Along with the development of Internet technologies, the amount of information over networks has been trending to explosively grow, and there are also an increasing number of tools generating automatic scanning actions based on the networks, e.g., search engines, downloading tools, scanners, etc., the automatic scanning actions of these tools are not generated by their users but automatically generated by the tools to analyze the information over the networks, and considerable network resources may be occupied by the automatic scanning actions of these tools, thus interfering with normal accesses of the users. It is thus very necessary to determine and block these automatic scanning actions.
There are generally two methods for determining automatic scanning actions: firstly, a library of characteristic information to determine an automatic scanning action is created from characteristic information of tools generating automatic scanning actions, and upon reception of an access request, characteristic information in the access request is matched with the characteristic information in the library of characteristic information to judge whether there is an automatic scanning action, but this method suffers from poor applicability because only an automatic scanning action of an tool with known characteristic information may be determined but unknown characteristic information may not be handled; and secondly, the determination is made according to the frequency of alarms issued by a network security apparatus so that an automatic scanning action is determined when the frequency is higher than some alarm frequency, but this determination method is too simply and suffers from poor accuracy.
In summary, the existing methods for determining an automatic scanning action suffer from poor applicability and accuracy.