Computing power operation attack prevention method and device of intelligent computing cloud platform
By classifying traffic and matching routing rules in the intelligent computing cloud platform, selecting an appropriate combination of security protection rules, and distributing them to low-load WAF nodes, the security issues of the intelligent computing cloud platform are resolved, and effective protection of computing power operation is achieved.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- DATACANVAS LTD
- Filing Date
- 2026-06-11
- Publication Date
- 2026-07-14
AI Technical Summary
Intelligent computing cloud platforms are vulnerable to attacks, and traditional security strategies are difficult to adapt in real time, failing to effectively improve the security of computing power operation.
By acquiring user access requests, traffic is classified and identified to determine the traffic type, matching routing rules, selecting an appropriate combination of security protection rules, and then distributing them to WAF nodes under low load for security protection.
It achieves precise protection of the computing power operation of intelligent computing cloud platforms, identifies covert attacks, reduces security risks, and improves security.
Smart Images

Figure CN122394960A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the fields of intelligent computing centers, smart computing centers, computing infrastructure, and smart cloud technologies, specifically to a method and device for preventing attacks on the computing power operation of an intelligent computing cloud platform. Background Technology
[0002] With the rapid development of artificial intelligence technology, "intelligent computing centers" and "smart computing centers" have emerged.
[0003] An "intelligent computing center" refers to a facility that provides the necessary computing power, data, and algorithms for artificial intelligence applications (such as the development, training, and inference of deep learning models) by utilizing large-scale heterogeneous computing resources, including general-purpose and intelligent computing power. Intelligent computing centers encompass facilities, hardware, and software, and can provide full-stack capabilities from underlying computing power to top-level application enablement.
[0004] "Intelligent computing center" includes, but is not limited to, "intelligent computing center".
[0005] "Intelligent computing center" or artificial intelligence computing center is a type of computing infrastructure that provides computing power services, data services, and algorithm services required for artificial intelligence applications, based on artificial intelligence theory and adopting artificial intelligence computing architecture.
[0006] "Computing power" is the core of "intelligent computing center" and "smart computing center". It is the ability of computer equipment or computing / data center to process parameters. It is the ability of computer hardware and software to work together to execute a certain computing requirement. It is the computing power to achieve the target result output by processing parameter data. It is a new type of productivity that integrates parameter computing power, network carrying capacity and data storage capacity. It mainly provides services to society through computing power infrastructure.
[0007] Intelligent computing cloud platforms are cloud computing platforms that integrate hardware and software resources based on intelligent computing centers. They carry high-value assets such as artificial intelligence (AI) models, data, and computing power, making them highly vulnerable to attacks. The potential gains from such attacks far exceed those from traditional business operations, making them prime targets for external attacks. Furthermore, attacks against intelligent computing cloud platforms are more covert and undetectable by traditional devices. Additionally, the dynamic and elastic creation of computing power makes it difficult for traditional security strategies to adapt in real time, rendering them ineffective in identification and protection.
[0008] It is evident that since the emergence of intelligent computing centers, the security of computing power operation has not been effectively improved during the process of protecting computing power operation. This problem has always been an urgent issue to be solved in this field. Summary of the Invention
[0009] This invention provides a method and apparatus for preventing attacks on the computing power operation of an intelligent computing cloud platform, in order to solve the problem that existing technologies cannot effectively improve the security of computing power operation during the process of security protection.
[0010] To solve the above problems, the present invention is implemented as follows: In a first aspect, the present invention provides a method for preventing attacks on the computing power operation of an intelligent computing cloud platform, comprising: Step S1: Obtain user access requests for computing power services; Step S2: Classify and identify the traffic of the user access request to determine the traffic type of the user access request; Step S3: Determine the routing rule matching the user access request based on the traffic type; Step S4: Determine the security protection rule combination that matches the routing rule from the security protection rule combination associated with the routing rule, and distribute the security protection rule combination to the WAF node in a low-load state; wherein, the WAF node is a node in the WAF node cluster deployed in the intelligent computing cloud platform; Step S5: The WAF node executes the security protection rule combination to protect the user access request, so as to prevent attacks on the computing power operation of the intelligent computing cloud platform.
[0011] In some embodiments, step S4 includes: Step S4.1: Determine the first matching degree of the combination of the routing rule and the associated security protection rule; Step S4.2: Based on the first matching degree, determine the combination of security protection rules that are compatible with the routing rules.
[0012] In some embodiments, step S4.1 includes: Step S4.1.1: Determine the second matching degree of each security protection rule in the combination of the routing rule and the associated security protection rule; Step S4.1.2: Perform weighted fusion on the second matching degree to obtain the first matching degree of the combination of the routing rule and the associated security protection rule.
[0013] In some embodiments, step S4.1.2 includes: Step S4.1.2.1: Determine the protection type and the number of security protection rules in the associated security protection rule combination; Step S4.1.2.2: Based on the protection type and the number of security protection rules in the associated security protection rule combination, assign different weight values to the second matching degree of the security protection rules; Step S4.1.2.3: Based on the second matching degree and the weight value corresponding to the second matching degree, the second matching degree is weighted and fused to obtain the first matching degree of the combination of the routing rule and the associated security protection rule.
[0014] In some embodiments, step S4.1.2.2 includes: Step S4.1.2.2.1: Based on the protection type of the security protection rule, determine the initial weight value of the second matching degree of the security protection rule; Step S4.1.2.2.2: Correct the initial weight value based on the number of security protection rules, and assign different weight values to the second matching degree of the security protection rules based on the corrected initial weight value.
[0015] In some embodiments, step S4.2 includes: Step S4.2.1: Compare the first matching degree of the associated security protection rule combination, and determine the security protection rule combination corresponding to the maximum first matching degree as the security protection rule combination adapted to the routing rule.
[0016] In some embodiments, step S4 further includes: Step S4.1': Collect the running data of each WAF node in the WAF node cluster, including performance data and resource usage data; Step S4.2': Determine the load status of the WAF node based on the running data; Step S4.3': Determine the WAF nodes in low load state based on the load status.
[0017] In some embodiments, step S3 includes: Step S3.1: In response to the traffic type being static content traffic, obtain the first routing rule corresponding to the static content traffic as the routing rule matched by the user access request; Step S3.2: In response to the traffic type being dynamic content traffic, obtain multiple second routing rules corresponding to the dynamic content traffic, and based on the multi-dimensional user information of the user access request, filter out a third routing rule from the second routing rules as the routing rule matched by the user access request.
[0018] In some embodiments, the multi-dimensional user information includes at least the requested page information, user identifier, type of computing power service, and access permissions, and step S3.1 includes: Step S3.1.1: Determine the second routing rule corresponding to the requested page information as the third routing rule; or, determine the second routing rule corresponding to the user identifier as the third routing rule; or, determine the second routing rule corresponding to the type of computing power service as the third routing rule; or, determine the second routing rule corresponding to the access permission as the third routing rule.
[0019] In some embodiments, the method further includes: Step S6: Monitor the user access traffic corresponding to the user access request; Step S7: In response to the change in the computing power service accessed by the user access traffic, adjust the combination of security protection rules based on the changed computing power service.
[0020] In some embodiments, step S7 includes: Step S7.1: Determine the change information of the user access traffic; in response to the change information meeting the set conditions, determine that the computing power service accessed by the user has changed. Step S7.2: Based on the user access requests for the changed computing power service, determine the routing rules that match the user access requests for the changed computing power service; Step S7.3: Based on the routing rules matched by the user access requests for the changed computing power service, adjust the combination of security protection rules used to protect the user access requests for the changed computing power service.
[0021] Secondly, the present invention also provides a computing power operation anti-attack device for an intelligent computing cloud platform, comprising: The acquisition module is used to acquire user access requests for computing power services; The traffic identification module is used to classify and identify the traffic of the user access request and determine the traffic type of the user access request. The routing rule determination module is used to determine the routing rule matching the user access request based on the traffic type. The security protection rule determination module is used to determine a security protection rule combination that is compatible with the routing rule from the security protection rule combination associated with the routing rule, and to distribute the security protection rule combination to WAF nodes in a low-load state; wherein, the WAF node is a node in a WAF node cluster deployed in an intelligent computing cloud platform; The security protection module is used to execute the combination of security protection rules through the WAF node to protect the user access request, so as to prevent attacks on the computing power operation of the intelligent computing cloud platform.
