CN101505247A - Detection method and apparatus for number of shared access hosts - Google Patents

Detection method and apparatus for number of shared access hosts Download PDF

Info

Publication number
CN101505247A
CN101505247A CNA200910106030XA CN200910106030A CN101505247A CN 101505247 A CN101505247 A CN 101505247A CN A200910106030X A CNA200910106030X A CN A200910106030XA CN 200910106030 A CN200910106030 A CN 200910106030A CN 101505247 A CN101505247 A CN 101505247A
Authority
CN
China
Prior art keywords
cookie
packet
record
host
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA200910106030XA
Other languages
Chinese (zh)
Inventor
王飞
刘强
程超
朱洪亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Digital Technologies Chengdu Co Ltd
Original Assignee
Huawei Symantec Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Symantec Technologies Co Ltd filed Critical Huawei Symantec Technologies Co Ltd
Priority to CNA200910106030XA priority Critical patent/CN101505247A/en
Publication of CN101505247A publication Critical patent/CN101505247A/en
Pending legal-status Critical Current

Links

Images

Abstract

The embodiment of the invention discloses a method for detecting the number of shared access host computers, which comprises the following steps: receiving a redirected HTTP request data pack; when the data pack contains a Cookie ID, recording the Cookie ID of the data pack in a record list corresponding to a source address of the data pack; when the data pack does not contain the Cookie ID, allocating a Cookie to the data pack, and recording the Cookie ID of the data pack in the record list corresponding to the source address of the data pack; and counting the Cookie ID record number according to the record list to obtain the number of the shared access host computers of the source address. The detection method can improve the accuracy of detecting the number of the shared access host computers.

