on HTTP protocol

CN121984697ACN 121984697 ACN121984697 ACN 121984697ACN-121984697-A

Abstract

The invention discloses a method for adaptively preventing request replay based on an HTTP protocol, which comprises the steps of data encryption transmission, request validity verification, request duplicate removal interception, concurrent request limitation and the like. The method comprises the steps of encrypting user request data through an encryption algorithm (such as SM 4) to ensure the safety of a transmission process, checking the validity of the request by using a unique identifier to effectively prevent fake or illegal requests, recording request information through a storage medium (such as Redis), intercepting repeated requests within a set validity period to avoid data redundancy and resource waste, and adjusting a concurrency limit threshold value by combining an innovative formula based on a dynamic resource allocation mechanism of user behavior prediction to realize resource optimization allocation of a high concurrency scene. The method improves the safety and stability of the system, and is suitable for network application scenes with high concurrency and high safety requirements.

Inventors

  • FENG GUOJING
  • WANG XIANLING
  • QIN LIWEI
  • LIU JINGCHAO
  • FENG DONG
  • SUI ZHIWEI
  • JING XIAOMIN
  • WANG JUAN
  • ZHANG JIANPENG
  • ZHANG FANGMING
  • ZHAO ZHONGHAI

Assignees

  • 北京国电通网络技术有限公司
  • 国网信息通信产业集团有限公司

Dates

Publication Date
20260505
Application Date
20251211

Claims (8)

  1. 1. A method for adaptively preventing request replay based on HTTP protocol is characterized by comprising the following steps: step 1, encrypting user request data through an encryption algorithm; step 2, generating a unique identifier for each request, and checking the unique identifier to verify the validity of the request; step 3, storing the request information into a storage medium, and intercepting repeated requests within a set validity period; and 4, dynamically adjusting a concurrency limit threshold based on a dynamic resource allocation mechanism of user behavior prediction, and limiting or intercepting the excess requests.
  2. 2. The method for adaptively preventing playback of a request based on HTTP protocol as set forth in claim 1, wherein in said step 1, the encryption algorithm used is a cryptographic SM4 symmetric encryption algorithm, and wherein the client encrypts the request data and adds an encryption identifier to the request header when initiating the request.
  3. 3. The method for adaptively preventing playback of a request based on HTTP protocol as in claim 1, wherein in step 2, the unique identifier is generated by the client based on the timestamp, the user ID and the request parameter and calculated by a hash algorithm.
  4. 4. The method for adaptively preventing playback of a request based on HTTP protocol as set forth in claim 1, wherein in step 2, the request validity check comprises the following verification logic: a) Whether the format of the request identifier meets a predefined specification; b) Whether the request identifier is within a specified validity period; c) Whether the request identifier has been used or submitted repeatedly.
  5. 5. The method for adaptively preventing playback of a request based on HTTP protocol as in claim 1, wherein in step 3, the request information includes a request identifier and a request parameter identifier corresponding to the request identifier, and the request information is stored in Redis and has a validity period of 30 minutes.
  6. 6. A method for adaptively preventing playback of a request based on the HTTP protocol as set forth in claim 5, wherein the key-value structure in Redis comprises a hash of the request identifier with the key as the request timestamp or additional information for verifying the uniqueness and validity of the request.
  7. 7. The method for adaptively preventing playback of a request based on HTTP protocol as set forth in claim 1, wherein in step 4, the concurrency limit threshold is dynamically adjusted by the following formula: Wherein, the For a dynamically adjusted concurrency threshold, For the historical behavioral weight of the vehicle, For the current number of active users, For a predicted future request peak value, For the current utilization of the system resources, 、 、 In order to adjust the coefficient of the power supply, Is a minimum constant.
  8. 8. A method for adaptively preventing playback of a request based on the HTTP protocol as set forth in claim 7, wherein the system automatically increases the concurrency threshold for the corresponding region when the predicted future request peak exceeds the threshold, and decreases the threshold appropriately to optimize resource utilization when the predicted traffic is low.

Description

Method for adaptively preventing request replay based on HTTP protocol Technical Field The invention relates to the field of computer network security, in particular to a method for adaptively preventing request replay based on an HTTP protocol. Background With the rapid development of internet technology, network application systems based on HTTP protocol have been widely used in various fields such as e-commerce, online payment, logistics management and government service. The core of these systems is the frequent interaction between the client and the server. However, due to the stateless and open nature of the HTTP protocol itself, current technology exposes problems in terms of request security and high concurrency handling, and improvements are needed. In conventional network communications, requests and responses between clients and servers are typically transmitted in the clear, or using only simple encryption techniques. The method cannot effectively protect the integrity and confidentiality of the data, and an attacker can steal or tamper with the transmitted data by means of packet grabbing or traffic hijacking. Particularly in the scene of the sensitive information or key business data of the related user, the security risk is more remarkable, and the security of the system is seriously threatened. In addition, the conventional HTTP communication has a disadvantage in requesting validity verification. Servers typically rely on simple authentication means (e.g., user name and password) to determine the legitimacy of a request, but this mechanism suffers from significant drawbacks. User sessions may fail by being stolen or falsified, and an attacker may impersonate a legitimate user-initiated request through session hijacking. Meanwhile, the prior art does not set a unique identifier for the request itself, which easily causes repeated requests of malicious construction to bypass the safeguard. In highly sensitive scenarios, the lack of such authentication mechanisms may also lead to illegal access or data tampering, further exacerbating the security risk of the system. Repeated requests and high concurrency problems are also common in the interaction of clients and servers. A user may send the same request to the server multiple times due to a malfunction (e.g., clicking the same button continuously) or a network problem (e.g., a retry caused by a request timeout). However, the prior art often fails to quickly and efficiently identify and intercept these duplicate requests, resulting in data redundancy and performance consumption issues. Repeated operations may generate redundant data records, such as repeated orders or notifications, which not only increase the complexity of subsequent processing, but may also severely impact system performance. In high concurrency situations, such repeated requests may further exacerbate server resource occupation, increasing the risk of system crashes. In multi-user systems, highly concurrent requests are particularly common, especially during promotional campaigns, peak business hours, or handling large-scale tasks (e.g., bulk exports). The prior art mostly adopts a fixed threshold mode to limit concurrent requests, but the method has significant disadvantages. The fixed concurrency limit cannot dynamically adapt to the change of the user behavior mode or the system load, and may cause resource waste or system overload. Moreover, the lack of differentiation of importance of requests by current concurrency management mechanisms may result in critical traffic being impacted by insufficient resources. In addition, due to the lack of predictive capability for future concurrent trends, the system cannot effectively plan high-load scenes in advance, thereby causing performance bottlenecks and reduced user experience. The prior art is also less intelligent in terms of defensive ability against complex network attacks. Conventional security measures are mostly based on static rules or manual configuration, such as simple IP restrictions or request frequency control. Although these approaches can reduce malicious requests to some extent, they cannot accommodate diverse attack patterns and dynamically changing network environments. With the increasing complexity of user behavior and attack means, the system needs to have higher real-time analysis capability so as to cope with network threats in time. However, existing defense mechanisms often have difficulty meeting this requirement, and present significant challenges to the stability and security of the system. In general, current communication technologies based on HTTP protocol have significant shortcomings in terms of data transmission security, request validity verification, repeated request management, and resource allocation in high concurrency scenarios. These problems not only affect the security and stability of the network application system, but also have an adverse effect on the user experience. Therefore,