[0022] Thirdly, the present invention also provides an electronic device, including a processor, a memory, and a computer program stored in the memory and executable on the processor, wherein the computer program, when executed by the processor, implements the steps in the computing power operation anti-attack method of the intelligent computing cloud platform as described in the first aspect above.
[0023] Fourthly, the present invention also provides a computer-readable storage medium storing a computer program, which, when executed by a processor, implements the steps in the computing power operation anti-attack method of the intelligent computing cloud platform as described in the first aspect above.
[0024] Fifthly, the present invention also provides a computer program product, including computer instructions, which, when executed by a processor, implement the steps in the computing power operation anti-attack method of the intelligent computing cloud platform as described in the first aspect above.
[0025] In this invention, step S1 involves acquiring user access requests for computing power services; step S2 involves classifying and identifying the traffic type of the user access requests; step S3 involves determining the routing rules matching the user access requests based on the traffic type; step S4 involves determining a security protection rule combination that matches the routing rules from the security protection rule combinations associated with the routing rules, and distributing the security protection rule combination to WAF nodes in a low-load state; and step S5 involves executing the security protection rule combination in the WAF nodes to provide security protection for the user access requests, thereby preventing attacks on the computing power operation of the intelligent computing cloud platform. Therefore, by providing security protection for user access requests for computing power services, more covert attacks can be effectively identified, preventing abnormal impacts on computing power operation and minimizing the security risks of the intelligent computing cloud platform. The adaptation of security protection rules during the security protection process maximizes the security of computing power operation within the intelligent computing cloud platform. Attached Figure Description
[0026] To more clearly illustrate the technical solution of the present invention, the accompanying drawings used in the description of the present invention will be briefly introduced below. Obviously, the accompanying drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0027] Figure 1This is a flowchart of a method for preventing attacks on the computing power operation of an intelligent computing cloud platform provided by the present invention; Figure 2 This is a functional diagram of the WAF node cluster provided by the present invention; Figure 3 This is an architecture diagram of the anti-attack method for the computing power operation of the intelligent computing cloud platform provided by the present invention; Figure 4 This is a structural diagram of a computing power operation anti-attack device for an intelligent computing cloud platform provided by the present invention; Figure 5 This is a schematic diagram of the structure of an electronic device provided in this invention. Detailed Implementation
[0028] The technical solutions of this invention will now be clearly and completely described with reference to the accompanying drawings. Obviously, the described embodiments are only some, not all, of the embodiments of this invention. All other embodiments obtained by those skilled in the art based on the embodiments of this invention without creative effort are within the scope of protection of this invention.
[0029] The “computing power” mentioned in this invention refers to: the ability of computer equipment or computing / data center to process information; the ability of computer hardware and software to work together to perform a certain computing requirement; the computing power to achieve the target result output by processing information data; and a new type of productivity that integrates information computing power, network carrying capacity, and data storage capacity, mainly providing services to society through computing power infrastructure.
[0030] The "computational power" (CP) described in this invention refers to the ability of a data center server to process data and output results. It is a comprehensive indicator of a data center's computing power, encompassing general computing power, supercomputing power, and intelligent computing power. The commonly used unit of measurement is floating-point operations per second (FLOPS, 1 EFLOPS = 10^18 FLOPS), with higher values indicating stronger overall computing power. It is estimated that 1 EFLOPS is approximately the computing power output of 5 Tianhe-2A supercomputers, 500,000 mainstream server CPUs, or 2 million mainstream laptops. The calculation formula is: CP = CP 通用 +CP 智能 +CP 超级 .
[0031] The "Network Power" (NP) mentioned in this invention refers to the performance of data transmission capability of computing facilities, which includes comprehensive capabilities such as network architecture, network bandwidth, transmission latency, intelligent management and scheduling, and involves network transmission within and between data centers. It is a comprehensive indicator for measuring network transmission scheduling capability.
[0032] The "Storage Power" (SP) described in this invention refers to the comprehensive capabilities of a data center in four aspects: data storage capacity, performance, security and reliability, and green and low-carbon operation. It is a comprehensive indicator for measuring the data storage capacity of a data center, including external storage devices such as storage arrays and internal storage devices within servers. The commonly used unit of measurement for storage capacity is exabytes (EB, 1EB = 2^60 bytes), while the commonly used unit of measurement for performance is the number of read / write operations per second (IOPS / TB). Disaster recovery ratio is an important indicator of security and reliability.
[0033] The "computing infrastructure" mentioned in this invention refers to a new type of information infrastructure that integrates information computing power, network carrying capacity, and data storage capacity, enabling centralized computing, storage, transmission, and application of information.
[0034] The "new information infrastructure" mentioned in this invention refers to network infrastructure such as 5G networks, fiber optic broadband networks, backbone networks, international communication networks, and satellite internet; computing infrastructure such as data centers, general computing centers, intelligent computing centers, and supercomputing centers; and new technology facilities such as artificial intelligence, blockchain, and quantum computing.
[0035] The “computing power” mentioned in this invention includes: general computing power, intelligent computing power, and supercomputing power.
[0036] The "general computing power" mentioned in this invention refers to the computing power provided by servers based on CPU (Central Processing Unit) chips, which is used to support basic general computing such as cloud computing and edge computing.
[0037] The "intelligent computing power" mentioned in this invention refers to: a computing platform deployed on a large scale based on dedicated chips such as GPU (Graphics Processing Unit), FPGA (Field Programmable Gate Array), and ASIC (Application Specific Integrated Circuit) for various artificial intelligence innovative applications, such as natural language processing and machine vision.
[0038] The “supercomputing power” mentioned in this invention refers to the computing power provided by high-performance computing clusters such as supercomputers. It utilizes the centralized computing resources of multiple computer systems working in parallel and uses a dedicated operating system to handle extremely complex or data-intensive problems. It is mainly used for computing in cutting-edge scientific fields, such as planetary simulation, drug molecule design, and gene analysis.
[0039] The "intelligent computing center" described in this invention refers to a facility that, through the use of large-scale heterogeneous computing resources, including general-purpose computing power (CPU) and intelligent computing power (GPU, FPGA, ASIC, etc.), primarily provides the necessary computing power, data, and algorithms for artificial intelligence applications (such as the development, training, and inference of deep learning models). The intelligent computing center encompasses facilities, hardware, and software, and can provide full-stack capabilities from underlying computing power to top-level application enablement.
[0040] The "intelligent computing cloud platform" mentioned in this invention, abbreviated as "intelligent computing cloud", refers to a cloud computing platform that integrates hardware and software resources based on an intelligent computing center.
[0041] The "intelligent computing center" mentioned in this invention includes, but is not limited to, "smart computing center".
[0042] The "intelligent computing center" mentioned in this invention, also known as an artificial intelligence computing center, is a type of computing infrastructure that provides computing power services, data services, and algorithm services required for artificial intelligence applications, based on artificial intelligence theory and adopting an artificial intelligence computing architecture.
[0043] The "computing center" mentioned in this invention refers to a facility that is mainly composed of infrastructure such as wind, thermal, hydro, and electricity, and IT hardware and software equipment, and has computing power, carrying capacity, and storage capacity, including general data centers, intelligent computing centers, supercomputing centers, etc.
[0044] The "supercomputing center" mentioned in this invention refers to a supercomputing data center, which is a data center based on supercomputers or large-scale computing clusters. It can provide large-scale computing, storage and network services and is widely used in aerospace, defense, oil exploration, climate modeling and genome sequencing and other application scenarios.
[0045] The “computing resources” mentioned in this invention refer to the technologies and facilities required for the development of the digital society that have the ability to compute, transmit, store and apply information, including but not limited to computing resources such as CPUs and GPUs, network resources such as switches and routers, storage resources such as storage arrays and distributed storage, security resources such as firewalls and intrusion detection systems, and supporting and guaranteeing resources such as wind, fire, water and electricity.
[0046] The "model" mentioned in this invention includes, but is not limited to, "large language model" and "multimodal large model".
[0047] The "large language model" mentioned in this invention refers to a large-scale language model (LLM), which is a language model with a large number of parameters. It is designed to understand and generate human language, and is trained with a large amount of text data. It can perform a wide range of tasks, including text summarization, translation, and sentiment analysis.
[0048] The “Multimodal Large Models” mentioned in this invention refer to models that combine multimodal information such as text, images, videos, and audio for training, including but not limited to multimodal large language models.
