A data processing method, device, system and storage medium

By selecting target nodes from multiple high-defense nodes for data traffic cleaning and filtering, a distributed high-defense center is constructed, which solves the network congestion and failure risks caused by a single high-defense node, realizes the flexibility and real-time performance of high-defense services, and ensures the stability and reliability of services.

CN118827096BActive Publication Date: 2026-06-26CHINA MOBILE COMM GRP CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
CHINA MOBILE COMM GRP CO LTD
Filing Date
2023-10-30
Publication Date
2026-06-26

Smart Images

  • Figure CN118827096B_ABST
    Figure CN118827096B_ABST
Patent Text Reader

Abstract

The application discloses a data processing method, which comprises the following steps: if receiving to-be-cleaned data flow sent by a client node, selecting a preset number of nodes from m candidate high-defense nodes currently in a first state to obtain target high-defense nodes; wherein m is an integer greater than or equal to 1, and the preset number is an integer greater than or equal to 1 and less than or equal to m; and sending the to-be-cleaned data flow to the target high-defense nodes; wherein the to-be-cleaned data flow is filtered by the target high-defense nodes, and then is forwarded to a destination node through a back-to-source forwarding node. The application also discloses a data processing device, a system and a storage medium.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of Internet application technology, and in particular to a data processing method, device, system and storage medium. Background Technology

[0002] As the internet environment becomes increasingly complex and diverse, internet businesses face significant risks and challenges, leading more and more enterprises and organizations to impose stricter security requirements on their operations. Distributed denial-of-service (DDoS) attacks primarily operate at the network layer. They involve numerous "zombie hosts" (hosts that have been compromised or can be indirectly exploited) sending large amounts of network data packets to a victim host, causing network congestion or server resource exhaustion, ultimately resulting in the victim host refusing service. Another common attack method is World Wide Web (WEB) application attacks, which primarily operate at the application layer and involve exploiting web security vulnerabilities. These attacks can disrupt the normal operation of various critical internet-based systems, causing significant interference with customers' normal business operations. Thus, DDoS attack proxy protection services have emerged. Customers can redirect public network traffic from their origin server to a high-defense node by means of direct Internet Protocol (IP) connections. Malicious attack traffic, such as DDoS attacks, application layer (Challenge Collapsar, CC) attacks, and web application attacks, is cleaned within the high-defense node. The cleaned normal traffic is then forwarded to the origin server through pre-configured port protocol forwarding rules.

[0003] However, current DDoS attack proxy protection services rely on only one high-defense node. In practice, as user business grows, a single high-defense node will pose a risk of network congestion. Furthermore, the application lacks flexibility and real-time performance, and service delays occur when a single high-defense node fails.

[0004] Application content

[0005] To address the aforementioned technical issues, this application aims to provide a data processing method, device, system, and storage medium that solves the problem that a single high-defense node cannot provide effective protection. It proposes a high-defense service that can provide flexible and real-time high-defense services based on changes in business volume, and reduces the possibility of service unavailability due to high-defense node failure, thus ensuring service timeliness.

[0006] The technical solution of this application is implemented as follows:

[0007] In a first aspect, a data processing method, the method comprising:

[0008] If a client node sends a data traffic to be cleaned, select a preset number of nodes from the m candidate high-defense nodes currently in the first state to obtain the target high-defense node; where m is an integer greater than or equal to 1, and the preset number is an integer greater than or equal to 1 and less than or equal to m.

[0009] The data traffic to be cleaned is sent to the target high-defense node; wherein, the data traffic to be cleaned is filtered and cleaned by the target high-defense node and then forwarded to the destination node through the origin forwarding node.

[0010] Optionally, if data traffic to be cleaned is received from a client node, a preset number of high-defense nodes are selected from the m candidate high-defense nodes currently in the first state to obtain the target high-defense node, including:

[0011] If the data traffic to be cleaned is received, determine the working status of the p preset high-defense nodes under management; where p is an integer greater than or equal to 2 and greater than or equal to m;

[0012] From p preset high-defense nodes, select the high-defense node whose working state is the first state to obtain m candidate high-defense nodes;

[0013] Determine the evaluation weight coefficient for each of the candidate high-defense nodes to obtain m evaluation weight coefficients;

[0014] Based on the m evaluation weight coefficients, a preset number of high-defense nodes are determined from the m candidate high-defense nodes to obtain the target high-defense node.

[0015] Optionally, before selecting a preset number of high-defense nodes from the m candidate high-defense nodes currently in the first state to obtain the target high-defense node after receiving the data traffic to be cleaned sent by the client node, the method further includes:

[0016] The working status of p preset high-defense nodes under monitoring and management is obtained to obtain the monitoring results; where p is an integer greater than or equal to 2 and greater than or equal to m.

[0017] The q preset high-defense nodes whose working status switched from the second state to the first state in the monitoring results are identified as q candidate high-defense nodes; where q is an integer greater than or equal to 0 and less than or equal to p;

[0018] Determine the evaluation weight coefficient for each candidate high-defense node to obtain q evaluation weight coefficients; where q is an integer greater than or equal to 1 and less than or equal to p.

[0019] Optionally, determining the evaluation weight coefficient for each candidate high-defense node includes:

[0020] Determine the utilization rate of each candidate high-defense node;

[0021] The product of each usage rate and a first preset coefficient is determined to obtain the first product;

[0022] The product of the state weight coefficient and the second preset coefficient for each candidate high-defense node is determined to obtain the second product;

[0023] The sum of the first product and the second product of each candidate high-defense node is determined to obtain the evaluation weight coefficient of each candidate high-defense node.

