Search

CN-121984698-A - HTTP protocol-based system for preventing request replay

CN121984698ACN 121984698 ACN121984698 ACN 121984698ACN-121984698-A

Abstract

The invention discloses a system for preventing request replay based on an HTTP protocol, which comprises a data protection module, a request verification module, a request management module and a concurrency management module. The data protection module protects the security of the request data through an encryption algorithm and a transmission channel to prevent data leakage and tampering, the request verification module generates a unique identifier and performs validity verification to ensure the authenticity, timeliness and operation authority of the request, the request management module stores request information and sets a validity period to realize efficient interception of repeated requests to avoid resource waste, and the concurrency management module performs hierarchical management and strategy adjustment on the requests under a high concurrency scene based on a dynamic priority scoring formula to optimize resource allocation and ensure the system performance. The invention effectively improves the safety, stability and resource utilization efficiency of the system in a high concurrency environment through the cooperative work of the modules, and is suitable for various high-frequency interaction application scenes.

Inventors

  • FENG GUOJING
  • WANG XIANLING
  • QIN LIWEI
  • LIU JINGCHAO
  • FENG DONG
  • SUI ZHIWEI
  • JING XIAOMIN
  • WANG JUAN
  • ZHANG JIANPENG
  • ZHANG FANGMING
  • ZHAO ZHONGHAI

Assignees

  • 北京国电通网络技术有限公司
  • 国网信息通信产业集团有限公司

Dates

Publication Date
20260505
Application Date
20251211

Claims (10)

  1. 1. A system for preventing request replay based on HTTP protocol is characterized in that the system comprises a data protection module, a request verification module, a request management module and a concurrency management module; The data protection module is used for carrying out protective transmission on the request data; The request verification module is used for carrying out unique identification and validity verification on the user request; the request management module is used for storing request information and intercepting repeated requests within a set time range; and the concurrency management module is used for managing the distribution of the request under the high concurrency condition and optimizing the resource allocation through dynamic adjustment strategy.
  2. 2. The HTTP protocol-based system for preventing playback of requests of claim 1, wherein the data protection module symmetrically encrypts the requested data using a SM4 cryptographic algorithm and ensures integrity and security of the transmitted data by time stamp verification and unique identifier verification.
  3. 3. A HTTP protocol-based system that prevents playback of requests as set forth in claim 1 wherein the data protection module establishes the transport channel via the TLS protocol.
  4. 4. A HTTP protocol-based system for preventing playback of requests as set forth in claim 1 wherein the request authentication module generates a unique identifier after user login, the identifier being generated based on user login information, a random number, and a time stamp and being tamper-resistant by means of digital signatures.
  5. 5. A HTTP protocol-based system that prevents replay of requests, as defined in claim 1, wherein the request verification module performs a format check, a timestamp check, and a validity verification of an identifier in a user request, wherein the timestamp check is used to determine whether the identifier has expired.
  6. 6. The HTTP protocol-based system for preventing playback of requests of claim 1, wherein the request management module records the request information in the form of Redis's key-value by storing the request identifier, the request parameter, and the timestamp in a high-performance storage medium and intercepts the repeated request.
  7. 7. The HTTP protocol-based system for preventing playback of requests of claim 1, wherein the request management module uses a Redis expiration mechanism to set a time-to-live (TTL) for each request message and automatically frees memory space after the request message exceeds a set time frame.
  8. 8. The HTTP protocol-based system for preventing playback requests of claim 1, wherein the concurrency management module dynamically samples the request frequency via a virtual counter, counts the amount of requests in combination with a sliding window algorithm, and adjusts the sampling rate based on the system load.
  9. 9. The HTTP protocol-based system for preventing request replay as defined in claim 1, wherein the concurrency management module calculates a priority score P for each request by a dynamic priority scoring formula that dynamically adjusts the priority and delay policy of the request based on the score Wherein, the Representing a priority score; Is the importance weight of the request; Is the current frequency of the request; Is the current load rate of the system; Is the request resource occupancy factor.
  10. 10. The HTTP protocol-based system for preventing playback of requests of claim 1, wherein the concurrency management module sets a delay time Td=α.P for high priority requests for which delays are set, wherein α is a delay scaling factor, and P represents a priority score.

Description

HTTP protocol-based system for preventing request replay Technical Field The invention relates to the field of information security, in particular to a system for preventing request replay based on an HTTP protocol. Background In modern internet applications, the HTTP protocol is widely used as a mainstream communication protocol for data interaction between clients and servers. However, with increasing complexity of network application scenarios and rapid increase of user access demands, conventional systems based on HTTP protocol gradually exhibit various shortcomings in terms of security and performance, and face various technical challenges. First, in terms of data transmission security, a conventional HTTP protocol communication method generally adopts plaintext transmission. This mode lacks effective encryption protection measures, so that sensitive information of the user, such as login credentials and transaction data, is easily attacked or stolen by a man-in-the-middle, thereby causing serious potential safety hazards. In addition, the existing encryption algorithm is insufficient when meeting the requirement of a high-security scene, the requirement of the modern network environment on the increasingly high encryption strength is difficult to meet, and the security risk is further amplified. Second, the problem of resource waste caused by repeated operations of users is particularly prominent in a high concurrency environment. The user may continuously click the same function button on the operation interface, triggering the same request multiple times. Such repeated requests not only waste system resources, but may also affect the consistency and integrity of the data. For example, repeated submissions of orders by users may create redundant records that not only increase the complexity of background management, but also impose additional burdens on subsequent business process flows. Conventional systems often lack a valid check of a user request in terms of request legitimacy. This deficiency makes it difficult for the system to distinguish between legitimate requests and counterfeit requests, and is vulnerable to attack by malicious users. For example, by forging the HTTP request by the packet grasping tool, a malicious user can bypass the authority control of the system and perform illegal operations, thereby causing data leakage and even server paralysis. This lack of authentication capability severely threatens the security and stability of the system. As the amount of user access increases, high concurrent access places higher demands on system performance. In some particular scenarios, such as promotional campaigns or preemptive kills, the amount of concurrent requests by a user may suddenly increase. In the face of such bursty traffic, conventional systems rely on queuing mechanisms or load balancing techniques to distribute requests, but these approaches are generally difficult to cope with complex scenarios where the request frequency changes dynamically, which may lead to significant degradation of system response performance and even direct downtime. At the same time, the defending capability of the system against malicious requests is obviously insufficient. A malicious user can generate a large number of repeated or forged requests through manual or automatic tools, deplete server resources, and finally achieve the aim of denial of service attack (DoS). The existing protection mechanism often depends on static rule configuration, and lacks flexible perceptibility on dynamic characteristics of request behaviors, so that the existing protection mechanism is difficult to adapt to diversified attack means, and the safety protection efficiency of the system is greatly reduced. In addition, in a complex application environment, the system lacks fine management of traffic, and consumption difference of different types of requests to resources is obvious. Taking big data export operations as an example, they typically occupy a lot of memory and CPU resources, while small data queries consume less. However, conventional systems typically take a peer-to-peer approach to all requests, failing to formulate priority restriction policies for high-consumption operations. This rough pattern in management may cause critical services to be blocked by high frequency requests, further reducing the efficiency and stability of the system. In summary, the prior art has obvious shortcomings in aspects of data transmission security, repeated request management, request validity verification, high concurrency processing, malicious request defense, refined traffic management and the like. These problems not only seriously threaten the security and stability of the system, but also have profound negative effects on the user experience and business continuity. Therefore, there is an urgent need to develop an innovative solution capable of effectively solving the above problems, so as to comprehensively improve