CN106028297B - Short message processing method and device carrying URL - Google Patents

Abstract

The disclosure relates to a short message processing method and device carrying a website address, and belongs to the technical field of network security. The method includes: when receiving a short message carrying a website address, obtaining a secure domain name database provided by the server and corresponding to the contact number of the short message; detecting whether the primary domain name in the website exists in the secure domain name database; As a result, when the primary domain name does not exist in the security database, predetermined processing is performed on the short message. By setting up a secure domain name database in advance, compare the primary domain name of the URL in the SMS with the primary domain name in the secure domain name database, as long as the primary domain name of the URL does not exist in the secure domain name database, the SMS will be preset , improving the security of opening the URL in the text message, and reducing the risk of property loss or information leakage caused by the user clicking a malicious URL in the text message.

Description

Short message processing method and device carrying URL

technical field

The present disclosure relates to the technical field of network security, in particular to a method and device for processing short messages carrying URLs.

Background technique

As users use mobile phones and other terminals to open URLs in text messages, more and more fake base stations pretend to be service numbers of banks and operators to send text messages containing phishing website URLs to users, inducing users to click and defraud users of their accounts. and password information.

In related technologies, a database containing malicious URLs can be pre-stored in the mobile phone or server. When the mobile phone receives a short message containing a URL, the mobile phone will compare the URL with the URLs in the database. When a certain URL is the same, it is determined that the short message is a short message sent by a pseudo base station.

Contents of the invention

The embodiment of the present disclosure provides a short message processing method and device carrying a website address, and the technical solution is as follows:

According to the first aspect of the embodiments of the present disclosure, there is provided a method for processing short messages carrying URLs, the method comprising:

When receiving a short message carrying a website address, obtain the security domain name database provided by the server and corresponding to the contact number of the short message;

Detecting whether the primary domain name in the website exists in the secure domain name database;

When the detection result is that the primary domain name does not exist in the security database, predetermined processing is performed on the short message.

Optionally, when the detection result is that the primary domain name does not exist in the security database, performing predetermined processing on the short message includes:

Obtaining the malicious domain name database provided by the server and corresponding to the contact number of the short message;

Detecting whether the primary domain name exists in the malicious domain name database;

When the primary domain name exists in the malicious domain name database, process the short message according to the first processing method;

When the primary domain name does not exist in the malicious domain name database, the short message is processed in a second processing manner.

Optionally, the processing of the short message according to the first processing method includes:

Process the short message according to at least one of the following processing methods:

Displaying a first prompt message in the incoming letter reminder interface, the first prompt message is used to prompt that a short message containing a malicious URL is received;

Move the short message to a designated group;

When an operation of viewing the content of the short message is detected, displaying second prompt information, the second prompt information is used to prompt that the short message contains a malicious URL;

Alternatively, when an access operation to the URL is detected, calling the browser is prohibited.

Optionally, the processing of the short message according to the second processing method includes:

When an access operation to the website is detected, third prompt information is displayed, and the third prompt information is used to prompt whether to determine to visit the website.

According to the second aspect of the embodiments of the present disclosure, there is provided a method for processing short messages carrying URLs, the method comprising:

Generate a secure domain name database corresponding to the contact number;

The secure domain name database is provided to the terminal, so that when the terminal receives the short message corresponding to the contact number and carries the website address, and detects that the primary domain name of the website does not exist in the security database, The short message is scheduled to be processed.

Optionally, the method also includes:

generating a malicious domain name database corresponding to the contact number;

The malicious domain name database is provided to the terminal.

Optionally, the generating a security domain name database corresponding to a contact number includes:

Acquiring the frequency of occurrence of the main domain name of each website in each text message carrying a website corresponding to the contact number;

Among the primary domain names of the respective websites, the primary domain names whose occurrence frequency is greater than the first frequency threshold are added to the security domain name database corresponding to the contact number.

Optionally, the generating the malicious domain name database corresponding to the contact number includes:

Adding the main domain names whose frequency of occurrence is not greater than the second frequency threshold among the main domain names of the respective URLs to the malicious domain name database corresponding to the contact number;

Wherein, the second frequency threshold is less than or equal to the first frequency threshold.

According to a third aspect of the embodiments of the present disclosure, there is provided a short message processing device carrying a website, the device comprising:

An acquisition module, configured to acquire a secure domain name database provided by the server and corresponding to the contact number of the short message when receiving the short message carrying the URL;

A detection module, configured to detect whether the primary domain name in the website exists in the secure domain name database;

A processing module, configured to perform predetermined processing on the short message when the detection result is that the primary domain name does not exist in the security database.

