摘要
当Web服务开放给公共使用时,容易遭受爬虫类的资源滥用和攻击.现有的保护手段一般基于验证码或某种形式的审计,各自存在失效或影响服务质量的场景,并且由于严格限制自动化访问,对跨组织合作产生了很高的门槛.服务计算领域广泛存在机器对机器的交互,受影响尤其严重.本文提出一种基于工作量证明的Web服务保护方案,从另一种思路出发,在实现有效保护的同时,放行合理规模的自动化服务请求,降低了服务整合的门槛,促进了组织间的合作,起到优化Web服务资源分配的作用.
Web services are often vulnerable to resource abuse and attacks by web robots,especially when open to public use. Existing protection methods are generally based on CAPTCHA systems or auditing strategies. Their limitations on effectiveness,complexity and/or performance may affect service quality,and might block ad-hoc cooperation via service orchestration. This paper proposes a web service protection scheme using proof-of-work systems. It can produce comparable protection with existing systems,but accepts reasonable robotic requests. Based on the fact that not all robotic traffic cause abuse,we are able to ease the restrictions on ad-hoc service integrations,thus promote cooperation,and ultimately help to rearrange Web services resources.
作者
高建
白晓菲
张亮
GAO Jian;BAI Xiao-fei;ZHANG Liang(School of Computer Science,Fudan University,Shanghai 201203 ,China;Shanghai Key Laboratory of Data Science,Fudan University,Shanghai 201203,China;Shanghai Institute of Intelligent Electronics &Systems,Shanghai 201203,China)
出处
《小型微型计算机系统》
CSCD
北大核心
2019年第8期1652-1657,共6页
Journal of Chinese Computer Systems
基金
国家重点研发计划项目(2017YFB1400604,2018YFC0831402)资助
关键词
Web服务保护
工作量证明
反爬虫
服务组合
Web service protection
proof-of-work system
Web crawler detection
service orchestration