[0024] Optionally, if data traffic to be cleaned is received from a client node, a preset number of high-defense nodes are selected from the m candidate high-defense nodes currently in the first state to obtain the target high-defense node, including:

[0025] If the data traffic to be cleaned is received, determine the evaluation weight coefficients of the m candidate high-defense nodes currently in the first state; where m is greater than or equal to q;

[0026] Based on the m evaluation weight coefficients, a preset number of high-defense nodes are determined from the m candidate high-defense nodes to obtain the target high-defense node.

[0027] Optionally, the method further includes:

[0028] The preset quantity is determined based on the data flow to be cleaned.

[0029] Optionally, the candidate high-defense nodes include: distributed denial-of-service attack cleaning equipment and application layer attack protection equipment, or distributed denial-of-service attack cleaning equipment, application layer attack protection equipment and cloud website application-level intrusion prevention system protection equipment.

[0030] In a second aspect, a data processing device, the device comprising at least: a memory, a processor, and a communication bus; wherein:

[0031] The memory is used to store executable instructions;

[0032] The communication bus is used to realize the communication connection between the processor and the memory;

[0033] The processor is configured to execute a data processing program stored in the memory to implement the steps of the data processing method as described in any of the preceding claims.

[0034] Thirdly, a data processing system, the system comprising at least: a data processing node, p preset high-defense nodes, and at least one origin-following forwarding node; wherein:

[0035] The data processing node is used to implement the steps of the data processing method as described in any of the above claims.

[0036] The preset high-defense node is used to perform traffic cleaning and filtering on the received data traffic to be cleaned;

[0037] The origin forwarding node is used to forward the data traffic cleaned by the preset high-defense node back to the destination node.

[0038] Fourthly, a storage medium storing a data processing program, which, when executed by a processor, implements the steps of the data processing method as described in any of the preceding claims.

[0039] This application provides a data processing method, device, system, and storage medium. If a client node sends data traffic to be cleaned, a preset number of nodes are selected from m candidate high-defense nodes currently in a first state to obtain target high-defense nodes, and the data traffic to be cleaned is sent to the target high-defense nodes. In this way, by using a data processing device to select a preset number of nodes from the m candidate nodes currently in the first state to obtain target high-defense nodes, and by using the determined preset number of nodes to perform traffic cleaning and filtering on the data traffic to be cleaned, the problem of a single high-defense node not being able to provide effective protection is solved. This proposes a high-defense service that can provide flexible and real-time high-defense services according to changes in business volume, and reduces the possibility of service unavailability due to high-defense node failure, ensuring service timeliness. Attached Figure Description

[0040] Figure 1 Flowchart of the data processing method provided in the embodiments of this application Figure 1 ;

[0041] Figure 2 Flowchart of the data processing method provided in the embodiments of this application Figure 2 ;

[0042] Figure 3 Flowchart of the data processing method provided in the embodiments of this application Figure 3 ;

[0043] Figure 4 This is a schematic diagram of an application scenario provided by an embodiment of this application;

[0044] Figure 5 This is a schematic diagram of a high-defense node provided in an embodiment of this application;

[0045] Figure 6 This application provides a schematic diagram of the application flow of a data processing method according to an embodiment of the present application.

[0046] Figure 7 This is a schematic diagram of the data flow of a data processing method provided in an embodiment of this application;

[0047] Figure 8 This is a schematic diagram of a data processing device structure provided in an embodiment of this application;

[0048] Figure 9 This is a schematic diagram of a data processing system structure provided in an embodiment of this application. Detailed Implementation

[0049] The technical solutions in the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings.

[0050] The embodiments of this application provide a data processing method, referring to... Figure 1 As shown, this method is applied to a data processing node, and the method includes the following steps:

[0051] Step 101: If the client node sends the data traffic to be cleaned, select a preset number of nodes from the m candidate high-defense nodes currently in the first state to obtain the target high-defense node.

[0052] Where m is an integer greater than or equal to 1, and the preset quantity is an integer greater than or equal to 1 and less than or equal to m.

[0053] In this embodiment, the data processing node runs within a data processing device and can be a routing node with routing capabilities, such as a routing device or a virtual routing node. The first state indicates that the high-defense node can immediately process the data traffic to be cleaned; for example, it can represent an idle state. The preset number can be an empirical value obtained from numerous experiments, or it can be a number determined based on actual needs to effectively guarantee the cleaning efficiency of the data traffic to be cleaned. After the client node sends the generated data traffic to be cleaned to the data processing node, the data processing node, according to its internally set strategy, determines a preset number of high-defense nodes from the m candidate high-defense nodes currently in the first state as target high-defense nodes.

[0054] Step 102: Send the data traffic to be cleaned to the target high-defense node.

[0055] The data traffic to be cleaned is filtered and cleaned by the target high-defense node, and then forwarded to the destination node through the origin forwarding node.

[0056] In this embodiment, after the data processing node determines the target high-defense node, it sends the data traffic to be cleaned to the target high-defense node. This allows the target high-defense node to perform traffic cleaning and filtering operations on the data traffic, filtering out insecure and malicious traffic data and reducing the risk of the target node being attacked. Furthermore, since the target high-defense node is determined from multiple high-defense nodes, it ensures that even if one or more high-defense nodes fail, other high-defense nodes can still provide traffic cleaning services at any time, guaranteeing the effectiveness of the high-defense service.