Description

A kind of detection method of shared access number of host and device
Technical field
The present invention relates to the communications field, relate in particular to a kind of detection method and device of shared access number of host.
Background technology
For solving the problem of global ip address depletion, IETF (Internet Engineering TaskForce, Internet Engineering Task Force) tissue has proposed network address translation protocol (Network AddressTranslation, NAT) technology.What NAT device was finished is the function of network address translation, and NAT device has one or more public network IP address, is positioned at main frame behind the NAT and has the private network IP address of oneself.When main frame need communicate with the equipment on the public network of being positioned at, NAT device was mapped as a public network IP address and port numbers with the private network IP address and the port numbers of correspondence, could communicate by letter then.Be positioned at like this behind the NAT main frame relatively on other public network equipment be exactly nontransparent.Under many circumstances, for realizing that main frame is supervised, therefore, needs are understood the shared access main frame situation behind the NAT device.
Cookie is the data that are stored in order to distinguish user identity on the subscriber's local terminal, and it is actually a kind of webserver that can allow low volume data is stored into the hard disk or the internal memory of client, or from the technology of the hard disk reading of data of client.Generally, when browsing certain website, what the WEB server sent to the user is not only a page, also has a Cookie who comprises information such as time on date and user ID.User's browser can be kept at this Cookie when obtaining the page under certain file on user's hard disk, when the user visits this website once more, the website is by reading Cookie, obtain user's relevant information, just can make corresponding action, as showing the poster of welcoming you, perhaps allow you need not input the just directly login or the like of ID, password at the page.
In http protocol, Set-Cookie field distribution Cookie during the webserver generally can wrap by HTTP200 OK response to the user of this website of maiden visit, the user obtains Cookie can contain the user afterwards at every turn in the Cookie field in sending to the HTTP request package of this website cookie information.
At present, the shared method that inserts number of host of detection mainly is the CookieID value difference that the different user of utilization same website of visit in the Cookie term of validity obtains, by distinguishing the different CookieID values under the same IP address, be positioned at the number of host that is in active state behind the NAT device thereby detect.
The inventor is in realizing process of the present invention, find in the prior art because each website all is the CookieID of independent allocation oneself, and the website of user on the network's visit is not specific, this has just caused need writing down and statistic of classification all websites of using the visit of each account number or IP address user when the shared access number of host of statistics behind the NAT device, how many individual main frames that is in active state last just can detecting has under this IP address, the testing process more complicated, and because the IP of CookieID binding is different, and the website of user capture has nothing in common with each other, therefore, the accuracy of detection is not high yet.
Summary of the invention
The embodiment of the invention provides a kind of detection method of shared access number of host, and described detection method can improve to detect shares the accuracy that inserts number of host, helps the supervision that inserts main frame to sharing more.
The embodiment of the invention provides a kind of detection method of shared access number of host, comprising: receive the HTML (Hypertext Markup Language) HTTP request data package that is redirected; When including the small routine Cookie ID that downloads to terminal in the described packet, the Cookie ID of the described packet of record in the record sheet corresponding with the source address of described packet, when described packet does not include Cookie ID, described packet is issued Cookie, and in the record sheet corresponding, write down the CookieID of described packet with the source address of described packet; Add up the record number of described Cookie ID according to described record sheet, obtain the shared access number of host of described source address.
The embodiment of the invention also provides a kind of checkout gear of shared access number of host, and described checkout gear comprises data reception module, issues logging modle, statistical module, and described data reception module is used to receive the HTTP request data package that is redirected; The described logging modle that issues is used for the described packet that the data receiver module receives is handled, when including Cookie ID in the described packet, the Cookie ID of the described packet of record in the record sheet corresponding with the source address of described packet, when not including Cookie ID in the described packet, described packet is issued Cookie, and in the record sheet corresponding, write down the Cookie ID of described packet with the source address of described packet; Described statistical module is used for the Cookie ID record count according to the described record statistics that issues logging modle source address to be detected, obtains the shared access number of host of described source address.
The embodiment of the invention also provides a kind of network security supervisory systems, described network security supervisory systems comprises checkout gear and restriction access device, the HTTP request data package that described checkout gear is used for passing through to be received detects the shared number of host that inserts, when including Cookie ID in the described packet, the Cookie ID of the described packet of record in the record sheet corresponding with the source address of described packet, when not including Cookie ID in the described packet, described packet is issued Cookie, and in the record sheet corresponding with the source address of described packet the record described packet Cookie ID, by adding up the Cookie ID record count in the described record sheet, obtain the shared access number of host of described source address, and testing result sent to the restriction access device, described HTTP request data package obtains by being redirected mode; The shared access number of host that described restriction access device is used for checkout gear is detected is judged, and the main frame that exceeds threshold range is limited access handle.
The detection method of the described shared access number of host of the embodiment of the invention is given user's the different character of Cookie ID based on the heterogeneous networks server-assignment, be redirected on the self-built Cookie strategic server by HTTP request data package the user, collect the Cookie id information in the packet that comprises cookie information by described Cookie strategic server, and the packet that does not comprise cookie information issued Cookie, and while cookie information in each HTTP request data package of renewal in the storage list that presets, thereby can count the record number of different Cookie ID under each IP address according to described record sheet, thereby obtain the NAT device or the router of this IP address or have the shared access number of host of the main frame back of shared access function, improved the accuracy that detects, made sharing the supervision that inserts main frame more effective.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, the accompanying drawing of required use is done to introduce simply in will describing the embodiment of the invention below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
The storage list form schematic diagram of the preservation cookie information that presets in the detection method of the shared access number of host that Fig. 1 provides for the embodiment of the invention;
The detection method schematic diagram of the shared access number of host that Fig. 2 provides for the embodiment of the invention one;
The detection method schematic flow sheet of the shared access number of host that Fig. 3 provides for the embodiment of the invention two;
The detection method schematic flow sheet of the shared access number of host that Fig. 4 provides for the embodiment of the invention three;
The structural representation of the checkout gear of the shared access number of host that Fig. 5 provides for the invention process four;
The structural representation of the checkout gear of the shared access number of host that Fig. 6 provides for the invention process five;
The structural representation of a kind of network security supervisory systems that Fig. 7 provides for the invention process six;
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
In http protocol, Set-Cookie field distribution Cookie during the webserver can generally wrap by HTTP200 OK response to the user of this website of maiden visit, the user obtains Cookie can contain the user afterwards at every turn in the Cookie field in sending to the HTTP request package of this website cookie information.The form of Cookie is as follows:
Set-Cookie:NAME=VALUE;Expires=DATE;Path=PATH;Domain=DOMAIN_NAME;SECURE
Having only the NAME=VALUE attribute in the above-mentioned Cookie field is essential option, and this attribute is unique ID value that the user is distributed in the website; Expires (term of validity) attribute is in order to determine effective date of expiry of Cookie, if Cookie does not set the term of validity, then its life cycle finishes to closing browser from open any browser.
The embodiment of the invention just is being based on the heterogeneous networks server-assignment and is proposing for user's the different character of Cookie ID, be redirected to specified server by HTTP request data package with the user, and the Cookie ID that issues according to this server judges and shares the number that inserts main frame, and can further specify interference according to judged result to corresponding main frame.
In actual applications, owing to may not only need to detect the shared access number of host of an IP address, also may need a network is monitored down or even to the shared access main frame in the whole metropolitan area network, therefore, in embodiments of the present invention, adopt storage list as shown in Figure 1 to write down cookie information.As shown in Figure 1, should comprise following information at least in the storage list: IP address, the Cookie term of validity and Cookie ID.Wherein, the IP address is corresponding to IP address to be detected, it is the IP address that shared access main frame to be detected uses, described IP address can be IP address or the IP address of router or the IP address that is used to realize sharing the main frame that inserts of a NAT device, or the like, described IP address can also be one under the LAN the IP address or the IP address under the whole metropolitan area network.The Cookie term of validity is used to judge whether share the access main frame is in active state.Cookie ID correspondence the actual host behind the NAT device under this IP address.Except that above-mentioned information, can also store some supplementarys in the storage list, as described the packet receiving number of packet, update time or the like, these supplementarys can be used for the decision operation that auxiliary Cookie ID carries out testing result, improve the accuracy of testing result.
The detection method schematic diagram of the shared access number of host that Fig. 2 provides for the embodiment of the invention one.As shown in the figure, the shared method that inserts number of host of described detection comprises the steps:
Step 201: receive the HTTP request data package that is redirected;
Described HTTP request data package is used for proposing to obtain the info web request, and described packet comprises the request data package of GET (obtaining) type.Described be redirected can be by writing redirected destination address in the frame src field in the redirected packet of forging, and preserve the web page address that the user will visit originally with the form of parameter; Can also be that the mode of 3xx (the 3xx agreement is the protocol type in the http protocol) response message realizes by the structure code.And be not limited to above implementation.
Step 202: when including Cookie ID in the described packet, the Cookie ID of record data bag in the record sheet of the source IP address correspondence of described packet; When not including CookieID in the described packet, described packet is issued Cookie, the Cookie ID of the described packet of record in the record sheet of the source address correspondence of described packet;
Described Cookie ID is meant the NAME=VALUE field in the cookie information, and this field is unique ID value that the user is distributed in the website.Described source address is generally the source IP address of packet.
Described record sheet as shown in Figure 1, the information that writes down in the described record sheet also comprises the source IP address and the Cookie term of validity in the described packet.Described for packet issues Cookie, can adopt and respond the 200OK packet and the SET-Cookie field is set issues Cookie, also can adopt mode such as JS script to issue Cookie.
Step 203: add up the Cookie ID record count of described source address according to described record sheet, obtain the shared access number of host under this IP address.
The method of the Cookie ID record number of the IP address correspondence that described statistics is to be detected can comprise according to the described record sheet that presets judges whether the Cookie ID of described IP address has crossed the term of validity, need delete for the Cookie ID that surpasses the term of validity, and then the Cookie ID that adds up described IP address correspondence writes down number, obtain the shared access main frame number of this IP address according to the maximum of this Cookie ID record number: if the maximum of this Cookie ID record number equals 1, that then use this IP address is common Internet user; If the maximum of this Cookie ID record number is greater than 1, then this IP address is exactly the IP address of NAT device or router or the main frame with shared access function, and the maximum of this Cookie ID record number is exactly the shared access number of host of NAT device or router or the main frame back with shared access function.
The embodiment of the invention one described technical scheme is by initiatively issuing Cookie to the HTTP request data package that does not comprise Cookie ID, and in the record sheet corresponding with the source IP address of described packet the Cookie ID of record in the described packet, by the Cookie ID record count under each IP in the described record sheet that presets, obtain the shared access number of host under this IP address, determination methods is simple, has improved the accuracy that detects.
The detection method idiographic flow schematic diagram of the shared access number of host that Fig. 3 provides for the embodiment of the invention two, as shown in the figure, described detection method comprises the steps:
Step 301: monitor and obtain the HTTP packet in the network;
Step 302: the data type of HTTP packet described in the determining step 301, if this packet is a HTTP GET packet, then enter step 303, otherwise enter step 301, continue the HTTP packet in monitoring and the reception network;