Optionally, the processing module includes:

The obtaining submodule is used to obtain the malicious domain name database provided by the server and corresponding to the contact number of the short message;

A detection submodule, configured to detect whether the primary domain name exists in the malicious domain name database;

The first processing submodule is configured to process the short message according to a first processing method when the primary domain name exists in the malicious domain name database;

The second processing sub-module is configured to process the short message in a second processing manner when the primary domain name does not exist in the malicious domain name database.

Optionally, the first processing submodule is configured to process the short message according to at least one of the following processing methods:

Displaying a first prompt message in the incoming letter reminder interface, the first prompt message is used to prompt that a short message containing a malicious URL is received;

Move the short message to a designated group;

When an operation of viewing the content of the short message is detected, displaying second prompt information, the second prompt information is used to prompt that the short message contains a malicious URL;

When an access operation to said URL is detected, the browser is prohibited from being invoked.

Optionally, the second processing submodule is configured to display third prompt information when an access operation to the website is detected, and the third prompt information is used to prompt whether to determine to visit the website.

According to the fourth aspect of the embodiments of the present disclosure, there is provided a short message processing device carrying a website, the device comprising:

The first generating module is used to generate a secure domain name database corresponding to the contact number;

The first providing module is configured to provide the secure domain name database to the terminal, so that the terminal detects that the secure domain name database does not exist in the secure database after receiving the short message corresponding to the contact number and carrying the URL. When the primary domain name of the website is selected, the short message is scheduled to be processed.

Optionally, the device also includes:

The second generating module is used to generate a malicious domain name database corresponding to the contact number;

The second providing module is configured to provide the malicious domain name database to the terminal.

Optionally, the first generation module includes:

The frequency obtaining sub-module is used to obtain the frequency of occurrence of the main domain name of each website in each text message carrying a website corresponding to the contact number;

The adding sub-module is used to add the main domain names whose frequency of occurrence is greater than the first frequency threshold among the main domain names of each website to the security domain name database corresponding to the contact number.

Optionally, the second generating module is configured to add, among the main domain names of each website, the main domain names whose occurrence frequency is not greater than the second frequency threshold to the malicious domain name database corresponding to the contact number;

Wherein, the second frequency threshold is less than or equal to the first frequency threshold.

According to the fifth aspect of the embodiments of the present disclosure, there is provided a short message processing device carrying a website, characterized in that the device includes:

processor;

memory for storing executable instructions of the processor;

Among them, the processor configuration is set to:

When receiving a short message carrying a website address, obtain the security domain name database provided by the server and corresponding to the contact number of the short message;

Detecting whether the primary domain name in the website exists in the secure domain name database;

When the detection result is that the primary domain name does not exist in the security database, predetermined processing is performed on the short message.

According to the sixth aspect of the embodiments of the present disclosure, there is provided a short message processing device carrying a website, characterized in that the device includes:

processor;

memory for storing executable instructions of the processor;

Among them, the processor configuration is set to:

Generate a secure domain name database corresponding to the contact number;

The secure domain name database is provided to the terminal, so that when the terminal receives the short message corresponding to the contact number and carries the website address, and detects that the primary domain name of the website does not exist in the security database, The short message is scheduled to be processed.

The technical solutions provided by the embodiments of the present disclosure may include the following beneficial effects:

When the terminal receives a short message carrying a website, it detects whether the main domain name in the website exists in the security domain name database corresponding to the contact number of the short message, and when the detection result is that the main domain name does not exist in the security database, the The short message is scheduled to be processed. By setting a secure domain name database in advance, the main domain name of the website in the short message is compared with the main domain name in the safe domain name database. As long as the main domain name of the website does not exist in the safe domain name database, the The preset processing of SMS improves the safety of opening the URL in the SMS and reduces the risk of property loss or information leakage caused by users clicking malicious URLs in the SMS.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the present disclosure.

Description of drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description serve to explain the principles of the disclosure.