[0057] This application provides a data processing method in which, upon receiving data traffic to be cleaned from a client node, a preset number of nodes are selected from m candidate high-defense nodes currently in a first state to obtain target high-defense nodes, and the data traffic to be cleaned is sent to the target high-defense nodes. In this way, by using a data processing device to select a preset number of nodes from the m candidate nodes currently in the first state to obtain target high-defense nodes, and then using these predetermined preset number of nodes to perform traffic cleaning and filtering on the data traffic to be cleaned, the method solves the problem that a single high-defense node cannot provide effective protection. It proposes a high-defense service that can provide flexible and real-time high-defense services according to changes in business volume, and reduces the possibility of service unavailability due to high-defense node failure, ensuring service timeliness.

[0058] Based on the foregoing embodiments, embodiments of this application provide a data processing method, referring to... Figure 2 As shown, this method is applied to a data processing node, and the method includes the following steps:

[0059] Step 201: If the data traffic to be cleaned is received, determine the working status of the p preset high-defense nodes under management.

[0060] Where p is an integer greater than or equal to 2 and greater than or equal to m, m is an integer greater than or equal to 1, and the preset quantity is an integer greater than or equal to 1 and less than or equal to m.

[0061] In this embodiment, taking the routing device node as an example, when the routing device node receives the data traffic to be cleaned sent by the client device, the routing device node detects the working status of all p preset high-defense nodes under its management to obtain the working status of the p preset high-defense nodes. p is at least an integer greater than or equal to 2.

[0062] Step 202: Select high-defense nodes with the first working state from p preset high-defense nodes to obtain m candidate high-defense nodes.

[0063] In this embodiment of the application, after determining the working status of p preset high-defense nodes, the high-defense nodes whose working status is the first state, i.e., the current processing idle state, are selected from the p preset high-defense nodes to obtain m candidate high-defense nodes.

[0064] Step 203: Determine the evaluation weight coefficient for each candidate high-defense node, and obtain m evaluation weight coefficients.

[0065] In this embodiment, the evaluation weight coefficient of each candidate high-defense node is used to evaluate the performance of each candidate high-defense node, that is, the current cleaning capability of each candidate high-defense node in cleaning data traffic, such as cleaning rate and cleaning reliability. The current characteristics of each candidate high-defense node are quantitatively analyzed to determine the evaluation weight coefficient of each candidate high-defense node, thus obtaining m evaluation weight coefficients.

[0066] Step 204: Based on m evaluation weight coefficients, determine a preset number of high-defense nodes from the m candidate high-defense nodes to obtain the target high-defense node.

[0067] In this embodiment, m evaluation weight coefficients are compared and analyzed. Based on the results of the comparison and analysis of the m evaluation weight coefficients, a preset number of high-defense nodes are selected from the m candidate high-defense nodes as target high-defense nodes. Specifically, when selecting target high-defense nodes based on the comparison and analysis results of the m evaluation weight coefficients, the m candidate high-defense nodes are sorted in descending or ascending order of their evaluation weight coefficients to obtain a sorting result. If the larger the evaluation weight coefficient, the better the data cleaning performance of the high-defense node, then the preset number of high-defense nodes with the largest evaluation weight coefficients can be selected as target high-defense nodes from the sorting result. Conversely, if the smaller the evaluation weight coefficient, the better the data cleaning performance of the high-defense node, then the preset number of high-defense nodes with the smallest evaluation weight coefficients can be selected as target high-defense nodes from the sorting result.

[0068] Step 205: Send the data traffic to be cleaned to the target high-defense node.

[0069] The data traffic to be cleaned is filtered and cleaned by the target high-defense node, and then forwarded to the destination node through the origin forwarding node.

[0070] In this embodiment, the routing device node sends the data traffic to be cleaned to the determined target high-defense node. When the number of nodes included in the determined target high-defense node exceeds one, the data traffic to be cleaned can be evenly divided according to the number of nodes included in the target high-defense node and then distributed to each of the high-defense nodes included in the target high-defense node. Alternatively, the data traffic to be cleaned can be divided according to parameters such as the operating performance and processing efficiency of each of the high-defense nodes included in the target high-defense node, and then a corresponding number of divided data traffic to be cleaned can be sent to each high-defense node.

[0071] Based on the foregoing embodiments, in other embodiments of this application, the step 203 of "determining the evaluation weight coefficient of each candidate high-defense node" can be implemented by steps 203a to 203d:

[0072] Step 203a: Determine the usage rate of each candidate high-defense node.

[0073] In this embodiment, the utilization rate of each candidate high-defense node can refer to the probability that each candidate high-defense node is selected to perform data traffic cleaning on data traffic during its historical usage. For example, if a total of 'a' data traffic cleanings were performed on received data traffic over a period of time, and 'b' of those cleanings were performed using a candidate high-defense node, then the utilization rate of that candidate high-defense node can be recorded as b / a.

[0074] Step 203b: Determine the product of each utilization rate and the first preset coefficient to obtain the first product.

[0075] In this embodiment, the first preset coefficient is an empirical value obtained from a large number of experiments, or it can be an empirical value determined by the user based on their own usage habits. The specific value can be determined by the actual situation and is not specifically limited here. The first product can be calculated using the formula "First Product = Usage Rate * First Preset Coefficient".

[0076] Step 203c: Determine the product of the state weight coefficient and the second preset coefficient for each candidate high-defense node to obtain the second product.

[0077] In this embodiment of the application, the state weight coefficient of each candidate high-defense node is determined according to the working state of each candidate high-defense node. For example, when the evaluation weight coefficient is larger, if the working state of the high-defense node is the second state, such as the busy state, the state weight coefficient can be 0. If the working state of the high-defense node is the first state, such as the idle state, the state weight coefficient can be 1.