Described HTTP GET (obtaining) packet is a kind of of HTTP request type packet.
Step 303: the described HTTP GET of step 302 packet is redirected to the Cookie strategic server;
Described Cookie strategic server is the server that presets, the described Cookie of redirecting the user to strategic server can write the Cookie policy server address in the frame src field in the redirected packet of forging, and preserves the web page address that the user will visit originally with the form of parameter; Can also be that the mode of 3xx (the 3xx agreement is the protocol type in the http protocol) response message realizes by the structure code.And be not limited to above implementation.
Whether contain Cookie ID in the step 304:Cookie strategic server determining step 303 described HTTP GET packets, if having, then enter step 306, otherwise enter step 305;
Described Cookie ID is meant the NAME=VALUE field in the cookie information, and this field is unique ID value that the user is distributed in the website.
Step 305:, enter step 306 for the described HTTP GET of step 304 packet issues Cookie;
Described for packet issues Cookie, can the SET-Cookie field is set issue Cookie by adopt responding the 200OK packet, also can adopt mode such as JS script to issue Cookie.
Step 306: extract the information such as source IP address, Cookie ID value of described HTTP GET packet, enter step 307;
Described information comprises the packet receiving number of source IP address, the Cookie term of validity, Cookie ID and the described HTTP GET packet of described packet.
Step 307: the source IP address in the packet that extracts according to step 306 is searched corresponding record sheet, enters step 308;
Described record sheet is the record sheet that presets, at least the source IP address information, the Cookie term of validity in the packet and the Cookie ID that comprise packet in the described record sheet, in addition, in order to improve the accuracy of judgement, information is counted in the packet receiving that also includes described packet in the record sheet of presetting in the embodiment of the invention two.
Step 308: whether there is corresponding C ookieID record in the record sheet of correspondence described in the determining step 307,, then enters step 309 if having, otherwise, enter step 3010;
Step 309: the packet receiving number with corresponding packet in the corresponding Cookie ID record of step 308 increases 1, enters step 3011;
The auxiliary operation that the packet receiving number of the packet in the described record sheet is used for follow-up judgement when sharing number of host.
Step 3010: a newly-built Cookie ID record in the corresponding record sheet described in the step 307, and the packet receiving number of this Cookie ID is filled to 1;
Described Cookie ID record comprises the packet receiving number of Cookie ID, the Cookie term of validity and described packet in the described packet.
Step 3011: add up the Cookie ID record number of described source IP address correspondence according to described record sheet, obtain the shared access number of host of this source IP address.
When the Cookie ID of the described IP of statistics address correspondence writes down number in the described step 3011, need at first to judge whether each Cookie ID is expired, need delete for Cookie ID out of date, and then add up Cookie ID corresponding under the described IP address and write down number, obtain shared access main frame number this IP address under according to the maximum of this Cookie ID record number: equaling 1 if this Cookie ID writes down the maximum of number, is common Internet user under this IP address then; If the maximum of this Cookie ID record number is greater than 1, then this IP address is exactly the IP address of NAT device or router or the main frame with shared access function, and the maximum of this Cookie ID record number is exactly the shared access number of host of NAT device or router or the main frame back with shared access function.Simultaneously, be provided with certain testing conditions in the embodiment of the invention two, described testing conditions can for the packet receiving number greater than 2, promptly the packet receiving number is added up greater than the pairing Cookie ID of 2 packet record number, improved the accuracy that detects.
By the foregoing description as can be seen, the embodiment of the invention is given user's the different character of Cookie ID based on the heterogeneous networks server-assignment, be redirected on the self-built Cookie strategic server by HTTP GET packet the user, collect the Cookie id information in the packet that comprises Cookie ID by described Cookie strategic server, and the packet that does not comprise Cookie ID issued Cookie, and in the record sheet that presets, upgrade Cookie ID in each HTTP GET packet, thereby can obtain the NAT device or the router of this IP address according to the record number that described record sheet is added up different Cookie ID under each IP address or have the shared access number of host of the main frame back of shared access function, improve the accuracy of judging.
The detection method idiographic flow schematic diagram of the shared access number of host that Fig. 4 provides for the embodiment of the invention three, as shown in the figure, described detection method comprises the steps:
Step 401: monitor and obtain the HTTP packet in the network;
Step 402: the data type of HTTP packet described in the determining step 401, if this packet is a HTTP GET packet, then enter step 403, otherwise enter step 401, continue the HTTP packet in monitoring and the reception network;
Described HTTP GET (obtaining) packet is a kind of in the HTTP request type packet.
Step 403: the described HTTP request data package of step 402 is redirected to the Cookie strategic server;
Described Cookie strategic server is the server that presets, the described Cookie of redirecting the user to strategic server can write the Cookie policy server address in the frame src field in the redirected packet of forging, and preserves the web page address that the user will visit originally with the form of parameter; Can also be that the mode of 3xx (the 3xx agreement is the protocol type in the http protocol) response message realizes by the structure code.And be not limited to above implementation.
Step 404:Cookie strategic server judges in the described HTTP GET packet whether contain Cookie ID, if having, then enters step 406, otherwise enters step 405;
Described Cookie ID is meant the NAME=VALUE field in the cookie information, and this field is unique ID value that the user is distributed in the website.
Step 405:, enter step 406 for the described HTTP GET of step 404 packet issues Cookie;
Described for packet issues Cookie, can adopt response 200OK packet that the SET-Cookie field is set and issue Cookie, also can adopt modes such as JS script.
Step 406: extract the key message such as source IP address, Cookie ID value of described HTTP GET packet, enter step 407;
Described key message comprises that the packet receiving of source IP address, the Cookie term of validity, Cookie ID and the described HTTP GET packet of described packet counts information.
Step 407: the source IP address in the packet that extracts according to step 406 is searched corresponding record sheet, enters step 408;
Described record sheet is the record sheet that presets, at least the source IP address information, the Cookie term of validity in the packet and the Cookie ID that comprise packet in the described record sheet, in addition, in order to improve the accuracy of judgement, information is counted in the packet receiving that also includes described packet in the record sheet of presetting in the embodiment of the invention three.
Step 408: whether there is corresponding C ookieID record in the record sheet of correspondence described in the determining step 407,, then enters step 409 if having, otherwise, enter step 4010;
Step 409: in the described record sheet of step 408, will increase 1, and enter step 4011 with the packet receiving number of the corresponding packet of Cookie ID in the described packet;
The auxiliary operation that described packet receiving number with the packet in the record sheet is used for follow-up judgement when sharing number of host.
Step 4010: a newly-built Cookie ID record in the corresponding record sheet described in the step 407 is filled to 1 with the packet receiving number of this Cookie ID;
Step 4011: add up Cookie ID record number corresponding under the described IP address according to described record sheet, obtain the shared access number of host under this IP address, enter step 4012;
When the corresponding down Cookie ID in the described IP of described statistics address writes down number, need at first to judge whether each Cookie ID is expired, need delete for Cookie ID out of date, and then add up Cookie ID corresponding under the described IP address and write down number, obtain shared access main frame number this IP address under according to the maximum of this Cookie ID record number: equaling 1 if this Cookie ID writes down the maximum of number, is common Internet user under this IP address then; If the maximum of this Cookie ID record number is greater than 1, then this IP address is exactly the IP address of NAT device or router or the main frame with shared access function, and the maximum of this Cookie ID record number is exactly the shared access number of host of NAT device or router or the main frame back with shared access function.Simultaneously, the embodiment of the invention is provided with certain testing conditions, described testing conditions can for the packet receiving number greater than 2, promptly the packet receiving number is added up greater than the pairing Cookie ID of 2 packet record number, improved the accuracy that detects.
Step 4012: whether the down corresponding Cookie ID record number in the described IP address of being added up in the determining step 4011 exceeds threshold range, if in threshold range then enter step 4013, otherwise enters step 4014;
Described threshold value is meant the maximum of the shared access number of host that is allowed under the described IP address.
Step 4013: described HTTP GET packet is redirected to former purpose webpage;
Describedly packet is redirected to former purpose webpage can visits former purpose webpage, and be not limited to above implementation by the location field in the redirection message of structure.
Step 4014: the user to the shared access number of host threshold range that exceeds described IP address disturbs according to the interference strategy that presets;
The described strategy that disturbs can adopt the mode that the main frame that exceeds threshold range is pushed alarming page, also can adopt the main frame to exceeding threshold range directly to disturb, the mode of its connection request that breaks, and be not limited to above-mentioned dual mode.Be understandable that, those of ordinary skills can know, described user to threshold range disturbs just sharing a kind of mode that main frame limits access that inserts, can also be by the main frame that exceeds threshold range being pushed advertising message or the main frame that exceeds threshold range mode such as charge being inserted main frame and carries out respective limits and insert and handle sharing.
From the embodiment of the invention three described technical schemes as can be known, the embodiment of the invention three is redirected on the self-built Cookie strategic server by the HTTP GET packet with the user, and judge to share to the mode that the user initiatively issues Cookie and insert number of host, and by the shared access number of host that obtains is judged, in threshold range, then this user's HTTP request data package is redirected to former purpose webpage with sharing the access number of host, the shared access main frame that exceeds threshold range is specified interference.Described technical scheme has not only improved the accuracy that shared access host data detects, can also specify interference to the user who exceeds threshold range according to the interference strategy that presets, improved the accuracy of disturbing, thereby made sharing the monitoring management that inserts main frame more effective.
The structural representation of the checkout gear of the shared access number of host that Fig. 5 provides for the invention process four, as shown in Figure 5, the checkout gear of described shared access number of host comprises:
Data reception module 501: be used to receive the HTTP request data package that is redirected, trigger issuing logging modle 502;
Described HTTP request data package is used for proposing to obtain the info web request, and described packet comprises the request data package of GET (obtaining) type.Described be redirected can be by writing redirected destination address in the frame src field in the redirected packet of forging, and preserve the web page address that the user will visit originally with the form of parameter; Can also be that the mode of 3xx (the 3xx agreement is the protocol type in the http protocol) response message realizes by the structure code.And be not limited to above implementation.
Issue logging modle 502: be used for the described packet that data receiver module 501 receives is handled, when including Cookie ID in the described packet, the Cookie ID of the described packet of record in the record sheet corresponding with the source address of described packet, when not including Cookie ID in the described packet, described packet is issued Cookie, and in the record sheet corresponding, write down the Cookie ID of described packet with the source address of described packet;
Described Cookie ID is meant the NAME=VALUE field in the cookie information, and this field is unique ID value that the user is distributed in the website.Described for packet issues Cookie, can adopt and respond the 200OK packet and the SET-Cookie field is set issues Cookie, also can adopt mode such as JS script to issue Cookie.The information that writes down in the described record sheet also comprises the source IP address and the Cookie term of validity in the described packet.Described source address is generally the source IP address of packet.
The described logging modle 502 that issues comprises:
Cookie issues submodule 5021: be used for the HTTP GET packet that does not include Cookie ID is issued Cookie, trigger cookie information record sub module 5022;
Described Cookie ID is meant the NAME=VALUE field in the cookie information, and this field is unique ID value that the user is distributed in the website.Described for packet issues Cookie, can adopt and respond the 200OK packet and the SET-Cookie field is set issues Cookie, also can adopt mode such as JS script to issue Cookie.
Cookie information record sub module 5022: the Cookie ID that is used for writing down at the corresponding record table described packet according to the source address information of the HTTP GET packet that includes Cookie ID.
Statistical module 503: be used for obtaining the shared access number of host of this source address according to the Cookie ID record count under the described record statistics that issues logging modle 502 source address to be detected.
Described statistical module 503 comprises:
First judges submodule 5031: be used to judge whether the Cookie of described source address surpasses the term of validity;
Statistics submodule 5032: be used for the record of the Cookie ID in term of validity number being added up, obtain the shared access number of host of described source address according to the judged result of the first judgement submodule 5031.