[0049] The "computing power service" described in this invention refers to a service that provides users with on-demand information computing power, network carrying capacity, and data storage capacity through computing resources. Examples include computing tasks, model inference, and data processing.
[0050] The "traffic type" mentioned in this invention refers to: static content traffic and dynamic content traffic.
[0051] The "static content traffic" described in this invention refers to resources that do not require real-time server processing and whose content does not change with user requests. Examples include images, including Joint Photographic Experts Group (JPG) and Portable Network Graphics (PNG) formats, video files, Cascading Style Sheets (CSS), JavaScript, and HyperText Markup Language (HTML) pages.
[0052] The "dynamic content traffic" mentioned in this invention refers to traffic generated by the server based on user input, identity, or real-time data through backend program calculations.
[0053] The "protection type" mentioned in this invention refers to the way rules are classified and defined based on the characteristics of the attack, the attack method, or the protection target.
[0054] Please see Figure 1 , Figure 1 This is a flowchart of a method for preventing attacks on the computing power operation of an intelligent computing cloud platform provided by the present invention, as shown below. Figure 1 As shown, the method includes: Step S1: Obtain user access requests for computing power services.
[0055] It should be noted that the anti-attack method for the computing power operation of the intelligent computing cloud platform of the present invention can prevent attacks on the computing power operation process of the intelligent computing cloud platform. This can be executed by a Web Application Firewall (WAF) node cluster; that is, the WAF node cluster can execute steps S1-S5 of the present invention.
[0056] Figure 2 This is a functional diagram of the WAF node cluster provided by the present invention. Figure 2 In this invention, the WAF node cluster has different functional components, namely the WAF node of the present invention, including: traffic inspection engine, rule engine, and policy management engine.
[0057] The system comprises three components: a traffic inspection engine for analyzing traffic to identify potential data impacts; a rules engine for applying security protection rules to manage traffic; and a policy management engine for creating and managing security policies. These security policies can include different security protection rules, which constitute the combination of security protection rules in this invention.
[0058] It should be noted that WAF node clusters can be deployed in intelligent computing cloud platforms. Through WAF node clusters, user access traffic can be monitored, and a combination of security protection rules can be adopted to manage user access and prevent attacks on computing power.
[0059] In some embodiments, user access requests may be sent by different clients. The clients access the intelligent computing cloud platform and generate user access requests for different computing power services by using different computing power services.
[0060] In some embodiments, when a user accesses the intelligent computing cloud platform through a client, they can carry multi-dimensional user information, which can be used to match routing rules.
[0061] In some embodiments, users can access the intelligent computing cloud platform through an access interface. By monitoring the access interface in real time, user access requests for computing services can be obtained.
[0062] The beneficial technical effect of step S1 is that by obtaining user access requests for computing power services, attacks on the intelligent computing cloud platform can be detected in real time, thereby realizing the transformation from passive protection to active interception and maximizing the security of computing power operation in the intelligent computing cloud platform.
[0063] Step S2: Classify and identify the traffic of user access requests to determine the traffic type of the user access requests.
[0064] In some embodiments, user access requests can be parsed to obtain the content accessed by the user access request, thereby classifying and identifying traffic based on the content accessed by the user access request to determine the traffic type of the user access request.
[0065] For example, if it is determined that the content accessed by the user's access request is an image, it can be determined that the traffic type of the user's access request is static content traffic.
[0066] For example, if it is determined that the content accessed by the user's access request is a search result, the traffic type of the user's access request can be determined to be dynamic content traffic.
[0067] In some embodiments, if a user access request indicates that artificial intelligence (AI) is used for question answering, it can be determined that the content accessed by the user access request is an AI search result, and thus the user access request is determined to be dynamic content traffic.
[0068] In some embodiments, a correspondence between different content and traffic types can be established in advance. After parsing the content accessed by the user's access request, the above correspondence can be queried to determine the traffic type of the user's access request.
[0069] The correspondence between different content and traffic types can be obtained from the client. By storing the correspondence between different content and traffic types, and calling the correspondence after determining the content accessed by the user's access request, the traffic type of the user's access request can be determined.
[0070] In some embodiments, user access requests can also be input into a large model, which will then classify and identify the traffic to determine the type of user access request.
[0071] The beneficial technical effect of step S2 is that by distinguishing whether a user access request is static content traffic or dynamic content traffic, it can provide a basis for matching security protection rule combinations, achieve precise protection for different traffic types, and optimize the allocation of computing power.
[0072] Step S3: Determine the routing rules that match the user access request based on the traffic type.
[0073] In some embodiments, different traffic types can indicate the routing rules that match a user's access request. That is, there is a correspondence between traffic types and routing rules. Once the traffic type of a user's access request is determined, the correspondence between traffic types and routing rules can be queried to determine the routing rules that match the user's access request.
[0074] In some embodiments, since static content traffic is a resource that does not change, it can correspond to a set routing rule as the routing rule matched by the user's access request.
[0075] In some embodiments, since dynamic content traffic is traffic that needs to be calculated and generated, it can correspond to multiple routing rules, and further matching can be performed based on user access requests to determine the routing rule that matches the user access request.
[0076] In other words, the correspondence between traffic types and routing rules can include: the correspondence between static content traffic and routing rules, and the correspondence between dynamic content traffic and routing rules.
[0077] The correspondence between dynamic content traffic and routing rules can be determined based on the multi-dimensional user information of the user corresponding to the user's access request.
[0078] For example, multi-dimensional user information includes user identifiers. The correspondence between dynamic content traffic and routing rules is as follows: When the user identifier of a user access request is determined to be identifier A, the routing rule determined by querying the correspondence between user identifiers and routing rules is rule A. Therefore, the routing rule matched by the user access request is rule A.
[0079] The beneficial technical effect of step S3 is that by matching different routing rules to different traffic types, it is possible to achieve differentiated scheduling of user access requests of different traffic types, so as to achieve different security protection for different user access requests, making security protection more precise and maximizing the security of computing power operation.
[0080] Step S4: Determine the security protection rule combination that matches the routing rule from the security protection rule combination associated with the routing rule, and send the security protection rule combination to the WAF node in a low-load state.
[0081] In some embodiments, any routing rule can be associated with multiple security protection rule combinations. These combinations can include different numbers of security protection rules, or they can include the same number of security protection rules.
[0082] For example, the security protection rule combinations associated with routing rules include combination 1, combination 2, and combination 3. Combination 1 includes security protection rule 1, security protection rule 2, and security protection rule 3; combination 2 includes security protection rule 1 and security protection rule 3; and combination 3 includes security protection rule 1, security protection rule 2, and security protection rule 5.
[0083] In this invention, the number of security protection rules included in the security protection rule combination is not specifically limited.
[0084] In some embodiments, in order to determine the combination of security protection rules that are compatible with the routing rules, the degree of matching between the routing rules and the combination of security protection rules associated with them can be determined, and the combination of security protection rules that are compatible with the routing rules can be determined based on the degree of matching.
[0085] In this invention, the degree of matching can be the degree of matching between the protection types of routing rules and security protection rules. The degree of matching can be represented by the matching degree.
[0086] In some embodiments, for any combination of security protection rules, the matching degree between the routing rule and each security protection rule in the combination can be calculated, and the matching degree between the routing rule and each security protection rule can be fused to obtain the matching degree between the combination of security protection rules and the routing rule.
[0087] Furthermore, the matching degree of each security protection rule combination associated with the routing rule can be determined, and the security protection rule combination with the highest matching degree can be determined as the security protection rule combination that is compatible with the routing rule.
[0088] In some embodiments, routing rules correspond to traffic types, and a combination of security protection rules that is compatible with the routing rules is determined, which is to say, a combination of security protection rules that is compatible with the traffic type is determined.
[0089] It should be noted that the number of security rules used to protect user access requests for dynamic content traffic must be greater than the number of security rules used to protect user access requests for static content traffic.
[0090] In other words, when determining the security protection rule combination that matches the routing rule from the security protection rule combination associated with the routing rule, the number of security protection rules included in the security protection rule combination associated with the routing rule will also affect whether the routing rule matches the security protection rule combination.
[0091] In some embodiments, a first quantity threshold can be set for static content traffic, and a second quantity threshold can be set for dynamic content traffic.
[0092] Optionally, security protection rule combinations with a number of security protection rules greater than or equal to a first threshold and less than a second threshold can be selected from the security protection rule combinations associated with the routing rules, and these combinations can be used as the initial security protection rule combinations adapted to the routing rules matched with static content traffic.