[0078] Step 203d: Determine the sum of the first and second products of each candidate high-defense node to obtain the evaluation weight coefficient of each candidate high-defense node.

[0079] In this embodiment of the application, for example, the evaluation weight coefficient of the i-th candidate high-defense node can be denoted as ci = xi1 + xi2, where xi1 is the first product corresponding to the i-th candidate high-defense node and xi2 is the second product corresponding to the i-th candidate high-defense node.

[0080] Based on the foregoing embodiments, in other embodiments of this application, before the data processing node performs step 201, it is further configured to perform the following step 206:

[0081] Step 206: Determine the preset quantity based on the data flow to be cleaned.

[0082] In this embodiment, the data processing node can also analyze the data traffic to be cleaned to determine the number of nodes included in the target high-defense nodes that need to be identified. In this way, the number of target high-defense nodes to be called can be determined according to the size of the data traffic to be cleaned, which can quickly clean the data traffic to be cleaned, effectively shorten the cleaning time of the data traffic to be cleaned, and ensure the working efficiency of the data traffic to be cleaned.

[0083] Based on the foregoing embodiments, in other embodiments of this application, candidate high-defense nodes include: distributed denial-of-service attack cleaning equipment and application layer attack protection equipment, or distributed denial-of-service attack cleaning equipment, application layer attack protection equipment and cloud website application-level intrusion prevention system protection equipment.

[0084] In this embodiment, the candidate high-defense node can be composed of a distributed denial-of-service (DDoS) attack mitigation device and an application-layer (Challenge Collapsar, CC) attack protection device connected in series, or it can be composed of a DDoS mitigation device, a CC attack protection device, and a cloud application-level intrusion prevention system (WAF) connected in series. In some application scenarios, each candidate high-defense node may also include an origin-back forwarding node. In some application scenarios, p preset high-defense nodes may use one origin-back forwarding node, or multiple origin-back forwarding nodes, depending on the actual situation.

[0085] It should be noted that the descriptions of the same steps and contents as in other embodiments in this embodiment can be found in the descriptions in other embodiments, and will not be repeated here.

[0086] This application provides a data processing method in which, upon receiving data traffic to be cleaned from a client node, a preset number of nodes are selected from m candidate high-defense nodes currently in a first state to obtain target high-defense nodes, and the data traffic to be cleaned is sent to the target high-defense nodes. In this way, by using a data processing device to select a preset number of nodes from the m candidate nodes currently in the first state to obtain target high-defense nodes, and then using these predetermined preset number of nodes to perform traffic cleaning and filtering on the data traffic to be cleaned, the method solves the problem that a single high-defense node cannot provide effective protection. It proposes a high-defense service that can provide flexible and real-time high-defense services according to changes in business volume, and reduces the possibility of service unavailability due to high-defense node failure, ensuring service timeliness.

[0087] Based on the foregoing embodiments, embodiments of this application provide a data processing method, referring to... Figure 3 As shown, this method is applied to a data processing node, and the method includes the following steps:

[0088] Step 301: Monitor the working status of the p preset high-defense nodes under management and obtain the monitoring results.

[0089] Where p is an integer greater than or equal to 2 and greater than or equal to m.

[0090] In this embodiment, the data processing node monitors the working status of all preset high-defense nodes under its management in real time.

[0091] Step 302: Determine q preset high-defense nodes whose working status has switched from the second state to the first state in the monitoring results as q candidate high-defense nodes.

[0092] Where q is an integer greater than or equal to 0 and less than or equal to p.

[0093] In this embodiment, when q preset high-defense nodes are detected whose working state has changed (i.e., their working state has switched from the second state to the first state), these q preset high-defense nodes with changed working states are identified as q candidate high-defense nodes for subsequent data traffic cleaning and filtering. The second state can be any state other than the idle state, such as a busy state or a fault state.

[0094] Step 303: Determine the evaluation weight coefficient for each candidate high-defense node, and obtain q evaluation weight coefficients.

[0095] Where q is an integer greater than or equal to 1 and less than or equal to p.

[0096] In this embodiment, q characteristic parameters of candidate high-defense nodes are determined. These characteristic parameters can be performance parameters of the candidate high-defense nodes. Based on the characteristic parameters of the q candidate high-defense nodes, an evaluation weight coefficient for each candidate high-defense node is calculated, resulting in q evaluation weight coefficients. Thus, when the working state of each candidate high-defense node switches to the first state, the evaluation weight coefficient for each candidate high-defense node is determined, facilitating the subsequent direct and rapid selection of target high-defense nodes for data traffic cleaning and filtering, thereby improving selection efficiency.

[0097] Step 304: If the client node sends the data traffic to be cleaned, select a preset number of nodes from the m candidate high-defense nodes currently in the first state to obtain the target high-defense node.

[0098] Where m is an integer greater than or equal to 1, and the preset quantity is an integer greater than or equal to 1 and less than or equal to m.

[0099] In this embodiment, the m candidate high-defense nodes include at least the q candidate high-defense nodes determined in step 303. That is, in addition to the q candidate high-defense nodes determined in step 303, the m candidate high-defense nodes also include the previously determined candidate high-defense nodes. Thus, based on the evaluation weight coefficients of the m candidate nodes, a preset number of nodes are selected from the m candidate high-defense nodes currently in the first state to obtain the target high-defense node.

[0100] Step 305: Send the data traffic to be cleaned to the target high-defense node.

[0101] The data traffic to be cleaned is filtered and cleaned by the target high-defense node, and then forwarded to the destination node through the origin forwarding node.