Described statistics comprises that the Cookie ID to surpassing the term of validity deletes, and then add up Cookie ID corresponding under the described IP address and write down number, obtain shared access main frame number this IP address under according to the maximum of this Cookie ID record number: equal 1 if this Cookie ID writes down the maximum of number, that then use this IP address is common Internet user; If the maximum of this Cookie ID record number is greater than 1, then this IP address is exactly the IP address of NAT device or router or the main frame with shared access function, and the maximum of this Cookie ID record number is exactly the shared access number of host of NAT device or router or the main frame back with shared access function.
The embodiment of the invention four described technical schemes are by initiatively issuing Cookie to the HTTP GET packet that does not comprise Cookie ID, and in described HTTP GET packet the Cookie ID in the described packet of record in the record sheet of source address correspondence, by adding up the Cookie ID record count of source address in the described record sheet, obtain the shared access number of host of this source address, determination methods is simple, improve the accuracy that detects, helped the supervision that inserts main frame to sharing.
The structural representation of the checkout gear of the shared access number of host that Fig. 6 provides for the invention process five, as shown in the figure, the checkout gear of described shared access number of host comprises:
Packet detection module 601: the HTTP GET packet that is used to detect the network user;
Described HTTP GET (obtaining) packet is a kind of of HTTP request type packet.
Redirection module 602: be used for packet detection module 501 detected HTTP GET packets are redirected to data reception module 603;
Described packet is redirected to data reception module can write data reception module in the frame src field in the redirected packet of forging address, and preserves the web page address that the user will visit originally with the form of parameter; Can also be that the mode of 3xx (the 3xx agreement is the protocol type in the http protocol) response message realizes by the structure code.And be not limited to above implementation.
Data reception module 603: receive the packet that redirection module 602 is redirected, and trigger first judge module 604;
First judge module 604: be used for judging whether the packet that described data reception module 603 is received includes Cookie ID, and triggering issues logging modle 605;
Described Cookie ID is meant the NAME=VALUE field in the cookie information, and this field is unique ID value that the user is distributed in the website.
Issue logging modle 605: be used for described packet being handled according to the judged result of first judge module 604, when including Cookie ID in the described packet, the Cookie ID of the described packet of record in the record sheet corresponding with the source IP address of described packet, when not including Cookie ID in the described packet, described packet is issued Cookie, and in the record sheet corresponding, write down the Cookie ID of described packet with the source IP address of described packet;
Described for packet issues Cookie, can adopt and respond 200 OK packets and the SET-Cookie field is set issues Cookie, also can adopt mode such as JS script to issue Cookie.The information that writes down in the described record sheet also comprises the packet receiving number of source IP address, the Cookie term of validity and packet in the described packet, and the packet receiving number of described packet is used for the auxiliary operation when share inserting number of host and judge.
The described logging modle 605 that issues comprises:
Cookie issues submodule 6051: be used for the HTTP GET packet that does not include Cookie ID is issued Cookie, trigger cookie information record sub module 6052;
Cookie information record sub module 6052: be used for carrying out corresponding record at the corresponding record table according to the source IP address information that includes the HTTP GET packet of Cookie ID.
The information that writes down in the described record sheet comprises the packet receiving number of Cookie ID, the Cookie term of validity and packet in the described packet.
Statistical module 606:, obtain the shared access number of host of this IP address according to the described Cookie ID record count that issues record statistics in the logging modle 605 source IP address to be detected.
Described statistical module 606 comprises:
Second judges submodule 6061: be used to judge whether the packet receiving number whether Cookie under the described IP address surpasses the term of validity and the pairing packet of described Cookie ID meets the testing conditions that presets;
Described testing conditions is to preset in order to improve statistical accuracy, described testing conditions can for the packet receiving number greater than 2, promptly only the packet receiving number is judged statistics greater than the pairing Cookie ID record of 2 packet number, improved the accuracy that detects.
Statistics submodule 6062: be used for the record of the Cookie ID in term of validity number being added up, obtain the shared access number of host of described IP address according to the judged result of the second judgement submodule 6061.
When the described statistics IP corresponding down Cookie ID in address writes down number, need the Cookie ID that will cross the term of validity to delete, and then add up Cookie ID corresponding under the described IP address and write down number, obtain shared access main frame number this IP address under according to the maximum of this Cookie ID record number: equal 1 if this Cookie ID writes down the maximum of number, that then use this IP address is common Internet user; If the maximum of this Cookie ID record number is greater than 1, then this IP address is exactly the IP address of NAT device or router or the main frame with shared access function, and the maximum of this Cookie ID record number is exactly the shared access number of host of NAT device or router or the main frame back with shared access function.
The embodiment of the invention five described checkout gears are by being redirected the HTTP GET packet in the detected network, initiatively the packet that does not include Cookie ID is issued Cookie, and in the record sheet that presets the relevant information of record in the described packet, add up the Cookie ID record number that satisfies the testing conditions that presets under the IP to be detected address according to described record sheet and obtain sharing under the described IP address number of host that inserts, improve the accuracy that detects, more helped the supervision that inserts main frame to sharing.
The structural representation of a kind of network security supervisory systems that Fig. 7 provides for the embodiment of the invention six, as shown in the figure, described network security supervisory systems comprises:
Checkout gear 70: the HTTP request data package that is used for passing through to be received detects the shared number of host that inserts, when including Cookie ID in the described packet, and the Cookie ID of the described packet of record in the record sheet corresponding with the source address of described packet; When not including Cookie ID in the described packet, described packet is issued Cookie, and in the record sheet corresponding with the source address of described packet the record described packet Cookie ID, by adding up the Cookie ID record count in the described record sheet, obtain the shared access number of host of described source address, and testing result sent to restriction access device 71, described HTTP request data package obtains by being redirected mode;
Described source address is generally the source IP address of packet.
Restriction access device 71: be used for the shared access number of host that checkout gear 70 is detected is judged, and the main frame that exceeds threshold range limited access accordingly handle.
Described checkout gear 70 comprises:
Packet detection module 701: the HTTP GET packet that is used to detect the network user;
Described HTTP GET (obtaining) packet is a kind of of HTTP request type packet.
Redirection module 702: be used for packet detection module 701 detected HTTP GET packets are redirected to data reception module 703, the HTTP GET packet that perhaps is used for being judged as the shared access main frame that does not exceed threshold range through the 3rd judge module 707 is redirected to former purpose webpage;
Described packet is redirected to data reception module can write data reception module in the frame src field in the redirected packet of forging address, and preserves the web page address that the user will visit originally with the form of parameter; Can also be that the mode of 3xx (the 3xx agreement is the protocol type in the http protocol) response message realizes by the structure code.And be not limited to above implementation.
Data reception module 703: receive the packet that redirection module 702 is redirected, and trigger first judge module 704;
First judge module 704: be used for judging whether the packet that described data reception module 703 is received includes Cookie ID, and triggering issues logging modle 705;
Described Cookie ID is meant the NAME=VALUE field in the cookie information, and this field is unique ID value that the user is distributed in the website.
Issue logging modle 705: be used for the information that judged result according to first judge module 704 will include the packet of Cookie ID and in the record sheet corresponding, carry out corresponding record, or in described record sheet, carry out corresponding record after the packet that does not comprise Cookie ID issued Cookie with the source IP address of described packet;
Described for packet issues Cookie, can adopt and respond 200 OK packets and the SET-Cookie field is set issues Cookie, also can adopt mode such as JS script to issue Cookie.The information that writes down in the described record sheet comprises the packet receiving number of source IP address, Cookie ID, the Cookie term of validity and packet in the described packet, and the packet receiving number of described packet is used for the auxiliary operation when share inserting number of host and judge.
The described logging modle 705 that issues comprises:
Cookie issues submodule 7051: be used for the HTTP GET packet that does not include Cookie ID is issued Cookie;
Cookie information record sub module 7052: be used for carrying out respective record at the record sheet of correspondence according to the source IP address information that includes the HTTP GET packet of Cookie ID.
The information that writes down in the described record sheet comprises the packet receiving number of Cookie ID, the Cookie term of validity and packet in the described packet.
Statistical module 706:, obtain the shared access number of host under this IP address, and trigger second judge module 707 according to the described Cookie ID record count that issues under record statistics in the logging modle 705 source IP address to be detected;
Described statistical module 706 comprises:
Second judges submodule 7061: be used to judge whether the packet receiving number whether Cookie under the described IP address surpasses the term of validity and the pairing packet of described Cookie ID meets the testing conditions that presets;
Described testing conditions is to preset in order to improve statistical accuracy, described testing conditions can for the packet receiving number greater than 2, promptly only the packet receiving number is judged statistics greater than the pairing Cookie ID record of 2 packet number, improved the accuracy that detects.
Statistics submodule 7062: be used for the record of the Cookie ID in term of validity number being added up, obtain the shared access number of host under the described IP address according to the judged result of the second judgement submodule 7061.
When the described statistics IP corresponding down Cookie ID in address writes down number, need the Cookie ID that will cross the term of validity to delete, and then add up Cookie ID corresponding under the described IP address and write down number, obtain the shared access main frame number of this IP address according to the maximum of this Cookie ID record number: if the maximum of this Cookie ID record number equals 1, that then use this IP address is common Internet user; If the maximum of this Cookie ID record number is greater than 1, then this IP address is exactly the IP address of NAT device or router or the main frame with shared access function, and the maximum of this Cookie ID record number is exactly the shared access number of host of NAT device or router or the main frame back with shared access function.
Described restriction access device 71 comprises:
Second judge module 711: be used to judge whether the shared access number of host under the described IP address that statistical module 706 added up exceeds threshold range, if do not exceed threshold range then redirection module 702 in the detection trigger device 70 is redirected to former purpose webpage with described HTTP GET packet, if exceed threshold range then trigger restriction access module 712;
Restriction access module 712: be used for the user who exceeds threshold range being limited access according to the restriction access strategy that presets.
Described threshold value is meant the maximum of the shared access number of host that described IP address is allowed.The described restriction access strategy that presets can be for pushing alarming page to the main frame that exceeds threshold range, also can be for the main frame that exceeds threshold range is directly disturbed, the break mode of its connection request, or the main frame that exceeds threshold range pushed advertising message or to the main frame that exceeds threshold range mode such as charge, and be not limited to above-mentioned restriction access strategy.
From the embodiment of the invention six described technical schemes as can be seen, the network security supervisory systems that the embodiment of the invention six provides is by initiatively issuing Cookie to the HTTP request data package in the network, by being write down and add up, the Cookie ID in the packet obtains sharing the number of host that inserts, and limit and insert to handle exceeding the threshold range main frame according to testing result, improved to detect and shared the accuracy that inserts number of host, make the restriction that share to insert main frame inserted and handle more targetedly, make the monitoring management of sharing the main frame that inserts more effective.
One of ordinary skill in the art will appreciate that all or part of flow process that realizes in the foregoing description method, be to instruct relevant hardware to finish by computer program, described program can be stored in the computer read/write memory medium, this program can comprise the flow process as the embodiment of above-mentioned each side method when carrying out.Wherein, described storage medium can be magnetic disc, CD, read-only storage memory body (Read-Only Memory, ROM) or at random store memory body (Random Access Memory, RAM) etc.
The above only is several embodiments of the present invention; be understandable that; for those of ordinary skills; can be equal to replacement or change according to the technical scheme and the inventive concept thereof of the embodiment of the invention, and all these changes or replacement all should belong to the protection range of the appended claim of the present invention.