FIG. 1 is a schematic diagram of an implementation environment involved in a short message processing method with a website address according to the present disclosure;

Fig. 2 is a flow chart showing a method for processing short messages carrying URLs according to an exemplary embodiment;

Fig. 3 is a flow chart showing a method for processing short messages carrying URLs according to an exemplary embodiment;

Fig. 4 is a flow chart showing a method for processing short messages carrying URLs according to an exemplary embodiment;

Fig. 5 is a schematic diagram of a reminder interface provided based on the embodiment shown in Fig. 4;

Fig. 6 is a schematic diagram of an operation interface provided based on the embodiment shown in Fig. 4;

Fig. 7 is a schematic diagram of another operation interface provided based on the embodiment shown in Fig. 4;

Fig. 8 is a schematic diagram of another operation interface provided based on the embodiment shown in Fig. 4;

Fig. 9 is a flow chart showing a method for processing short messages carrying URLs according to yet another exemplary embodiment;

Fig. 10 is a block diagram of a short message processing device carrying a website according to an exemplary embodiment;

Fig. 11 is a block diagram of a short message processing device carrying a website according to another exemplary embodiment;

Fig. 12 is a block diagram of a short message processing device carrying a website address according to an exemplary embodiment;

Fig. 13 is a block diagram of a short message processing device carrying a website according to another exemplary embodiment;

Fig. 14 is a block diagram of a device according to an exemplary embodiment;

Fig. 15 is a block diagram of another device according to an exemplary embodiment.

Detailed ways

Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numerals in different drawings refer to the same or similar elements unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatuses and methods consistent with aspects of the present disclosure as recited in the appended claims.

Fig. 1 is a schematic diagram of an implementation environment involved in the method for processing a short message carrying a website address according to the present disclosure. The implementation environment may include: a server 110 and a terminal 120 .

The server 110 may be one server, or a server cluster composed of several servers, or a cloud computing service center.

The terminal 120 may be a mobile communication device capable of receiving short messages sent by an operator or a communication service provider, such as a mobile phone.

The server 110 and the terminal 120 may be connected through a wireless network.

In the following, taking the implementation environment shown in FIG. 1 as an example, the technical solutions provided by various embodiments of the present disclosure are introduced and described.

Fig. 2 is a flow chart showing a method for processing a short message carrying a website address according to an exemplary embodiment. The method can be applied to the terminal 120 in the implementation environment shown in FIG. 1 . The method may include the following steps.

In step 201, when a short message carrying a website address is received, a secure domain name database provided by the server and corresponding to the contact number of the short message is obtained.

In step 202, it is detected whether the main domain name in the website exists in the secure domain name database.

In step 203, when the detection result is that the primary domain name does not exist in the security database, predetermined processing is performed on the short message.

To sum up, in the method provided by the embodiment of the present disclosure, when the terminal receives a short message carrying a website address, it detects whether the primary domain name in the website exists in the security domain name database corresponding to the contact number of the short message, and when the detection result is When the primary domain name does not exist in the security database, the text message is scheduled to be processed. By setting a security domain name database in advance, the primary domain name of the URL in the message is compared with the primary domain name in the security domain name database. As long as the security domain name database When the main domain name of the URL does not exist in the SMS, the SMS will be preset, which improves the security of opening the URL in the SMS, and reduces the risk of property loss or information leakage caused by the user clicking the malicious URL in the SMS.

Fig. 3 is a flow chart showing a method for processing a short message carrying a website address according to an exemplary embodiment. The method can be applied to the server 110 in the implementation environment shown in FIG. 1 . The method may include the following steps.

In step 301, a secure domain name database corresponding to a contact number is generated.

In step 302, the secure domain name database is provided to the terminal, so that when the terminal receives the short message corresponding to the contact number and carries the website address, and detects that the primary domain name of the website does not exist in the security database, it responds to the The SMS is scheduled for processing.

To sum up, the method provided by the embodiment of the present disclosure generates the security domain name database corresponding to the contact number and provides it to the terminal. Whether the main domain name in the website exists in the domain name database, when the detection result is that the main domain name does not exist in the security database, the short message is scheduled to be processed, and the main domain name of the website in the short message is set by presetting a safe domain name database. Compared with the primary domain name in the secure domain name database, as long as the primary domain name of the URL does not exist in the secure domain name database, the SMS will be preset, which improves the security of opening the URL in the SMS and reduces user concerns Risk of property damage or information leakage caused by clicking on malicious URLs in text messages.

Fig. 4 is a flow chart showing a method for processing a short message carrying a website address according to an exemplary embodiment. The method can be applied to the server 110 and the terminal 120 in the implementation environment shown in FIG. 1 . The method may include the following steps.

In step 401, the server collects each short message carrying a website address corresponding to a contact number, counts and obtains the occurrence frequency of the primary domain name of each website in each short message carrying a website address corresponding to the contact number.

Here, the contact number may be a service number of an institution such as an operator, a bank, a courier, an airline, or a state agency, or a number used by other terminals capable of sending short messages. According to a determined contact number, the server collects each short message carrying a website address corresponding to the number.