[0102] Based on the foregoing embodiments, in other embodiments of this application, the step 303 of "determining the evaluation weight coefficient of each candidate high-defense node" can be implemented by steps 303a to 303d:

[0103] Step 303a: Determine the usage rate of each candidate high-defense node.

[0104] Step 303b: Determine the product of each utilization rate and the first preset coefficient to obtain the first product.

[0105] Step 303c: Determine the product of the state weight coefficient and the second preset coefficient for each candidate high-defense node to obtain the second product.

[0106] Step 303d: Determine the sum of the first and second products of each candidate high-defense node to obtain the evaluation weight coefficient of each candidate high-defense node.

[0107] Based on the foregoing embodiments, in other embodiments of this application, step 304 can be implemented by steps 304a to 304b:

[0108] Step 304a: If the data traffic to be cleaned is received, determine the evaluation weight coefficients of the m candidate high-defense nodes currently in the first state.

[0109] Where m is greater than or equal to q.

[0110] Step 304b: Based on m evaluation weight coefficients, determine a preset number of high-defense nodes from the m candidate high-defense nodes to obtain the target high-defense node.

[0111] Based on the foregoing embodiments, in other embodiments of this application, before the data processing node performs step 304, it is further configured to perform the following step 306:

[0112] Step 306: Determine the preset quantity based on the data flow to be cleaned.

[0113] Based on the foregoing embodiments, in other embodiments of this application, candidate high-defense nodes include: distributed denial-of-service attack cleaning equipment and application layer attack protection equipment, or distributed denial-of-service attack cleaning equipment, application layer attack protection equipment and cloud website application-level intrusion prevention system protection equipment.

[0114] Based on the foregoing embodiments, this application provides a data processing method that realizes the distributed high-defense system with adaptive traffic redirection based on node status. Specifically, it constructs a distributed high-defense center by designing and deploying multiple high-defense nodes on the backbone network plane. In actual business operations, the status of each node in the distributed high-defense center changes dynamically. Therefore, by employing an adaptive traffic redirection algorithm based on the high-defense node status, the optimal routing strategy can be determined by combining anycast technology in the Border Gateway Protocol (BGP). This distributes received customer traffic to the optimal high-defense nodes, achieving intelligent traffic scheduling. Within the corresponding high-defense nodes, traffic cleaning and processing are completed, ultimately returning clean traffic to the origin server.

[0115] During implementation, based on the principle of geographical balance, high-defense nodes can be deployed at core locations in different business regions at the backbone network level to design and construct a distributed high-defense center. When dealing with Internet Protocol (IP) users who require high-defense services, the customer's IP address can be published to all nodes in the high-defense center, thus allocating the customer's IP address to all node interfaces for subsequent traffic diversion and routing.

[0116] Based on the above, this application provides an application scenario diagram of a data processing method, referring to... Figure 4 As shown, it includes client device A, routing device B, high-defense center C, and origin server D. High-defense center C includes high-defense node 1, high-defense node 2, ..., high-defense node N. A structure of one type of high-defense node can be referenced. Figure 5 As shown, this includes DDoS mitigation equipment, CC protection equipment, cloud WAF protection equipment, and origin forwarding equipment. It should be noted that cloud WAF protection equipment is not required for every high-defense node. The origin server corresponds to the aforementioned destination node, and the routing equipment corresponds to the aforementioned data processing equipment.

[0117] based on Figure 4 The application scenario shown provides an implementation process for a data processing method that can be referenced. Figure 6 As shown, the following steps are included to achieve this:

[0118] Step a11: The client device generates service traffic and sends it to the routing device via the Internet.

[0119] Step a12: The routing device determines the target high-defense node.

[0120] To ensure the stability and reliability of route allocation, the node state adaptive routing algorithm, based on the path selection principles of BGP anycast technology, primarily operates on Autonomous System (AS) paths within the BGP public VIP attributes. During path selection, the length of the AS-PATH is evaluated, and the shortest path in the list is selected first.

[0121] When the routing device determines the target high-defense node, let the high-defense center be O, and let N high-defense nodes be deployed in total, then O = {o i |i∈[1,N]}. For example, based on the principle of geographical distribution, to achieve nationwide coverage of core network traffic nodes, five cities can be selected as high-defense node centers. When determining target high-defense nodes, firstly, based on different actual task requirements, a corresponding adaptive update strategy for node status is formulated, i.e., the triggering conditions for automatic node status updates, which typically include node utilization rate, node operating status, etc. When node o i When the state changes and satisfies the state update policy, policy-based routing is used, targeting node o. i Create a weighted update routing policy to update the PATH information of this node in the AS-PATH list and adjust the node's PATH. i The AS-path value weight of the corresponding interface route is used to change the path selection priority of the node, thereby completing the state update and weight adjustment of the node. The specific implementation process is as follows:

[0122] Determine the adaptive update strategy for node status, and denote the update strategy value of the node as E. Taking the node's running status (denoted as C) and node utilization (denoted as U) as examples, determine the node o i running status c i Where, when the node is in normal operating condition, let c be... i =0, when the node's operating state is abnormal, such as node disconnection or congestion, record c as 0. i =1; correspondingly, node o is determined. i The utilization rate is u i Then node o i Update strategy value E i It can be represented as: E i =100×c i +50×u i Thus, the state update strategy value E of each node can be calculated. i This refers to the weight of the interface route corresponding to each node. Adding this weight value to the AS-path in the BGP path attribute table changes the path selection priority of that node, enabling state updates and weight adjustments. The corresponding process can be found in [reference needed]. Figure 7 As shown, Figure 7 Solid arrows indicate the direction of business data flow, while dashed arrows indicate the direction of data flow when determining the weight of each node.