[0093] Furthermore, the matching degree between the routing rules and each initially adapted security protection rule combination can be determined, and the initially adapted security protection rule combination corresponding to the maximum matching degree can be selected as the security protection rule combination adapted to the routing rules. This security protection rule combination is a security protection rule combination that provides security protection for user access requests of static content traffic.
[0094] Optionally, security protection rule combinations with a number of security protection rules greater than or equal to a second threshold can be selected from the security protection rule combinations associated with the routing rules, and these combinations can be used as the initial security protection rule combinations adapted to the routing rules matched with the dynamic content traffic.
[0095] Furthermore, the matching degree between the routing rules and each initially adapted security protection rule combination can be determined, and the initially adapted security protection rule combination corresponding to the maximum matching degree can be selected as the security protection rule combination adapted to the routing rules. This security protection rule combination is a security protection rule combination for protecting user access requests for dynamic content traffic.
[0096] In some embodiments, after determining the combination of security protection rules that is compatible with the routing rules, the combination of security protection rules can be issued to WAF nodes that are in a low-load state, wherein the WAF nodes are nodes in the WAF node cluster deployed in the intelligent computing cloud platform.
[0097] It should be noted that WAF nodes do not store security rule combinations. When it is determined to use any WAF node for security protection, the WAF node can cache the issued security rule combinations and use the cached security rule combinations for security protection.
[0098] Optionally, the WAF node receiving the combination of security protection rules can be a node with security protection functions in the WAF node cluster. That is, different functions can be assigned to each node in the WAF node cluster, so that WAF nodes with different functions can perform different steps.
[0099] When each WAF node is assigned different functions, the WAF nodes with security protection functions can be identified from the WAF node cluster first, and the WAF nodes in a low-load state can be selected from the WAF nodes with security protection functions. In this way, the security protection rules can be combined and distributed to the WAF nodes in a low-load state.
[0100] Optionally, any WAF node in the WAF node cluster can also perform different functions. That is, a WAF node can perform both scheduling and security protection. In this case, the WAF node in the WAF node cluster can be directly identified as being in a low-load state, and the security protection rules can be combined and distributed to the WAF node in the low-load state.
[0101] In some embodiments, a WAF node in a low-load state can be selected by determining the load state of each WAF node and selecting the WAF node with the smallest load value corresponding to the load state as the WAF node in a low-load state.
[0102] The beneficial technical effect of step S4 is that: in this invention, there is a correspondence between routing rules and the traffic types of user access requests. By determining the combination of security protection rules that matches the routing rules, it is possible to determine the combination of security protection rules that matches the traffic types, thereby ensuring that the matched combination of security protection rules accurately covers the traffic types of user access requests. This achieves accurate adaptation of the security protection rule combination and is beneficial to improving the effectiveness of security protection for user access requests. By distributing the matched combination of security protection rules to WAF nodes in a low-load state, and using the low-load WAF nodes for security protection, dynamic load balancing can be achieved, maximizing the efficiency of WAF nodes in security protection and the high availability of WAF nodes.
[0103] Step S5: Implement security protection rules through WAF nodes to protect user access requests and prevent attacks on the computing power of the intelligent computing cloud platform.
[0104] In some embodiments, after the security protection rule set is distributed to the WAF node in a low-load state, the WAF node can cache the security protection rule set and use the security protection rules in the cached security protection rule set to protect user access requests, so as to prevent attacks on the computing power operation of the intelligent computing cloud platform.
[0105] Optionally, after a WAF node uses the security rules in the cached security rule set to protect user access requests, the cached security rule set can be deleted, thereby freeing up memory resources and optimizing the load status of the WAF node.
[0106] In some embodiments, the security protection rule combination includes at least one security protection rule, which can be executed on user access requests in a set execution order to achieve security protection for user access requests.
[0107] In some embodiments, the execution order can be related to the identifier of the security protection rule. For example, the security protection rule identified as A is executed first, followed by the security protection rule identified as B. Optionally, the execution order can be related to the protection type of the security protection rule. For example, the security protection rule with protection type 1 is executed first, followed by the security protection rule with protection type 2.
[0108] For example, security protection rules can be integrated with intelligent semantic analysis engines and machine learning engines to protect against traditional data impacts such as SQL injection, cross-site scripting (XSS), and web shells; security protection rules can also be added to AI scenarios to protect against special data impacts such as model data theft and inference service interference. Security protection rules can be signature-based security protection, which detects known security risks by using signatures; security protection rules can also be anomaly detection, which indicates potential security risks by identifying abnormal traffic types; security protection rules can also be machine learning, which adapts to new security risks by analyzing traffic types; and security protection rules can also be real-time security risk intelligence, which blocks emerging security risks by using the latest security risk intelligence.
[0109] It should be noted that when multiple user access requests for the same computing power service are received, and the traffic types of the multiple user access requests are the same, the corresponding routing rules are the same, and the adapted security protection rule combinations are also the same, if there is only one WAF node in the current WAF node cluster that is in a low-load state, that WAF node can simultaneously receive the security protection rule combinations corresponding to multiple user access requests.
[0110] The beneficial technical effect of step S5 is that by executing a combination of security protection rules through WAF nodes, accurate analysis of user access traffic can be achieved, thereby accurately intercepting attacks on the computing power operation of the intelligent computing cloud platform and maximizing the security of computing power operation in the intelligent computing cloud platform.
[0111] In this invention, step S1 involves acquiring user access requests for computing power services; step S2 involves classifying and identifying the traffic type of the user access requests; step S3 involves determining the routing rules matching the user access requests based on the traffic type; step S4 involves determining a security protection rule combination that matches the routing rules from the security protection rule combinations associated with the routing rules, and distributing the security protection rule combination to WAF nodes in a low-load state; and step S5 involves executing the security protection rule combination in the WAF nodes to provide security protection for the user access requests, thereby preventing attacks on the computing power operation of the intelligent computing cloud platform. Therefore, by providing security protection for user access requests for computing power services, more covert attacks can be effectively identified, preventing abnormal impacts on computing power operation and minimizing the security risks of the intelligent computing cloud platform. The adaptation of security protection rules during the security protection process maximizes the security of computing power operation within the intelligent computing cloud platform.
[0112] In some embodiments, step S4 includes: Step S4.1: Determine the first matching degree of the combination of routing rules and associated security protection rules.
[0113] In some embodiments, the associated security protection rule combination includes at least one security protection rule. The matching degree between the routing rule and each security protection rule can be determined as a second matching degree. The second matching degree can be fused to obtain a first matching degree between the routing rule and the associated security protection rule combination.
[0114] Among them, determining the matching degree between the routing rule and each security protection rule can be the matching degree between the routing rule and the protection type of each security protection rule.
[0115] In some embodiments, the fusion of the second matching degree can be a weighted fusion, that is, assigning a weight value to each second matching degree and performing a weighted calculation based on the weight value and the second matching degree to obtain the first matching degree of the combination of the routing rule and the associated security protection rule.
[0116] The beneficial technical effect of step S4.1 is that by determining the first matching degree of the combination of routing rules and associated security protection rules, it is possible to match the combination of security protection rules that conforms to the traffic type of the routing rules, so that the combination of security protection rules can accurately protect user access requests of different traffic types and improve the efficiency of security protection.
[0117] Step S4.2: Based on the first matching degree, determine the combination of security protection rules that are compatible with the routing rules.
[0118] In some embodiments, the size of the first matching degree can be compared, and based on the size comparison result, a combination of security protection rules adapted to the routing rules can be determined.
[0119] Continuing with the example in step S4, the security protection rule combinations associated with the routing rule include combination 1, combination 2 and combination 3. If the first matching degree between combination 1 and the routing rule is a; if the first matching degree between combination 2 and the routing rule is b; if the first matching degree between combination 3 and the routing rule is c.
[0120] If a is less than b and c, then combination 3 can be determined as a security protection rule combination that is compatible with the routing rules.
[0121] The beneficial technical effect of step S4.2 is that by determining the maximum first matching degree and using the security protection rule combination corresponding to the maximum first matching degree as the security protection rule combination that adapts to the routing rules, the routing rules and the security protection rule combination can be accurately adapted, which is conducive to improving the effect of using the security protection rule combination for security protection.
[0122] In some embodiments, step S4.1 includes: Step S4.1.1: Determine the second matching degree of each security protection rule in the combination of routing rules and associated security protection rules.