Claims (14)

1, a kind of detection method of shared access number of host is characterized in that, comprising:
The HTML (Hypertext Markup Language) HTTP request data package that reception is redirected;
When including the small routine Cookie ID that downloads to terminal in the described packet, the Cookie ID of the described packet of record in the record sheet corresponding with the source address of described packet; When not including Cookie ID in the described packet, described packet is issued Cookie, and in the record sheet corresponding, write down the Cookie ID of described packet with the source address of described packet;
Add up the record number of described Cookie ID according to described record sheet, obtain the shared access number of host of described source address.
2, according to the described method of claim 1, it is characterized in that, also comprise: judge whether described shared access number of host exceeds threshold range, the HTTP request data package that will not exceed threshold range is redirected to the former purpose webpage of described packet.
3, according to the described method of claim 1, it is characterized in that, also comprise: judge whether described shared access number of host exceeds threshold range, the user who exceeds threshold range is limited to insert handle.
4, according to the described method of claim 3, it is characterized in that: described restriction inserts to handle and comprises the connection request that the main frame that exceeds threshold range is pushed alarming page, the described main frame that breaks.
5, according to the described method of claim 1, it is characterized in that, also record in the described record sheet: the source address of described packet and the Cookie term of validity.
6, according to the described method of claim 1, it is characterized in that: the described mode that issues Cookie for packet comprises adopting to be responded 200 OK packets and the SET-Cookie field is set issues Cookie.
7, according to the described method of claim 1, it is characterized in that: described redirected mode is included in the frame src field in the redirected packet of forgery and writes redirected destination address.
8, a kind of checkout gear of shared access number of host is characterized in that, comprising:
Data reception module is used to receive the HTTP request data package that is redirected;
Issue logging modle, be used for the described packet that the data receiver module receives is handled, when including Cookie ID in the described packet, the Cookie ID of the described packet of record in the record sheet corresponding with the source address of described packet; When described packet does not include Cookie ID, described packet is issued Cookie, and in the record sheet corresponding, write down the Cookie ID of described packet with the source address of described packet;
Statistical module is used for obtaining the shared access number of host of described source address according to the Cookie ID record count under the described record statistics that the issues logging modle source address to be detected.
9, described according to Claim 8 checkout gear is characterized in that, also comprises:
The packet detection module is used to detect the network user's HTTP request data package;
Redirection module is used for the detected HTTP request data package of packet detection module is redirected to data reception module;
First judge module is used for judging whether the packet that described data reception module receives includes Cookie ID, and triggering issues logging modle.
10, described according to Claim 8 checkout gear is characterized in that, the described logging modle that issues comprises:
Cookie issues submodule, is used for the HTTP request data package that does not include Cookie ID is issued Cookie;
The cookie information record sub module is used for the information that includes the HTTP request data package of Cookie ID is carried out respective record in presetting record sheet.
11, described according to Claim 8 checkout gear is characterized in that, described statistical module comprises:
First judges submodule, is used to judge whether the Cookie under the described source address surpasses the term of validity;
The statistics submodule is used for according to the judged result of the first judgement submodule record of the CookieID in term of validity number being added up, and obtains the shared access number of host of described source address.
12, a kind of network security supervisory systems is characterized in that, comprising:
Checkout gear, the HTTP request data package that is used for passing through to be received detects the shared number of host that inserts, when including Cookie ID in the described packet, the Cookie ID of the described packet of record in the record sheet corresponding with the source address of described packet; When described packet does not include Cookie ID, described packet is issued Cookie, and in the record sheet corresponding with the source address of described packet the record described packet Cookie ID, by adding up the Cookie ID record count in the described record sheet, obtain the shared access number of host under the described source address, and testing result sent to the restriction access device, described HTTP request data package obtains by being redirected mode;
Restriction access device, the shared access number of host that is used for checkout gear is detected are judged, and the main frame that exceeds threshold range are limited access handle.
13, according to the described network security supervisory systems of claim 12, it is characterized in that described checkout gear comprises:
Data reception module is used to receive the HTTP request data package that is redirected;
Issue logging modle, be used for the described packet that the data receiver module receives is handled, when including Cookie ID in the described packet, the Cookie ID of the described packet of record in the record sheet corresponding with the source address of described packet; When not including Cookie ID in the described packet, described packet is issued Cookie, and in the record sheet corresponding, write down the Cookie ID of described packet with the source address of described packet;
Statistical module is used for the Cookie ID record count according to the described record statistics that issues logging modle source address to be detected, obtains the shared access number of host of described source address.
According to the described network security supervisory systems of claim 12, it is characterized in that 14, described restriction access device comprises:
Second judge module, whether the shared access number of host of the described source address that is used to judge that described statistical module is added up exceeds threshold range, if the redirection module that does not exceed threshold range then trigger in the described checkout gear is redirected to former purpose webpage with described HTTP request data package, if exceed threshold range then trigger the restriction access module;
The restriction access module is used for according to the restriction access strategy that presets the user who exceeds threshold range being limited access and handles.
CNA200910106030XA 2009-03-09 2009-03-09 Detection method and apparatus for number of shared access hosts Pending CN101505247A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNA200910106030XA CN101505247A (en) 2009-03-09 2009-03-09 Detection method and apparatus for number of shared access hosts