[0123] The code for implementing the above algorithm can be shown below:

[0124] Algorithm: Implementation steps of BGP-node state adaptive traffic redirection algorithm

[0125] Input: The node o whose state needs to be updated i Information, Path Attributes (AS-PATH) Table

[0126] Get node o i PATH information;

[0127] route-policy defines the routing policy for the node OI;

[0128] apply node o i The original as-path attribute;

[0129] additive node o i Path weight adjustment;

[0130] peer route-policy as export executes AS towards the upstream router;

[0131] The update command applies the updated configuration settings.

[0132] Output: Path attribute (AS-PATH) table after weight update and adjustment

[0133] For example, such as Figure 8 As shown, the high-defense center is equipped with 5 high-defense nodes: node 1, node 2, node 3, node 4, and node 5. When the working status of node 1 is detected as busy and the working status of node 4 is detected as abnormal, the weight coefficients of node 2, node 3, and node 5 are calculated respectively. By comparing the size relationship between the weight coefficients of node 2, node 3, and node 5, it can be determined that the weight coefficient of node 3 is optimal. At this time, node 3 can be identified as the target high-defense node.

[0134] Step a13: The routing device redirects service traffic to the target high-defense node.

[0135] Among them, based on such Figure 5 The high-defense node shown utilizes near-source DDoS cleaning devices deployed on the backbone network to clean up large-scale DDoS attacks. It adopts a serial deployment method, and after the near-source DDoS cleaning devices clean up the traffic, CC attack protection devices are used to protect against CC attacks, and unencrypted Layer 4 and Layer 7 CC attacks are cleaned and filtered.

[0136] Key features in the process of protecting against CC attacks include:

[0137] 1. Supports challenge verification via application proxy module (SYN-Proxy), which can effectively ensure that Transmission Control Protocol (TCP) half-open attack does not directly penetrate down to subsequent WAF and forwarding modules;

[0138] 2. The SYN-Proxy implementation process involves the client first establishing a connection with the CC protection device, which then establishes a connection with the origin server, and data transmission occurs between these two connections. In a half-open connection attack with a forged origin, the attacker cannot establish a connection with the CC protection device, so all attack data is intercepted by the CC protection device and does not reach the origin server, thus achieving the protection purpose.

[0139] 3. Supports configuration of attack characteristics targeting TCP / UDP protocols, packet headers, and packet content, and makes real-time judgments, adding illegal source IPs to a dynamic blacklist;

[0140] 4. Supports configuration based on the characteristics of the session's returned content, and real-time judgment, adding illegal source IPs to a dynamic blacklist;

[0141] 5. Supports dynamic blacklist and whitelist management at the level of millions.

[0142] The system dynamically determines the business type. When the business type is web-based, it implements WAF protection, filtering and cleaning web layer 7 CC attacks and application attacks, and caching and accelerating web static resources. Key features of this process include:

[0143] 1. Implement reverse verification against web CC attackers, such as slider verification, CAPTCHA verification, etc.

[0144] 2. Detect CC attacks based on URLs and dynamically block attacks from their sources;

[0145] 3. Effectively intercept web application attacks;

[0146] 4. Cache static resources for the web and accelerate access.

[0147] Step a14: The target high-defense node will trace back the cleaned business traffic to the origin server.

[0148] Among them, the back-to-origin forwarding device set in the target high-defense node forwards the cleaned traffic to the origin station according to the configured port forwarding rules.

[0149] In this way, when the status of a node in the high-defense center changes, such as being in use or malfunctioning, the status adaptation strategy is updated in real time. Based on the status adaptation strategy information, the node path weights in the BGP path attribute table are updated and adjusted synchronously. This reduces the allocation weight of nodes with abnormal status (high utilization, abnormal operation, etc.) and increases the selection weight of idle nodes during the path selection process, thereby achieving intelligent traffic scheduling and improving security protection efficiency. Furthermore, the high-defense center is implemented through a distributed deployment of high-defense nodes, which can effectively divert traffic, reduce traffic from the backbone to Internet Data Centers (IDCs) or metropolitan area networks, has backups, high reliability, and facilitates the routing of user access traffic to the nearest high-defense node, reducing access latency, reducing network congestion risks, and reducing operator bandwidth and other operating costs. Moreover, by designing and deploying the high-defense center on the backbone network plane, it can achieve long-term business traffic diversion and protection activation within seconds, effectively protecting clients from all attacks received from the network side.

[0150] It should be noted that the descriptions of the same steps and contents as in other embodiments in this embodiment can be found in the descriptions in other embodiments, and will not be repeated here.

[0151] This application provides a data processing method in which, upon receiving data traffic to be cleaned from a client node, a preset number of nodes are selected from m candidate high-defense nodes currently in a first state to obtain target high-defense nodes, and the data traffic to be cleaned is sent to the target high-defense nodes. In this way, by using a data processing device to select a preset number of nodes from the m candidate nodes currently in the first state to obtain target high-defense nodes, and then using these predetermined preset number of nodes to perform traffic cleaning and filtering on the data traffic to be cleaned, the method solves the problem that a single high-defense node cannot provide effective protection. It proposes a high-defense service that can provide flexible and real-time high-defense services according to changes in business volume, and reduces the possibility of service unavailability due to high-defense node failure, ensuring service timeliness.