[0123] The beneficial technical effect of step S4.1.1 is that by determining the second matching degree of each security protection rule in the security protection rule combination, the accuracy of determining the first matching degree can be improved, and the routing rules can be matched more accurately.
[0124] Step S4.1.2: Perform weighted fusion on the second matching degree to obtain the first matching degree of the combination of routing rules and associated security protection rules.
[0125] In some embodiments, the security protection rule combination associated with the routing rule includes at least one security protection rule. A second matching degree between the routing rule and each security protection rule can be determined, and a first matching degree of the security protection rule combination to which each security protection rule belongs can be determined based on the second matching degree of each security protection rule.
[0126] In some embodiments, a weight value can be assigned to each second matching degree first, and the second matching degrees can be weighted and fused based on the weight value corresponding to the second matching degree to obtain the first matching degree of the combination of routing rules and associated security protection rules.
[0127] In some embodiments, the weight value may be related to the protection type of the security protection rules in the security protection rule combination, and the weight value may also be related to the number of security protection rules in the security protection rule combination.
[0128] In some embodiments, for each security protection rule combination associated with a routing rule, by performing the steps S4.1.1 to S4.1.2 described above, a first matching degree between the routing rule and each security protection rule combination can be determined.
[0129] The beneficial technical effect of step S4.1.2 is that by performing weighted fusion through the second matching degree, the matching degree of each security protection rule can be integrated to determine the first matching degree of the security protection rule combination, thereby improving the accuracy of the first matching degree.
[0130] In some embodiments, step S4.1.2 includes: Step S4.1.2.1: Determine the protection type and number of security protection rules in the associated security protection rule combination.
[0131] The beneficial technical effect of step S4.1.2.1 is that, for different protection types and quantities of security protection rules, the weight value corresponding to the second matching degree can be determined, which can realize the differentiation of weight values, avoid the influence of fixed weight values on weighted fusion, and improve the accuracy of weighted fusion.
[0132] Step S4.1.2.2: Based on the protection type and number of security protection rules in the associated security protection rule combination, assign different weight values to the second matching degree of the security protection rules.
[0133] In some embodiments, the weight value of the second matching degree can be jointly determined based on the protection type and the number of security protection rules in the security protection rule combination associated with the routing rule.
[0134] In some embodiments, security protection rules carry their corresponding protection types. By querying the information of security protection rules in the associated security protection rule combination, the protection type of the security protection rule can be determined.
[0135] In some embodiments, the number of security protection rules in the security protection rule combination associated with the routing rule can be determined by counting the number of security protection rules in the security protection rule combination.
[0136] In some embodiments, different weight values are assigned to the second matching degree of security protection rules. The initial weight value can be determined first according to the protection type of the security protection rule, and the initial weight value can be corrected according to the number of security protection rules. The corrected initial weight value is then used as the weight value corresponding to the second matching degree.
[0137] In some embodiments, an initial weight value may be determined first based on the number of security protection rules, and then the initial weight value may be modified according to the protection type of the security protection rules, and the modified initial weight value may be used as the weight value corresponding to the second matching degree.
[0138] In some embodiments, a fixed weight value may be preset, and different first adjustment coefficients may be set for different protection types of security protection rules, and different second adjustment coefficients may be set for different numbers of security protection rules. Specifically, the first adjustment coefficients are different within the same combination of security protection rules, while the second adjustment coefficients are the same.
[0139] Furthermore, by using the first adjustment coefficient and the second adjustment coefficient, the fixed weight value can be adjusted to obtain the weight value corresponding to the second matching degree.
[0140] The beneficial technical effect of step S4.1.2.2 is that, based on the different protection types and quantities of security protection rules, the weight value corresponding to the second matching degree is jointly determined. This allows different weight values to be assigned to the second matching degree of different security protection rules, avoiding the influence of fixed weight values on weighted fusion and improving the accuracy of weighted fusion.
[0141] Step S4.1.2.3: Based on the weight values corresponding to the second matching degree, the second matching degree is weighted and fused to obtain the first matching degree of the combination of routing rules and associated security protection rules.
[0142] In some embodiments, after determining the weight value corresponding to the second matching degree, the product of the second matching degree and the weight value corresponding to the second matching degree can be calculated, and multiple products can be summed to achieve weighted fusion of the second matching degree, thereby obtaining the first matching degree of the combination of routing rules and associated security protection rules.
[0143] The beneficial technical effect of step S4.1.2.3 is that, based on the weight values corresponding to the second matching degree, the second matching degree is weighted and fused, which can realize the comprehensive evaluation of the matching degree of the combination of routing rules and associated security protection rules.
[0144] In some embodiments, step S4.1.2.2 includes: Step S4.1.2.2.1: Based on the protection type of the security protection rule, determine the initial weight value of the second matching degree of the security protection rule.
[0145] In some embodiments, different initial weight values can be pre-set for different protection types, that is, there is a correspondence between protection types and initial weight values. Thus, after the protection type of the security protection rule is determined, the initial weight value of the second matching degree of the security protection rule can be determined by querying the correspondence between the protection type and the initial weight value.
[0146] For example, security protection rules may have protection types: Protection Type A, Protection Type B, and Protection Type C, with initial weight values of a, b, and c, respectively. For any given security protection rule, if its protection type is determined to be Protection Type B, then the initial weight value for the second matching degree of the security protection rule can be determined to be weight value b.
[0147] The beneficial technical effect of step S4.1.2.2.1 is that, based on different protection types, the initial weight value of the second matching degree of the security protection rule is determined. This enables the determination of weight values for different protection types, achieves accurate matching of routing rules for security protection rules, and maximizes the effectiveness of security protection.
[0148] Step S4.1.2.2.2: Correct the initial weight value based on the number of security protection rules, and assign different weight values to the second matching degree of the security protection rules based on the corrected initial weight value.
[0149] Optionally, a correction coefficient for the initial weight value can be determined based on the number of security protection rules, and the initial weight value can be corrected according to the correction coefficient.
[0150] In some embodiments, different numbers of security protection rules correspond to different security protection effects. Specifically, the more security protection rules in a combination of security protection rules, the better the corresponding security protection effect.
[0151] In some embodiments, a baseline correction coefficient can be set first, and the number of security protection rules corresponding to the baseline correction coefficient can be determined. If the number of security protection rules in any combination of security protection rules is greater, the correction coefficient is greater than the baseline correction coefficient; if the number of security protection rules in any combination of security protection rules is less, the correction coefficient is less than the baseline correction coefficient.
[0152] For example, if the baseline correction factor is set to 1, the corresponding number of security protection rules is 50. If the number of security protection rules in any combination of security protection rules is 100, the corresponding correction factor can be 1.2; if the number of security protection rules in any combination of security protection rules is 150, the corresponding correction factor can be 1.4.
[0153] If the number of security protection rules in any combination of security protection rules is 30, the corresponding correction factor can be 0.8; if the number of security protection rules in any combination of security protection rules is 10, the corresponding correction factor can be 0.4.
[0154] Optionally, a maximum and a minimum threshold for the correction coefficient can be set, allowing the correction coefficient to fluctuate between the maximum and minimum thresholds.
[0155] In some embodiments, after determining the correction coefficient, the correction coefficient can be multiplied by each initial weight value to correct the initial weight values, resulting in corrected initial weight values. This allows the determination of the security protection rule corresponding to the corrected initial weight value, and the allocation of the corrected initial weight value to the second matching degree of the security protection rule, thereby enabling the allocation of different weight values to the second matching degree of the security protection rule.
[0156] For example, if the corrected initial weight value is weight 1 and the corresponding security protection rule is rule 1, then the second matching degree of rule 1 is assigned weight 1.
[0157] The beneficial technical effect of step S4.1.2.2.2 is that by modifying the initial weight value based on the number of security protection rules, it is possible to maximize the effect of security protection for computing power operation by taking into account the impact of the number of security protection rules on the security protection effect when allocating different weight values to the second matching degree of security protection rules.
[0158] In some embodiments, step S4.2 includes: Step S4.2.1: Compare the first matching degree of the associated security protection rule combinations, and determine the security protection rule combination corresponding to the maximum first matching degree as the security protection rule combination adapted to the routing rules.
[0159] In some embodiments, by determining the first matching degree of each security protection rule combination associated with the routing rule and comparing the size of the first matching degrees, the maximum first matching degree can be determined, and the security protection rule combination corresponding to the maximum first matching degree can be used as the security protection rule combination adapted to the routing rule.