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNA200910106030XA CN101505247A (en) 2009-03-09 2009-03-09 Detection method and apparatus for number of shared access hosts

Publications (1)

Publication Number Publication Date
CN101505247A true CN101505247A (en) 2009-08-12

Family

ID=40977327

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA200910106030XA Pending CN101505247A (en) 2009-03-09 2009-03-09 Detection method and apparatus for number of shared access hosts

Country Status (1)

Country Link
CN (1) CN101505247A (en)

Cited By (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011113265A1 (en) * 2010-03-18 2011-09-22 中兴通讯股份有限公司 Method, device and system for implementing data shared access
CN103329162A (en) * 2010-12-20 2013-09-25 尼尔森(美国)有限公司 Methods and apparatus to determine media impressions using distributed demographic information
CN103368964A (en) * 2013-07-18 2013-10-23 北京京东尚科信息技术有限公司 Cookie dynamic loading method
CN103747114A (en) * 2013-12-27 2014-04-23 北京集奥聚合网络技术有限公司 Method and system for correlating users in NAT (network address translation) network environment
US8843626B2 (en) 2010-09-22 2014-09-23 The Nielsen Company (Us), Llc Methods and apparatus to determine impressions using distributed demographic information
CN104580540A (en) * 2013-10-09 2015-04-29 腾讯科技(深圳)有限公司 Method and device for achieving website access
US9118542B2 (en) 2011-03-18 2015-08-25 The Nielsen Company (Us), Llc Methods and apparatus to determine an adjustment factor for media impressions
US9215288B2 (en) 2012-06-11 2015-12-15 The Nielsen Company (Us), Llc Methods and apparatus to share online media impressions data
US9237138B2 (en) 2013-12-31 2016-01-12 The Nielsen Company (Us), Llc Methods and apparatus to collect distributed user information for media impressions and search terms
US9313294B2 (en) 2013-08-12 2016-04-12 The Nielsen Company (Us), Llc Methods and apparatus to de-duplicate impression information
US9519914B2 (en) 2013-04-30 2016-12-13 The Nielsen Company (Us), Llc Methods and apparatus to determine ratings information for online media presentations
CN106302797A (en) * 2016-08-31 2017-01-04 北京锐安科技有限公司 A kind of cookie accesses De-weight method and device
CN106664223A (en) * 2015-06-18 2017-05-10 华为技术有限公司 Detection method and detection device for the number of shared access hosts
US9838754B2 (en) 2015-09-01 2017-12-05 The Nielsen Company (Us), Llc On-site measurement of over the top media
US9852163B2 (en) 2013-12-30 2017-12-26 The Nielsen Company (Us), Llc Methods and apparatus to de-duplicate impression information
US9912482B2 (en) 2012-08-30 2018-03-06 The Nielsen Company (Us), Llc Methods and apparatus to collect distributed user information for media impressions and search terms
US9953330B2 (en) 2014-03-13 2018-04-24 The Nielsen Company (Us), Llc Methods, apparatus and computer readable media to generate electronic mobile measurement census data
US10045082B2 (en) 2015-07-02 2018-08-07 The Nielsen Company (Us), Llc Methods and apparatus to correct errors in audience measurements for media accessed using over-the-top devices
US10068246B2 (en) 2013-07-12 2018-09-04 The Nielsen Company (Us), Llc Methods and apparatus to collect distributed user information for media impressions
US10147114B2 (en) 2014-01-06 2018-12-04 The Nielsen Company (Us), Llc Methods and apparatus to correct audience measurement data
US10205994B2 (en) 2015-12-17 2019-02-12 The Nielsen Company (Us), Llc Methods and apparatus to collect distributed user information for media impressions
US10270673B1 (en) 2016-01-27 2019-04-23 The Nielsen Company (Us), Llc Methods and apparatus for estimating total unique audiences
US10311464B2 (en) 2014-07-17 2019-06-04 The Nielsen Company (Us), Llc Methods and apparatus to determine impressions corresponding to market segments
CN109933367A (en) * 2019-02-03 2019-06-25 广州视源电子科技股份有限公司 Cookie implementation method, device and the computer equipment of small routine
US10333882B2 (en) 2013-08-28 2019-06-25 The Nielsen Company (Us), Llc Methods and apparatus to estimate demographics of users employing social media
US10380633B2 (en) 2015-07-02 2019-08-13 The Nielsen Company (Us), Llc Methods and apparatus to generate corrected online audience measurement data
US10803475B2 (en) 2014-03-13 2020-10-13 The Nielsen Company (Us), Llc Methods and apparatus to compensate for server-generated errors in database proprietor impression data due to misattribution and/or non-coverage
US10963907B2 (en) 2014-01-06 2021-03-30 The Nielsen Company (Us), Llc Methods and apparatus to correct misattributions of media impressions
US11381860B2 (en) 2014-12-31 2022-07-05 The Nielsen Company (Us), Llc Methods and apparatus to correct for deterioration of a demographic model to associate demographic information with media impression information
US11562394B2 (en) 2014-08-29 2023-01-24 The Nielsen Company (Us), Llc Methods and apparatus to associate transactions with media impressions