[0152] Based on the foregoing embodiments, embodiments of this application provide a data processing device that can be applied to... Figures 1-3 In the data processing method provided in the corresponding embodiment, refer to Figure 8 As shown, the data processing device 3 may include: a processor 31, a memory 32, and a communication bus 33, wherein:

[0153] Memory 32 is used to store executable instructions;

[0154] Communication bus 33 is used to realize the communication connection between processor 31 and memory 32;

[0155] Processor 31 is used to execute the data processing program stored in memory 32 to perform the following steps:

[0156] If a client node sends a data traffic to be cleaned, select a preset number of nodes from the m candidate high-defense nodes currently in the first state to obtain the target high-defense node; where m is an integer greater than or equal to 1, and the preset number is an integer greater than or equal to 1 and less than or equal to m.

[0157] Send the data traffic to be cleaned to the target high-defense node; the data traffic to be cleaned is cleaned and filtered by the target high-defense node and then forwarded to the destination node through the origin forwarding node.

[0158] In other embodiments of this application, when the processor receives the data traffic to be cleaned sent by the client node, and selects a preset number of high-defense nodes from the m candidate high-defense nodes currently in the first state to obtain the target high-defense node, the following steps can be taken:

[0159] If data traffic to be cleaned is received, determine the working status of the p preset high-defense nodes under management; where p is an integer greater than or equal to 2 and greater than or equal to m.

[0160] From p preset high-defense nodes, select the high-defense nodes with the first working state to obtain m candidate high-defense nodes;

[0161] Determine the evaluation weight coefficient for each candidate high-defense node to obtain m evaluation weight coefficients;

[0162] Based on m evaluation weight coefficients, a preset number of high-defense nodes are determined from m candidate high-defense nodes to obtain the target high-defense node.

[0163] In other embodiments of this application, before the processor executes the step of receiving the data traffic to be cleaned sent by the client node, and selecting a preset number of high-defense nodes from the m candidate high-defense nodes currently in the first state to obtain the target high-defense node, it is further configured to execute the following steps:

[0164] The working status of p preset high-defense nodes under monitoring and management is obtained to obtain the monitoring results; where p is an integer greater than or equal to 2 and greater than or equal to m.

[0165] The q preset high-defense nodes whose working status changes from the second state to the first state in the monitoring results are identified as q candidate high-defense nodes; where q is an integer greater than or equal to 0 and less than or equal to p.

[0166] Determine the evaluation weight coefficient for each candidate high-defense node to obtain q evaluation weight coefficients; where q is an integer greater than or equal to 1 and less than or equal to p.

[0167] In other embodiments of this application, when the processor performs the step of determining the evaluation weight coefficient of each candidate high-defense node, it can be achieved through the following steps:

[0168] Determine the utilization rate of each candidate high-defense node;

[0169] Determine the product of each utilization rate and the first preset coefficient to obtain the first product;

[0170] The product of the state weight coefficient and the second preset coefficient for each candidate high-defense node is determined to obtain the second product;

[0171] The sum of the first and second products of each candidate high-defense node is determined to obtain the evaluation weight coefficient of each candidate high-defense node.

[0172] In other embodiments of this application, when the processor receives the data traffic to be cleaned sent by the client node, and selects a preset number of high-defense nodes from the m candidate high-defense nodes currently in the first state to obtain the target high-defense node, the following steps can be taken:

[0173] If data traffic to be cleaned is received, determine the evaluation weight coefficients of the m candidate high-defense nodes currently in the first state; where m is greater than or equal to q.

[0174] Based on m evaluation weight coefficients, a preset number of high-defense nodes are determined from m candidate high-defense nodes to obtain the target high-defense node.

[0175] In other embodiments of this application, the processor is also configured to perform the following steps:

[0176] Determine the preset quantity based on the data flow to be cleaned.

[0177] In other embodiments of this application, candidate high-defense nodes include: distributed denial-of-service attack cleaning equipment and application layer attack protection equipment, or distributed denial-of-service attack cleaning equipment, application layer attack protection equipment and cloud website application-level intrusion prevention system protection equipment.

[0178] It should be noted that the specific implementation process of the steps performed by the data processing node in this embodiment can be referred to Figures 1-3 The implementation process of the data processing method provided in the corresponding embodiments will not be described in detail here.

[0179] This application provides a data processing node that, upon receiving a cloud removal instruction for a target service, determines the cloud design file of the target service on the cloud platform's service network and the target network configuration file in the resource pool. It then parses these files to obtain reference network parameters and reference configuration information. Next, it matches these parameters and information to obtain the target configuration information that needs to be removed. Finally, it responds to the cloud removal instruction and executes the cloud removal operation based on the target configuration information. This approach, by proactively matching the reference network parameters in the target service's cloud design file with the reference configuration information in the target network configuration file, and determining the target configuration information to be removed before executing the cloud removal operation, solves the problem of manual network configuration by operations personnel in current large Layer 2 network architectures, which can easily lead to wasted network resources due to residual network configurations. This method proposes an automated approach to service network cloud removal, avoiding residual network configurations and significantly improving the overall efficiency of service cloud removal.

[0180] Based on the foregoing embodiments, embodiments of this application provide a data processing system that can be applied to... Figures 1-3 In the data processing method provided in the corresponding embodiment, refer to Figure 9 As shown, the data processing system includes at least: a data processing node 41, p preset high-defense nodes 42, and at least one origin-to-origin forwarding node 43; wherein:

[0181] The data processing node 41 is used to implement Figures 1-3 The corresponding data processing method steps;

[0182] The preset high-defense node 42 is used to perform traffic cleaning and filtering on the received data traffic to be cleaned.

[0183] The origin forwarding node 43 is used to forward the data traffic cleaned by the preset high-defense node back to the destination node.