[0160] The beneficial technical effect of step S4.2.1 is that: determining the security protection rule combination corresponding to the maximum first matching degree as the security protection rule combination adapted to the routing rule can realize the priority matching of the security protection rule combination most relevant to the routing rule, thereby maximizing the effect of security protection by executing the security protection rule combination and the accuracy of security protection.
[0161] In some embodiments, step S4 further includes: Step S4.1': Collect the running data of each WAF node in the WAF node cluster. The running data includes performance data and resource usage data.
[0162] In some embodiments, the load status of a WAF node is related to the operational data of the WAF node. Therefore, the performance data and resource usage data of each WAF node in the WAF node cluster can be collected as the operational data of the WAF node.
[0163] In some embodiments, performance data may include performance metrics such as request processing rate, average response time, and error rate; resource usage data may include resource usage metrics such as memory usage.
[0164] The beneficial technical effect of step S4.1' is that by collecting performance data and resource usage data of each WAF node, a basis can be provided for accurately identifying the load status of WAF nodes.
[0165] Step S4.2': Determine the load status of the WAF node based on the running data.
[0166] In some embodiments, the load status of each WAF node can be calculated based on performance data and resource usage data. The load status includes low load and high load states.
[0167] For example, a corresponding threshold can be set for each performance metric and each resource usage metric. When any metric exceeds the threshold, the load status of the WAF node is determined to be high load; otherwise, the load status of the WAF node is determined to be low load.
[0168] In some embodiments, the load value corresponding to the load status of each WAF node can also be calculated based on performance data and resource usage data. In other words, the load status of a WAF node can be represented by a load value.
[0169] The beneficial technical effect of step S4.2' is that by determining the load status of the WAF node, the load changes of the WAF node can be perceived in real time, thus avoiding the WAF node from being overloaded or idle.
[0170] Step S4.3': Determine the WAF nodes that are in a low-load state based on the load status.
[0171] In some embodiments, the load status can indicate the load value of a WAF node. By comparing the magnitudes of the load values, the WAF node with the smallest load value is identified as the WAF node in a low-load state.
[0172] The beneficial technical effect of step S4.3' is that by identifying WAF nodes in a low-load state from the WAF node cluster, load balancing of WAF nodes can be achieved, which is conducive to quickly providing security protection for user access requests.
[0173] In some embodiments, step S3 includes: Step S3.1: In response to traffic type being static content traffic, obtain the first routing rule corresponding to the static content traffic as the routing rule matched by the user access request.
[0174] It's important to note that there's a correspondence between traffic types and routing rules. When the traffic type is static content traffic, there's a unique routing rule corresponding to it. You can determine the routing rule for static content traffic by querying the correspondence between traffic types and routing rules, and use that rule as the first routing rule.
[0175] In other words, the first routing rule is the routing rule matched when the user access request's traffic type is static content traffic.
[0176] The beneficial technical effect of step S3.1 is that by setting the uniqueness of the routing rules corresponding to static content traffic, the determinism of the routing rules corresponding to static content traffic can be improved.
[0177] Step S3.2: In response to the traffic type being dynamic content traffic, obtain multiple second routing rules corresponding to the dynamic content traffic, and based on the multi-dimensional user information of the user access request, filter out the third routing rule from the second routing rules as the routing rule matched by the user access request.
[0178] It should be noted that when the traffic type is dynamic content traffic, there are multiple routing rules corresponding to dynamic content traffic. In this case, based on the multi-dimensional user information carried by the user access request, one routing rule can be determined from multiple routing rules as the routing rule matched by the user access request when the traffic type of the user access request is dynamic content traffic.
[0179] In other words, when it is determined that the traffic type of the user access request is dynamic content traffic, multiple routing rules corresponding to the dynamic content traffic are determined based on the correspondence between traffic type and routing rules, and these rules are used as the second routing rules.
[0180] Furthermore, based on the multi-dimensional user information of the user access request, the second routing rule is further matched to determine the third routing rule from the second routing rule, which is then used as the routing rule matched by the user access request.
[0181] The beneficial technical effect of step S3.2 is that when determining the routing rules to match dynamic content traffic, matching based on multi-dimensional user information can improve the adaptability of routing rules and user access requests.
[0182] In some embodiments, the multi-dimensional user information includes at least the requested page information, user identifier, type of computing power service, and access permissions. Step S3.1 includes: Step S3.1.1: Determine the second routing rule corresponding to the requested page information as the third routing rule; or, determine the second routing rule corresponding to the user identifier as the third routing rule; or, determine the second routing rule corresponding to the type of computing power service as the third routing rule; or, determine the second routing rule corresponding to the access permission as the third routing rule.
[0183] It should be noted that multi-dimensional user information is the information carried by the user when issuing a user access request. When a user accesses the intelligent computing cloud platform and issues a user access request, the user's multi-dimensional user information can be collected in real time.
[0184] In other words, we can establish correspondences between requested page information and routing rules, user identifiers and routing rules, computing power service types and routing rules, and access permissions and routing rules.
[0185] After obtaining multi-dimensional user information, by determining the information in any one dimension of the multi-dimensional user information and querying the corresponding relationship through the information in any one dimension, the routing rule corresponding to the information in any one dimension can be determined, that is, the third routing rule, which serves as the routing rule matched for the user access request.
[0186] The beneficial technical effect of step S3.1.1 is that matching routing rules based on multi-dimensional user information can achieve the uniqueness of the correspondence between routing rules and user access requests, and improve the adaptability of routing rules and user access requests.
[0187] In some embodiments, the intelligent computing cloud platform computing power operation anti-attack method of the present invention further includes: Step S6: Monitor the user access traffic corresponding to the user access request.
[0188] In some embodiments, monitoring user access traffic corresponding to user access requests can be performed using WAF nodes with monitoring and auditing capabilities within a WAF node cluster. During the monitoring of user access traffic corresponding to user access requests, security protection logs can also be generated, allowing the determination of the protection effectiveness for the computing power operation of the intelligent computing cloud platform based on these logs.
[0189] The beneficial technical effect of step S6 is that by monitoring the user access traffic corresponding to the user access request, it is possible to determine in real time whether the computing power service accessed by the user has changed, and thus adjust the combination of appropriate routing rules and security protection rules when the computing power service changes.
[0190] Step S7: In response to a change in the computing power service accessed by the user due to user access traffic indication, adjust the combination of security protection rules based on the changed computing power service.
[0191] In some embodiments, computing power services have a service lifecycle, such as a training phase, an inference phase, and a cleanup phase. Different phases correspond to different access traffic, so the current computing power service can be perceived based on changes in the size of user access traffic.
[0192] For example, if the volume of user access traffic changes abruptly, it can be determined that the computing power service accessed by the user has changed, and the combination of security protection rules can be adjusted based on the changed computing power service.
[0193] It should be noted that adjusting the combination of security protection rules means using different combinations of security protection rules to provide security protection for user access requests to the changed computing power service.
[0194] For example, before the adjustment, security protection rule combination 1 was used. When the computing power service accessed by the user changes, based on the steps in the above embodiments, it is determined to use security protection rule combination 2 to protect the user access requests to the changed computing power service.
[0195] It is understandable that the business type of the computing power service will also affect the determination of the routing rules when determining the routing rules. Therefore, the routing rules can be re-determined based on the changed computing power service, and the security protection rule combination can be adapted based on the re-determined routing rules to determine the security protection rule combination corresponding to the user access request of the changed computing power service, thereby adjusting the security protection rule combination.
[0196] The beneficial technical effect of step S7 is that by adjusting the combination of security protection rules when the computing power service accessed by the user changes, it is possible to dynamically adapt to changes in computing power services, thereby maximizing the adaptability of security protection for computing power operation.
[0197] In some embodiments, step S7 includes: Step S7.1: Determine the change information of user access traffic. In response to the change information meeting the set conditions, determine that the computing power service accessed by the user has changed.
[0198] In some embodiments, since different access traffic corresponds to different stages of the computing power service's lifecycle, changes in user access traffic can be monitored to determine information about these changes. By determining whether the changes meet set conditions, it can be determined whether the computing power service accessed by the user has changed.
[0199] For example, the condition is set as follows: the traffic increases after continuously decreasing for a set period of time. When the change information of user access traffic is detected as continuously decreasing and then increasing, and the duration of continuous decrease is the set duration, it can be determined that the change information meets the set condition, thereby determining that the computing power service accessed by the user has changed.