Cited By (89)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011113265A1 (en) * 2010-03-18 2011-09-22 中兴通讯股份有限公司 Method, device and system for implementing data shared access
US8843626B2 (en) 2010-09-22 2014-09-23 The Nielsen Company (Us), Llc Methods and apparatus to determine impressions using distributed demographic information
US11218555B2 (en) 2010-12-20 2022-01-04 The Nielsen Company (Us), Llc Methods and apparatus to use client-server communications across internet domains to determine distributed demographic information for media impressions
CN103329162A (en) * 2010-12-20 2013-09-25 尼尔森(美国)有限公司 Methods and apparatus to determine media impressions using distributed demographic information
US11533379B2 (en) 2010-12-20 2022-12-20 The Nielsen Company (Us), Llc Methods and apparatus to determine media impressions using distributed demographic information
US9979614B2 (en) 2010-12-20 2018-05-22 The Nielsen Company (Us), Llc Methods and apparatus to determine media impressions using distributed demographic information
US8954536B2 (en) 2010-12-20 2015-02-10 The Nielsen Company (Us), Llc Methods and apparatus to determine media impressions using distributed demographic information
US10284667B2 (en) 2010-12-20 2019-05-07 The Nielsen Company (Us), Llc Methods and apparatus to determine media impressions using distributed demographic information
US11729287B2 (en) 2010-12-20 2023-08-15 The Nielsen Company (Us), Llc Methods and apparatus to determine media impressions using distributed demographic information
US10951721B2 (en) 2010-12-20 2021-03-16 The Nielsen Company (Us), Llc Methods and apparatus to determine media impressions using distributed demographic information
CN103329162B (en) * 2010-12-20 2015-11-25 尼尔森(美国)有限公司 Use the method and apparatus of distributed demographics information determination media impression
CN103473721A (en) * 2010-12-20 2013-12-25 尼尔森(美国)有限公司 Methods and apparatus to determine media impressions using distributed demographic information
CN103473721B (en) * 2010-12-20 2017-04-12 尼尔森(美国)有限公司 Methods and apparatus to determine media impressions using distributed demographic information
US9596150B2 (en) 2010-12-20 2017-03-14 The Nielsen Company (Us), Llc Methods and apparatus to determine media impressions using distributed demographic information
US10567531B2 (en) 2010-12-20 2020-02-18 The Nielsen Company (Us), Llc Methods and apparatus to determine media impressions using distributed demographic information
US9118542B2 (en) 2011-03-18 2015-08-25 The Nielsen Company (Us), Llc Methods and apparatus to determine an adjustment factor for media impressions
US9497090B2 (en) 2011-03-18 2016-11-15 The Nielsen Company (Us), Llc Methods and apparatus to determine an adjustment factor for media impressions
US9215288B2 (en) 2012-06-11 2015-12-15 The Nielsen Company (Us), Llc Methods and apparatus to share online media impressions data
US9912482B2 (en) 2012-08-30 2018-03-06 The Nielsen Company (Us), Llc Methods and apparatus to collect distributed user information for media impressions and search terms
US11483160B2 (en) 2012-08-30 2022-10-25 The Nielsen Company (Us), Llc Methods and apparatus to collect distributed user information for media impressions and search terms
US10778440B2 (en) 2012-08-30 2020-09-15 The Nielsen Company (Us), Llc Methods and apparatus to collect distributed user information for media impressions and search terms
US11870912B2 (en) 2012-08-30 2024-01-09 The Nielsen Company (Us), Llc Methods and apparatus to collect distributed user information for media impressions and search terms
US10063378B2 (en) 2012-08-30 2018-08-28 The Nielsen Company (Us), Llc Methods and apparatus to collect distributed user information for media impressions and search terms
US11792016B2 (en) 2012-08-30 2023-10-17 The Nielsen Company (Us), Llc Methods and apparatus to collect distributed user information for media impressions and search terms
US10937044B2 (en) 2013-04-30 2021-03-02 The Nielsen Company (Us), Llc Methods and apparatus to determine ratings information for online media presentations
US9519914B2 (en) 2013-04-30 2016-12-13 The Nielsen Company (Us), Llc Methods and apparatus to determine ratings information for online media presentations
US10192228B2 (en) 2013-04-30 2019-01-29 The Nielsen Company (Us), Llc Methods and apparatus to determine ratings information for online media presentations
US11669849B2 (en) 2013-04-30 2023-06-06 The Nielsen Company (Us), Llc Methods and apparatus to determine ratings information for online media presentations
US11410189B2 (en) 2013-04-30 2022-08-09 The Nielsen Company (Us), Llc Methods and apparatus to determine ratings information for online media presentations
US10643229B2 (en) 2013-04-30 2020-05-05 The Nielsen Company (Us), Llc Methods and apparatus to determine ratings information for online media presentations
US11830028B2 (en) 2013-07-12 2023-11-28 The Nielsen Company (Us), Llc Methods and apparatus to collect distributed user information for media impressions
US10068246B2 (en) 2013-07-12 2018-09-04 The Nielsen Company (Us), Llc Methods and apparatus to collect distributed user information for media impressions
US11205191B2 (en) 2013-07-12 2021-12-21 The Nielsen Company (Us), Llc Methods and apparatus to collect distributed user information for media impressions
CN103368964A (en) * 2013-07-18 2013-10-23 北京京东尚科信息技术有限公司 Cookie dynamic loading method
CN103368964B (en) * 2013-07-18 2016-04-06 北京京东尚科信息技术有限公司 A kind of Cookie dynamic loading method
US9313294B2 (en) 2013-08-12 2016-04-12 The Nielsen Company (Us), Llc Methods and apparatus to de-duplicate impression information
US10552864B2 (en) 2013-08-12 2020-02-04 The Nielsen Company (Us), Llc Methods and apparatus to de-duplicate impression information
US11222356B2 (en) 2013-08-12 2022-01-11 The Nielsen Company (Us), Llc Methods and apparatus to de-duplicate impression information
US11651391B2 (en) 2013-08-12 2023-05-16 The Nielsen Company (Us), Llc Methods and apparatus to de-duplicate impression information
US9928521B2 (en) 2013-08-12 2018-03-27 The Nielsen Company (Us), Llc Methods and apparatus to de-duplicate impression information
US11496433B2 (en) 2013-08-28 2022-11-08 The Nielsen Company (Us), Llc Methods and apparatus to estimate demographics of users employing social media
US10333882B2 (en) 2013-08-28 2019-06-25 The Nielsen Company (Us), Llc Methods and apparatus to estimate demographics of users employing social media
CN104580540A (en) * 2013-10-09 2015-04-29 腾讯科技(深圳)有限公司 Method and device for achieving website access
CN104580540B (en) * 2013-10-09 2018-11-23 腾讯科技(深圳)有限公司 The implementation method and device of website visiting
CN103747114B (en) * 2013-12-27 2015-09-09 北京集奥聚合网络技术有限公司 The method and system of associated user under NAT network environment
CN103747114A (en) * 2013-12-27 2014-04-23 北京集奥聚合网络技术有限公司 Method and system for correlating users in NAT (network address translation) network environment
US9852163B2 (en) 2013-12-30 2017-12-26 The Nielsen Company (Us), Llc Methods and apparatus to de-duplicate impression information
US9641336B2 (en) 2013-12-31 2017-05-02 The Nielsen Company (Us), Llc Methods and apparatus to collect distributed user information for media impressions and search terms
US10498534B2 (en) 2013-12-31 2019-12-03 The Nielsen Company (Us), Llc Methods and apparatus to collect distributed user information for media impressions and search terms
US9979544B2 (en) 2013-12-31 2018-05-22 The Nielsen Company (Us), Llc Methods and apparatus to collect distributed user information for media impressions and search terms
US11562098B2 (en) 2013-12-31 2023-01-24 The Nielsen Company (Us), Llc Methods and apparatus to collect distributed user information for media impressions and search terms
US10846430B2 (en) 2013-12-31 2020-11-24 The Nielsen Company (Us), Llc Methods and apparatus to collect distributed user information for media impressions and search terms
US9237138B2 (en) 2013-12-31 2016-01-12 The Nielsen Company (Us), Llc Methods and apparatus to collect distributed user information for media impressions and search terms
US10963907B2 (en) 2014-01-06 2021-03-30 The Nielsen Company (Us), Llc Methods and apparatus to correct misattributions of media impressions
US10147114B2 (en) 2014-01-06 2018-12-04 The Nielsen Company (Us), Llc Methods and apparatus to correct audience measurement data
US11068927B2 (en) 2014-01-06 2021-07-20 The Nielsen Company (Us), Llc Methods and apparatus to correct audience measurement data
US11727432B2 (en) 2014-01-06 2023-08-15 The Nielsen Company (Us), Llc Methods and apparatus to correct audience measurement data
US10803475B2 (en) 2014-03-13 2020-10-13 The Nielsen Company (Us), Llc Methods and apparatus to compensate for server-generated errors in database proprietor impression data due to misattribution and/or non-coverage
US11037178B2 (en) 2014-03-13 2021-06-15 The Nielsen Company (Us), Llc Methods and apparatus to generate electronic mobile measurement census data
US11568431B2 (en) 2014-03-13 2023-01-31 The Nielsen Company (Us), Llc Methods and apparatus to compensate for server-generated errors in database proprietor impression data due to misattribution and/or non-coverage
US9953330B2 (en) 2014-03-13 2018-04-24 The Nielsen Company (Us), Llc Methods, apparatus and computer readable media to generate electronic mobile measurement census data
US10217122B2 (en) 2014-03-13 2019-02-26 The Nielsen Company (Us), Llc Method, medium, and apparatus to generate electronic mobile measurement census data
US11887133B2 (en) 2014-03-13 2024-01-30 The Nielsen Company (Us), Llc Methods and apparatus to generate electronic mobile measurement census data
US11068928B2 (en) 2014-07-17 2021-07-20 The Nielsen Company (Us), Llc Methods and apparatus to determine impressions corresponding to market segments
US10311464B2 (en) 2014-07-17 2019-06-04 The Nielsen Company (Us), Llc Methods and apparatus to determine impressions corresponding to market segments
US11854041B2 (en) 2014-07-17 2023-12-26 The Nielsen Company (Us), Llc Methods and apparatus to determine impressions corresponding to market segments
US11562394B2 (en) 2014-08-29 2023-01-24 The Nielsen Company (Us), Llc Methods and apparatus to associate transactions with media impressions
US11381860B2 (en) 2014-12-31 2022-07-05 The Nielsen Company (Us), Llc Methods and apparatus to correct for deterioration of a demographic model to associate demographic information with media impression information
CN106664223A (en) * 2015-06-18 2017-05-10 华为技术有限公司 Detection method and detection device for the number of shared access hosts
CN106664223B (en) * 2015-06-18 2020-03-20 华为技术有限公司 Method and device for detecting number of shared access hosts
US10380633B2 (en) 2015-07-02 2019-08-13 The Nielsen Company (Us), Llc Methods and apparatus to generate corrected online audience measurement data
US11259086B2 (en) 2015-07-02 2022-02-22 The Nielsen Company (Us), Llc Methods and apparatus to correct errors in audience measurements for media accessed using over the top devices
US10045082B2 (en) 2015-07-02 2018-08-07 The Nielsen Company (Us), Llc Methods and apparatus to correct errors in audience measurements for media accessed using over-the-top devices
US11645673B2 (en) 2015-07-02 2023-05-09 The Nielsen Company (Us), Llc Methods and apparatus to generate corrected online audience measurement data
US10785537B2 (en) 2015-07-02 2020-09-22 The Nielsen Company (Us), Llc Methods and apparatus to correct errors in audience measurements for media accessed using over the top devices
US11706490B2 (en) 2015-07-02 2023-07-18 The Nielsen Company (Us), Llc Methods and apparatus to correct errors in audience measurements for media accessed using over-the-top devices
US10368130B2 (en) 2015-07-02 2019-07-30 The Nielsen Company (Us), Llc Methods and apparatus to correct errors in audience measurements for media accessed using over the top devices
US9838754B2 (en) 2015-09-01 2017-12-05 The Nielsen Company (Us), Llc On-site measurement of over the top media
US11785293B2 (en) 2015-12-17 2023-10-10 The Nielsen Company (Us), Llc Methods and apparatus to collect distributed user information for media impressions
US11272249B2 (en) 2015-12-17 2022-03-08 The Nielsen Company (Us), Llc Methods and apparatus to collect distributed user information for media impressions
US10827217B2 (en) 2015-12-17 2020-11-03 The Nielsen Company (Us), Llc Methods and apparatus to collect distributed user information for media impressions
US10205994B2 (en) 2015-12-17 2019-02-12 The Nielsen Company (Us), Llc Methods and apparatus to collect distributed user information for media impressions
US10979324B2 (en) 2016-01-27 2021-04-13 The Nielsen Company (Us), Llc Methods and apparatus for estimating total unique audiences
US10270673B1 (en) 2016-01-27 2019-04-23 The Nielsen Company (Us), Llc Methods and apparatus for estimating total unique audiences
US10536358B2 (en) 2016-01-27 2020-01-14 The Nielsen Company (Us), Llc Methods and apparatus for estimating total unique audiences
US11562015B2 (en) 2016-01-27 2023-01-24 The Nielsen Company (Us), Llc Methods and apparatus for estimating total unique audiences
US11232148B2 (en) 2016-01-27 2022-01-25 The Nielsen Company (Us), Llc Methods and apparatus for estimating total unique audiences
CN106302797A (en) * 2016-08-31 2017-01-04 北京锐安科技有限公司 A kind of cookie accesses De-weight method and device
CN109933367A (en) * 2019-02-03 2019-06-25 广州视源电子科技股份有限公司 Cookie implementation method, device and the computer equipment of small routine