[0184] Based on the foregoing embodiments, embodiments of this application provide a computer-readable storage medium, simply referred to as a storage medium, which stores one or more programs that can be executed by one or more processors to implement the reference. Figures 1-3 The implementation process of the data processing method provided in the corresponding embodiments will not be described in detail here.

[0185] Those skilled in the art will understand that embodiments of this application can be provided as methods, systems, or computer program products. Therefore, this application can take the form of hardware embodiments, software embodiments, or embodiments combining software and hardware aspects. Furthermore, this application can take the form of a computer program product implemented on one or more computer-usable storage media (including, but not limited to, disk storage and optical storage) containing computer-usable program code.

[0186] This application is described with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of this application. It will be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, special-purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, generate instructions for implementing the flowchart... Figure 1 One or more processes and / or boxes Figure 1 A device that provides the functions specified in one or more boxes.

[0187] These computer program instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable data processing device to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means, which are implemented in a process Figure 1 One or more processes and / or boxes Figure 1 The function specified in one or more boxes.

[0188] These computer program instructions may also be loaded onto a computer or other programmable data processing equipment to cause a series of operational steps to be performed on the computer or other programmable equipment to produce a computer-implemented process, thereby providing instructions that execute on the computer or other programmable equipment for implementing the process. Figure 1 One or more processes and / or boxes Figure 1 The steps of the function specified in one or more boxes.

[0189] The above description is merely a preferred embodiment of this application and is not intended to limit the scope of protection of this application.

Claims

1. A data processing method, characterized in that, The method includes: If a client node sends data traffic to be cleaned, determine the evaluation weight coefficients of the m candidate high-defense nodes currently in the first state; wherein, determining the evaluation weight coefficient of each candidate high-defense node includes: determining the utilization rate of each candidate high-defense node; determining the product of each utilization rate and a first preset coefficient to obtain a first product; determining the product of the state weight coefficient and a second preset coefficient of each candidate high-defense node to obtain a second product; determining the sum of the first product and the second product of each candidate high-defense node to obtain the evaluation weight coefficient of each candidate high-defense node; Based on the evaluation weight coefficients of the m candidate high-defense nodes, a preset number of nodes are selected from the m candidate high-defense nodes currently in the first state to obtain the target high-defense node; where m is an integer greater than or equal to 1, and the preset number is an integer greater than or equal to 1 and less than or equal to m; wherein, the evaluation weight coefficient of each candidate high-defense node is added to the path attribute of the corresponding interface route, and the path attribute changes the path selection priority of the high-defense node; When the preset number is greater than 1, the data traffic to be cleaned is segmented and the segmented data traffic to be cleaned is sent to each of the high-defense nodes included in the target high-defense node; wherein, the data traffic to be cleaned is filtered and cleaned by the target high-defense node and then forwarded to the destination node through the origin forwarding node.

2. The method according to claim 1, characterized in that, If the client node sends data traffic to be cleaned, the evaluation weight coefficients of the m candidate high-defense nodes currently in the first state are determined; based on the evaluation weight coefficients of the m candidate high-defense nodes, a preset number of high-defense nodes are selected from the m candidate high-defense nodes currently in the first state to obtain the target high-defense node, including: If the data traffic to be cleaned is received, determine the working status of the p preset high-defense nodes under management; where p is an integer greater than or equal to 2 and greater than or equal to m. From p preset high-defense nodes, select the high-defense node whose working state is the first state to obtain m candidate high-defense nodes; Determine the evaluation weight coefficient for each of the candidate high-defense nodes to obtain m evaluation weight coefficients; Based on the m evaluation weight coefficients, a preset number of high-defense nodes are determined from the m candidate high-defense nodes to obtain the target high-defense node.

3. The method according to claim 1, characterized in that, Before selecting a preset number of high-defense nodes from the m candidate high-defense nodes currently in the first state to obtain the target high-defense node, the method further includes: The working status of p preset high-defense nodes under monitoring and management is obtained to obtain the monitoring results; where p is an integer greater than or equal to 2 and greater than or equal to m. The q preset high-defense nodes whose working status switched from the second state to the first state in the monitoring results are identified as q candidate high-defense nodes; where q is an integer greater than or equal to 0 and less than or equal to p; Determine the evaluation weight coefficient for each candidate high-defense node to obtain q evaluation weight coefficients; where q is an integer greater than or equal to 1 and less than or equal to p.

4. The method according to claim 3, characterized in that, m is greater than or equal to q.

5. The method according to claim 1, characterized in that, The method further includes: The preset quantity is determined based on the data flow to be cleaned.

6. The method according to claim 1, characterized in that, The candidate high-defense nodes include: distributed denial-of-service attack cleaning devices and application layer attack protection devices, or distributed denial-of-service attack cleaning devices, application layer attack protection devices, and cloud website application-level intrusion prevention system protection devices.

7. A data processing device, characterized in that, The device includes at least: a memory, a processor, and a communication bus; wherein: The memory is used to store executable instructions; The communication bus is used to realize the communication connection between the processor and the memory; The processor is configured to execute the data processing program stored in the memory to implement the steps of the data processing method as described in any one of claims 1 to 6.

8. A data processing system, characterized in that, The system includes at least: a data processing node, p preset high-defense nodes, and at least one origin-following forwarding node; wherein: The data processing node is used to implement the steps of the data processing method as described in any one of claims 1 to 6; The preset high-defense node is used to perform traffic cleaning and filtering on the received data traffic to be cleaned; The origin forwarding node is used to forward the data traffic cleaned by the preset high-defense node back to the destination node.

9. A storage medium, characterized in that, The storage medium stores a data processing program, which, when executed by a processor, implements the steps of the data processing method as described in any one of claims 1 to 6.