[0200] The beneficial technical effect of step S7.1 is that, based on the information on changes in user access traffic, it can be determined whether the computing power service accessed by the user has changed, and the changes in computing power service can be determined in a timely manner, so as to adjust the corresponding combination of security protection rules in a timely manner.
[0201] Step S7.2: Based on the user access requests for the changed computing power service, determine the routing rules that match the user access requests for the changed computing power service.
[0202] In some embodiments, the traffic type of the user access request for the changed computing power service can be determined, and the routing rules matching the traffic type of the user access request for the changed computing power service can be determined.
[0203] Optionally, steps S2 and S3 above can be used to determine the routing rules that match the user access requests for the changed computing power service, which will not be elaborated here.
[0204] The beneficial technical effect of step S7.2 is that by redetermining the routing rules matched by user access requests for the changed computing power service, a basis is provided for adjusting security protection rules, which is conducive to more effective security protection for user access requests.
[0205] Step S7.3: Based on the routing rules matched by the user access requests for the changed computing power service, adjust the combination of security protection rules used to protect the user access requests for the changed computing power service.
[0206] In some embodiments, the relevant content of step S4 can be executed to determine the routing rules matched by the user access request of the changed computing power service, the adapted security protection rule combination, and to use the security protection rule combination to perform security protection on the user access request of the changed computing power service.
[0207] The beneficial technical effect of step S7.3 is that by timely adjusting the combination of security protection rules corresponding to the changed user access requests of the computing power service, and using the adjusted combination of security protection rules to protect the user access requests, dynamic security protection of the computing power operation of the intelligent computing cloud platform can be achieved, thereby maximizing the effectiveness of security protection.
[0208] Figure 3 This is an architecture diagram of the anti-attack method for the computing power operation of the intelligent computing cloud platform provided by the present invention. It obtains user access requests for computing power services, performs traffic identification and classification on these requests at the routing and scheduling layer, determines the traffic type of each user access request, and determines the routing rules matching the user access request based on the traffic type.
[0209] Figure 3 The image shows user access requests with static content traffic and dynamic content traffic types. Static content traffic matches routing rule 1, while dynamic content traffic matches routing rule 2.
[0210] Furthermore, within the security protection layer, a security protection rule combination that matches the routing rule can be determined from the security protection rule combination associated with the routing rule. This security protection rule combination can then be distributed to WAF nodes that are under low load. The WAF nodes can then execute the security protection rule combination to provide security protection for user access requests, thereby preventing attacks on the computing power operation of the intelligent computing cloud platform.
[0211] In other words, Figure 3 In the middle, the WAF node adapted by routing rule 1 in a low-load state is WAF1, and the WAF node adapted by routing rule 2 in a low-load state is WAF2.
[0212] The policy management layer can be used to pre-configure routing rules and security protection rules, such as setting routing rules for different traffic types and setting combinations of security protection rules for different routing rules.
[0213] The monitoring and auditing layer can continuously monitor the routing and scheduling layer, the security protection layer, and the policy management layer to determine the security protection logs of the intelligent computing cloud platform's computing power operation and attack prevention. Based on the security protection logs, it can identify whether there are any abnormalities in the intelligent computing cloud platform's computing power operation and attack prevention, so as to ensure the effectiveness of the intelligent computing cloud platform's computing power operation and attack prevention.
[0214] Please see Figure 4 , Figure 4 This is a structural diagram of a computing power operation anti-attack device for an intelligent computing cloud platform provided by the present invention, as shown below. Figure 4 As shown, the computing power operation anti-attack device 400 of the intelligent computing cloud platform includes: Module 401 is used to acquire user access requests for computing power services; Traffic identification module 402 is used to classify and identify the traffic of the user access request and determine the traffic type of the user access request; The routing rule determination module 403 is used to determine the routing rule matching the user access request based on the traffic type. The security protection rule determination module 404 is used to determine a security protection rule combination that is compatible with the routing rule from the security protection rule combination associated with the routing rule, and to distribute the security protection rule combination to the WAF node in a low-load state; wherein, the WAF node is a node in the WAF node cluster deployed in the intelligent computing cloud platform; The security protection module 405 is used to perform security protection on the user access request by executing the combination of security protection rules through the WAF node, so as to prevent attacks on the computing power operation of the intelligent computing cloud platform.
[0215] In some embodiments, the security protection rule determination module 404 is further configured to: Determine the first matching degree of the combination of the routing rule and the associated security protection rule; Based on the first matching degree, a combination of security protection rules adapted to the routing rules is determined.
[0216] In some embodiments, the security protection rule determination module 404 is further configured to: Determine the second matching degree between the routing rule and each security protection rule in the associated security protection rule combination; The second matching degree is weighted and fused to obtain the first matching degree of the combination of the routing rule and the associated security protection rule.
[0217] In some embodiments, the security protection rule determination module 404 is further configured to: Determine the protection type and the number of security protection rules in the associated security protection rule combination; Based on the protection type and the number of security protection rules in the associated security protection rule combination, different weight values are assigned to the second matching degree of the security protection rules; Based on the second matching degree and the weight value corresponding to the second matching degree, the second matching degree is weighted and fused to obtain the first matching degree of the combination of the routing rule and the associated security protection rule.
[0218] In some embodiments, the security protection rule determination module 404 is further configured to: Based on the protection type of the security protection rule, determine the initial weight value of the second matching degree of the security protection rule; The initial weight value is modified based on the number of security protection rules, and different weight values are assigned to the second matching degree of the security protection rules based on the modified initial weight value.
[0219] In some embodiments, the step security protection rule determination module 404 is further configured to: The first matching degree of the associated security protection rule combinations is compared, and the security protection rule combination corresponding to the maximum first matching degree is determined as the security protection rule combination adapted to the routing rule.
[0220] In some embodiments, the security protection rule determination module 404 is further configured to: Collect the operational data of each WAF node in the WAF node cluster, including performance data and resource usage data; The load status of the WAF node is determined based on the operational data; The WAF node in a low-load state is determined based on the load status.
[0221] In some embodiments, the routing rule determination module 403 is further configured to: In response to the traffic type being static content traffic, the first routing rule corresponding to the static content traffic is obtained and used as the routing rule matched for the user access request; In response to the traffic type being dynamic content traffic, multiple second routing rules corresponding to the dynamic content traffic are obtained, and based on the multi-dimensional user information of the user access request, a third routing rule is selected from the second routing rules as the routing rule matched by the user access request.
[0222] In some embodiments, the multi-dimensional user information includes at least requested page information, user identifier, type of computing power service, and access permissions. The routing rule determination module 403 is further configured to: The method is as follows: 1) Determine a second routing rule corresponding to the requested page information, and use it as the third routing rule; 2) Determine a second routing rule corresponding to the user identifier, and use it as the third routing rule; 3) Determine a second routing rule corresponding to the type of computing power service, and use it as the third routing rule; 4) Determine a second routing rule corresponding to the access permission, and use it as the third routing rule.
[0223] In some embodiments, the apparatus further includes: The traffic monitoring module is used to monitor the user access traffic corresponding to the user access request; The adjustment module is used to adjust the security protection rule combination based on the changed computing power service in response to a change in the computing power service accessed by the user access traffic. In some embodiments, the adjustment module is further configured to: Determine the change information of the user access traffic, and in response to the change information meeting the set conditions, determine that the computing power service accessed by the user has changed; Based on the user access requests for the modified computing power service, determine the routing rules that match the user access requests for the modified computing power service; Based on the routing rules matched by the user access requests for the changed computing power service, the combination of security protection rules used to protect the user access requests for the changed computing power service is adjusted.
[0224] The intelligent computing cloud platform computing power operation anti-attack device provided by the present invention can realize the various processes of the various embodiments of the above-mentioned intelligent computing cloud platform computing power operation anti-attack method. The technical features are one-to-one and can achieve the same technical effect. To avoid repetition, it will not be described again here.
[0225] It should be noted that the anti-attack device for the computing power operation of the intelligent computing cloud platform in this invention can be a device, or it can be a component, integrated circuit, or chip in an electronic device.
[0226] The present invention also provides an electronic device, see below. Figure 5 , Figure 5 This is a schematic diagram of the structure of an electronic device provided by an embodiment of the present invention. The electronic device includes a memory 501, a processor 502, and a program or instructions stored in the memory 501 that run on the processor 502. When the program or instructions are executed by the processor 502, they can achieve the following: Figure 1 Any steps in the corresponding intelligent computing cloud platform's computing power operation anti-attack method embodiment and achieving the same beneficial effect will not be elaborated here.
