Search

CN-121984791-A - Network application protection system, method, storage medium and computer program product

CN121984791ACN 121984791 ACN121984791 ACN 121984791ACN-121984791-A

Abstract

The embodiment of the application discloses a network application protection system, a network application protection method, a storage medium and a computer program product. The system comprises a traffic scheduler and protection management nodes, wherein the protection management nodes comprise one or more protection nodes, the traffic scheduler is used for receiving an access request for network application sent by a client, performing traffic analysis on the access request through a prediction model to obtain a traffic prediction value at a target moment, distributing the traffic prediction value to different protection nodes, and the protection management nodes are used for detecting potential attack behaviors in the access request and adjusting a source protection strategy based on attack types, attack frequencies and attack severity of the potential attack behaviors to obtain a target protection strategy.

Inventors

  • LU CHENG
  • WANG DONGXU
  • MENG LINGKUN
  • CHEN JILEI
  • HUANG YONGBAO

Assignees

  • 中移(苏州)软件技术有限公司
  • 中国移动通信集团有限公司

Dates

Publication Date
20260505
Application Date
20260407

Claims (10)

  1. 1. A network application protection system is characterized by comprising a traffic scheduler and a protection management node, wherein the protection management node comprises one or more protection nodes; The traffic scheduler is used for receiving an access request for network application sent by a client, and carrying out traffic analysis on the access request through a prediction model to obtain a traffic predicted value at a target moment; The protection management node is configured to detect a potential attack behavior existing in the access request, and adjust a source protection policy based on an attack type, an attack frequency and an attack severity of the potential attack behavior, so as to obtain a target protection policy.
  2. 2. The system of claim 1, wherein the predictive model comprises a time series predictive model and an attack behavior predictive model; the flow scheduler is specifically configured to: Inputting the flow data related to the access request into the time sequence prediction model to obtain time sequence data of the flow; inputting the attack behavior index related to the access request into the attack behavior prediction model to obtain an attack behavior prediction value; And determining a flow predicted value of the target moment based on the time series data of the flow and the attack behavior predicted value.
  3. 3. The system according to claim 1, characterized in that the traffic scheduler is specifically configured to: Determining the flow distribution proportion of each protection node based on first attribute information of each protection node, wherein the first attribute information comprises one or more of the following information including line resource availability, node load, security priority, historical performance expression weight and real-time performance periodic fluctuation; And distributing the flow predicted value to different protection nodes based on the flow distribution proportion of each protection node.
  4. 4. The system of claim 1, wherein the traffic scheduler is further configured to: Determining the routing priority of each protection node based on second attribute information of each protection node, wherein the second attribute information comprises one or more of the following information, namely a security assessment score, the intensity of the born attack behavior, historical routing performance, health; and controlling the routing of the traffic prediction value to the corresponding protection node based on the routing priority of each protection node.
  5. 5. The system of claim 1, wherein the guard management node is further configured to: performing risk assessment on the detected potential attack behaviors to obtain attack risk values; And determining a processing mode of the access request based on the attack risk value.
  6. 6. The system of claim 1, further comprising a distributed collaboration defense module, wherein, The distributed cooperative defense module is used for establishing a secure communication channel between the protection nodes and transmitting attack information and the target protection strategy through the secure communication channel.
  7. 7. The system of claim 6, wherein the distributed collaboration defense module is further to: Integrating attack information from a plurality of protection nodes to obtain integrated attack information; performing abnormal behavior analysis on the integrated attack information to obtain a cross-node abnormal behavior analysis result; and adjusting the defending sequence of each protection node based on the analysis result of the abnormal behavior of the cross node.
  8. 8. A method of protecting a network application, the method comprising: Receiving an access request for a network application sent by a client; the flow analysis is carried out on the access request through a prediction model to obtain a flow prediction value at a target moment; and detecting potential attack behaviors in the access request, and adjusting a source protection strategy based on the attack type, the attack frequency and the attack severity of the potential attack behaviors to obtain a target protection strategy.
  9. 9. A storage medium having stored thereon a computer program, which when executed by a processor performs the steps of the method of claim 8.
  10. 10. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, realizes the steps of the method of claim 8.

Description

Network application protection system, method, storage medium and computer program product Technical Field The present application relates to the field of computer network security technologies, and in particular, to a network application protection system, a network application protection method, a storage medium, and a computer program product. Background Currently, protection nodes such as Web application firewall (WAF, web Application Firewall) nodes in the related art generally adopt a centralized deployment scheme, and the main characteristic of the method is that the WAF nodes are deployed on one or several nodes of a data center or a cloud service provider, so as to detect and filter all Web application traffic. However, the centralized WAF node takes on the traffic detection and filtering tasks of the whole system, when the traffic is too large, the performance of the WAF node becomes a bottleneck of the whole system, and since the centralized WAF node is usually deployed on a node of a data center or a cloud service provider, when a user remotely accesses a Web application, a large network delay is generated, so that the performance of the WAF node is insufficient. Disclosure of Invention To solve the technical problems in the related art, embodiments of the present application provide a network application protection system, a method, a storage medium, and a computer program product. In order to achieve the above object, the technical solution of the embodiment of the present application is as follows: in a first aspect, an embodiment of the present application provides a network application protection system, where the system includes a traffic scheduler and a protection management node, where the protection management node includes one or more protection nodes; The traffic scheduler is used for receiving an access request for network application sent by a client, and carrying out traffic analysis on the access request through a prediction model to obtain a traffic predicted value at a target moment; The protection management node is configured to detect a potential attack behavior existing in the access request, and adjust a source protection policy based on an attack type, an attack frequency and an attack severity of the potential attack behavior, so as to obtain a target protection policy. In a second aspect, an embodiment of the present application further provides a network application protection method, where the method includes: Receiving an access request for a network application sent by a client; the flow analysis is carried out on the access request through a prediction model to obtain a flow prediction value at a target moment; and detecting potential attack behaviors in the access request, and adjusting a source protection strategy based on the attack type, the attack frequency and the attack severity of the potential attack behaviors to obtain a target protection strategy. In a third aspect, an embodiment of the present application further provides a storage medium, where a computer program is stored, where the computer program implements the steps of the network application protection method according to the embodiment of the present application when the computer program is executed by a processor. In a fourth aspect, embodiments of the present application further provide a computer program product comprising a computer program which, when executed by a processor, implements the steps of the network application protection method according to the embodiments of the present application. The network application protection system, method, storage medium and computer program product provided by the embodiment of the application comprise a traffic scheduler and protection management nodes, wherein the protection management nodes comprise one or more protection nodes, the traffic scheduler is used for receiving an access request for network application sent by a client, carrying out traffic analysis on the access request through a prediction model to obtain a traffic prediction value at a target moment, distributing the traffic prediction value to different protection nodes, and the protection management nodes are used for detecting potential attack behaviors in the access request, and adjusting a source protection strategy based on attack types, attack frequencies and attack severity of the potential attack behaviors to obtain a target protection strategy. By adopting the technical scheme of the embodiment of the application, the flow dispatcher analyzes the flow of the access request through the prediction model to obtain the flow prediction value at the target moment, dynamically distributes the flow prediction value to different protection nodes, realizes the fine dispatching of the flow, avoids the performance bottleneck problem caused by overload of a single node, and dynamically adjusts the protection strategy by comprehensively considering the attack type, the attack frequency a