Similar Documents

Publication Publication Date Title
CN101505247A (en) Detection method and apparatus for number of shared access hosts
CN109951500B (en) Network attack detection method and device
KR101391781B1 (en) Apparatus and Method for Detecting HTTP Botnet based on the Density of Web Transaction
CN103179132B (en) A kind of method and device detecting and defend CC attack
KR101662605B1 (en) System and method for correlating network information with subscriber information in a mobile network environment
CN102624706B (en) Method for detecting DNS (domain name system) covert channels
KR101689299B1 (en) Automated verification method of security event and automated verification apparatus of security event
US8413247B2 (en) Adaptive data collection for root-cause analysis and intrusion detection
Ganesh Kumar et al. Improved network traffic by attacking denial of service to protect resource using Z-test based 4-tier geomark traceback (Z4TGT)
US9660833B2 (en) Application identification in records of network flows
CN108259425A (en) The determining method, apparatus and server of query-attack
CN103095676A (en) Filtrating system and filtrating method
CN102404741B (en) Method and device for detecting abnormal online of mobile terminal
CN103139138A (en) Application layer denial of service (DoS) protective method and system based on client detection
US8806001B2 (en) Method, device and gateway server for detecting proxy at the gateway
CN103152325B (en) Prevent the method by sharing mode access the Internet and device
CN101599857B (en) Method, device and network detection system for detecting number of host computers accessed to sharing
CN105162763B (en) Communication data processing method and device
KR101623570B1 (en) Method for detecting harmful dns and spoofing site, and security system thereof
CN114301706B (en) Defense method, device and system based on existing threat in target node
CN106411819A (en) Method and apparatus for recognizing proxy Internet protocol address
KR102211503B1 (en) Harmful ip determining method
CN107612946A (en) Detection method, detection means and the electronic equipment of IP address
US9723017B1 (en) Method, apparatus and computer program product for detecting risky communications
CN115664833B (en) Network hijacking detection method based on local area network safety equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C53 Correction of patent for invention or patent application
CB02 Change of applicant information

Address after: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River

Applicant after: Huawei Symantec Technologies Co., Ltd.

Address before: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River

Applicant before: Chengdu Huawei Symantec Technologies Co., Ltd.

COR Change of bibliographic data

Free format text: CORRECT: APPLICANT; FROM: CHENGDU HUAWEI SYMANTEC TECHNOLOGIES CO., LTD. TO: HUAWEI DIGITAL TECHNOLOGY (CHENGDU) CO., LTD.

C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20090812