[0227] The processor 502 can be a CPU, ASIC, FPGA, or GPU.
[0228] Those skilled in the art will understand that all or part of the steps of the above-described embodiments of the intelligent computing cloud platform computing power operation anti-attack method can be implemented by hardware related to program instructions, and the program can be stored in a readable medium.
[0229] The present invention also provides a readable storage medium on which a computer program is stored, and which, when executed by a processor, can perform the above-described functions. Figure 1Any step in the corresponding intelligent computing cloud platform's computing power operation anti-attack method embodiment can achieve the same technical effect, and will not be described again here to avoid repetition. The storage medium mentioned includes, for example, read-only memory (ROM), random access memory (RAM), magnetic disk, or optical disk.
[0230] The present invention also provides a computer program product, including computer instructions that, when executed by a processor, implement the above-described... Figure 1 The various processes of the corresponding intelligent computing cloud platform's computing power operation anti-attack method embodiment can achieve the same technical effect, and will not be repeated here to avoid repetition.
[0231] The terms "first," "second," etc., used in this invention are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. Furthermore, the terms "comprising" and "having," and any variations thereof, are intended to cover non-exclusive inclusion. For example, a process, method, system, product, or apparatus that comprises a series of steps or units is not necessarily limited to those steps or units explicitly listed, but may include other steps or units not explicitly listed or inherent to these processes, methods, products, or apparatuses. Additionally, the use of "and / or" in this application indicates at least one of the connected objects, such as A and / or B and / or C, representing seven possibilities: A alone, B alone, C alone, both A and B present, both B and C present, both A and C present, and A, B, and C present.
[0232] It should be noted that, in this document, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Unless otherwise specified, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes that element.
[0233] Through the above description of the embodiments, those skilled in the art can clearly understand that the methods of the above embodiments can be implemented by means of software plus necessary general-purpose hardware platforms. Of course, they can also be implemented by hardware, but in many cases the former is a better implementation method. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, can be embodied in the form of a software product. This computer software product is stored in a storage medium (such as ROM / RAM, magnetic disk, optical disk) and includes several instructions to cause a terminal (which may be a mobile phone, computer, server, air conditioner, or second terminal device, etc.) to execute the methods of the various embodiments of this application.
[0234] The embodiments of this application have been described above with reference to the accompanying drawings. However, this application is not limited to the specific embodiments described above. The specific embodiments described above are merely illustrative and not restrictive. Those skilled in the art can make many other forms under the guidance of this application without departing from the spirit and scope of the claims, and all of these forms are within the protection scope of this application.
Claims
1. A method for preventing attacks on the computing power operation of an intelligent computing cloud platform, characterized in that, The method includes: Step S1: Obtain user access requests for computing power services; Step S2: Classify and identify the traffic of the user access request to determine the traffic type of the user access request; Step S3: Determine the routing rule matching the user access request based on the traffic type; Step S4: Determine the security protection rule combination that matches the routing rule from the security protection rule combination associated with the routing rule, and distribute the security protection rule combination to the WAF node in a low-load state; wherein, the WAF node is a node in the WAF node cluster deployed in the intelligent computing cloud platform; Step S5: The WAF node executes the security protection rule combination to protect the user access request, so as to prevent attacks on the computing power operation of the intelligent computing cloud platform.
2. The method according to claim 1, characterized in that, Step S4 includes: Step S4.1: Determine the first matching degree of the combination of the routing rule and the associated security protection rule; Step S4.2: Based on the first matching degree, determine the combination of security protection rules that are compatible with the routing rules.
3. The method according to claim 2, characterized in that, Step S4.1 includes: Step S4.1.1: Determine the second matching degree of each security protection rule in the combination of the routing rule and the associated security protection rule; Step S4.1.2: Perform weighted fusion on the second matching degree to obtain the first matching degree of the combination of the routing rule and the associated security protection rule.
4. The method according to claim 3, characterized in that, Step S4.1.2 includes: Step S4.1.2.1: Determine the protection type and the number of security protection rules in the associated security protection rule combination; Step S4.1.2.2: Based on the protection type and the number of security protection rules in the associated security protection rule combination, assign different weight values to the second matching degree of the security protection rules; Step S4.1.2.3: Based on the second matching degree and the weight value corresponding to the second matching degree, the second matching degree is weighted and fused to obtain the first matching degree of the combination of the routing rule and the associated security protection rule.
5. The method according to claim 4, characterized in that, Step S4.1.2.2 includes: Step S4.1.2.2.1: Based on the protection type of the security protection rule, determine the initial weight value of the second matching degree of the security protection rule; Step S4.1.2.2.2: Correct the initial weight value based on the number of security protection rules, and assign different weight values to the second matching degree of the security protection rules based on the corrected initial weight value.
6. The method according to claim 2, characterized in that, Step S4.2 includes: Step S4.2.1: Compare the first matching degree of the associated security protection rule combination, and determine the security protection rule combination corresponding to the maximum first matching degree as the security protection rule combination adapted to the routing rule.
7. The method according to claim 1, characterized in that, Step S4 further includes: Step S4.1': Collect the running data of each WAF node in the WAF node cluster, including performance data and resource usage data; Step S4.2': Determine the load status of the WAF node based on the running data; Step S4.3': Determine the WAF nodes in low load state based on the load status.
8. The method according to any one of claims 1-7, characterized in that, Step S3 includes: Step S3.1: In response to the traffic type being static content traffic, obtain the first routing rule corresponding to the static content traffic as the routing rule matched by the user access request; Step S3.2: In response to the traffic type being dynamic content traffic, obtain multiple second routing rules corresponding to the dynamic content traffic, and based on the multi-dimensional user information of the user access request, filter out a third routing rule from the second routing rules as the routing rule matched by the user access request.
9. The method according to claim 8, characterized in that, The multi-dimensional user information includes at least the requested page information, user identifier, type of computing power service, and access permissions. Step S3.1 includes: Step S3.1.1: Determine the second routing rule corresponding to the requested page information as the third routing rule; or, determine the second routing rule corresponding to the user identifier as the third routing rule; or, determine the second routing rule corresponding to the type of computing power service as the third routing rule; or, determine the second routing rule corresponding to the access permission as the third routing rule.
10. The method according to any one of claims 1-7, characterized in that, The method further includes: Step S6: Monitor the user access traffic corresponding to the user access request; Step S7: In response to the change in the computing power service accessed by the user access traffic, adjust the combination of security protection rules based on the changed computing power service.
11. The method according to claim 10, characterized in that, Step S7 includes: Step S7.1: Determine the change information of the user access traffic; in response to the change information meeting the set conditions, determine that the computing power service accessed by the user has changed. Step S7.2: Based on the user access requests for the changed computing power service, determine the routing rules that match the user access requests for the changed computing power service; Step S7.3: Based on the routing rules matched by the user access requests for the changed computing power service, adjust the combination of security protection rules used to protect the user access requests for the changed computing power service.
12. A device for preventing attacks on the computing power operation of an intelligent computing cloud platform, characterized in that, The device includes: The acquisition module is used to acquire user access requests for computing power services; The traffic identification module is used to classify and identify the traffic of the user access request and determine the traffic type of the user access request. The routing rule determination module is used to determine the routing rule matching the user access request based on the traffic type. The security protection rule determination module is used to determine a security protection rule combination that is compatible with the routing rule from the security protection rule combination associated with the routing rule, and to distribute the security protection rule combination to WAF nodes in a low-load state; wherein, the WAF node is a node in a WAF node cluster deployed in an intelligent computing cloud platform; The security protection module is used to execute the combination of security protection rules through the WAF node to protect the user access request, so as to prevent attacks on the computing power operation of the intelligent computing cloud platform.
13. An electronic device, characterized in that, include: A processor, a memory, and a program stored in the memory and executable on the processor, wherein the program, when executed by the processor, implements the steps of the computing power operation anti-attack method for the intelligent computing cloud platform as described in any one of claims 1 to 11.
14. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer program, which, when executed by a processor, implements the steps of the computing power operation anti-attack method for the intelligent computing cloud platform as described in any one of claims 1 to 11.
15. A computer program product, characterized in that, It includes computer instructions, which, when executed by a processor, implement the steps of the computing power operation anti-attack method for the intelligent computing cloud platform as described in any one of claims 1 to 11.