For example, the server may collect various short messages received by each terminal connected to the server with the contact number 95566, and the collection period may be within three months or within one week, which is not limited here. Afterwards, the server obtains the main domain name of the website carried in each short message, counts the number of appearances of each main domain name, and calculates the frequency of occurrence of each main domain name (number of appearances/number of short messages). For example, a contact number of 95566 sent a total of 10,000 short messages carrying URLs, among which the number of short messages with the main domain name boc.cn is 8900, and the occurrence frequency of the main domain name boc.cn is 89%. If the main domain name If the number of short messages for boco.cn is 100, the occurrence frequency of the primary domain name boc.cn is 1%.

Optionally, in this step, when the terminal connected to the server receives a short message corresponding to a contact number and carrying a website address, it can extract the main domain name of the website address in the short message, and store the contact number and The extracted main domain name is sent to the server, and the server counts the occurrence frequency of the main domain name of each website in each short message carrying the website address corresponding to the contact number.

In step 402, the server adds, among the primary domain names of each website, the primary domain names whose occurrence frequency is greater than the first frequency threshold to the security domain name database corresponding to the contact number.

The first frequency threshold is a preset fixed value, which can be set and determined by server maintenance personnel before step 302 is executed, or dynamically determined by the server according to the current security environment in the Internet. For example, to divide the security environment of the Internet into three security levels: the green level of the whole network security, the yellow level of partial pollution, and the red level of attack outbreaks, the first frequency threshold can be set to a smaller value A at the green level 1. Set the first frequency threshold to a generally large value B for the yellow level, and set the first frequency threshold to a relatively large value C for the red level, where A<B<C.

Based on the example in step 401, the server adds the primary domain names greater than the first frequency threshold among the primary domain names appearing in each website into the security domain name database corresponding to the contact number. For example, the first frequency threshold is 80%, and when the frequency of the main domain name appearing in each text message carrying the website address corresponding to the contact number is 89% (greater than the first frequency threshold 80%), the main domain name Add it to the security domain name database corresponding to the contact number.

In step 403, the server adds, among the main domain names of each website, those whose frequency of occurrence is not greater than the second frequency threshold to the malicious domain name database corresponding to the contact number.

The process is similar to step 402. The second frequency threshold is a preset fixed value, which can be set and determined by the server maintenance personnel before step 403 is executed, or dynamically determined by the server according to the current security environment in the Internet.

Based on the example in step 401, the server adds the primary domain names not greater than the second frequency threshold among the primary domain names appearing in each website into the security domain name database corresponding to the contact number. For example, the second frequency threshold is 5%, and when the frequency of the main domain name appearing in each short message carrying the website address corresponding to the contact number is 1% (not greater than the second frequency threshold 5%), the main domain name The domain name is added to the malicious domain name database corresponding to the contact number.

Under normal circumstances, the short messages with malicious URLs sent by lawbreakers pretending to be service numbers through fake base stations and other methods only occupy a small part of all the short messages with URLs corresponding to the service number, and most of the others carry URLs. URLs in text messages from are all secure URLs. In the method shown in the embodiment of the present disclosure, for a certain contact number, the frequency of occurrence of the main domain name of the website in each short message corresponding to the contact number is counted, and when a certain main domain name appears frequently, then confirm The main domain name is a safe domain name. If the frequency of occurrence of the main domain name is very small, it is confirmed that the main domain name is a malicious domain name, so as to achieve the effect of automatically and quickly generating a safe name database and a malicious domain name database corresponding to the contact number.

In step 402 and step 403, the second frequency threshold is less than or equal to the first frequency threshold.

In step 404, the server provides the safe domain name database and the malicious domain name database to the terminal, and the terminal receives the safe domain name database and the malicious domain name database.

Optionally, after the server provides the secure domain name database and the malicious domain name database to the terminal, it may also periodically provide the terminal with an update service for the secure domain name database and the malicious domain name database, so as to update the secure domain name database and the malicious domain name database in the terminal in a timely manner. renew.

Optionally, the above step 402 and step 403 may also be executed by the terminal. For example, the server may send the frequency of occurrence of the main domain name of each website in each short message carrying the website address corresponding to the contact number to the terminal, and the terminal shall, among the main domain names of each website, the frequency of occurrence of the main domain name greater than the first frequency threshold The domain name is added to the secure domain name database corresponding to the contact number; among the main domain names of each website, the main domain name whose occurrence frequency is not greater than the second frequency threshold is added to the malicious domain name database corresponding to the contact number. Optionally, in this case, the first frequency threshold or the second frequency threshold may be set by the user in the terminal.

In step 405, the terminal receives the short message corresponding to the contact number and carrying the website, and extracts the primary domain name of the website in the short message.

The terminal can extract the main domain name of the URL in the short message carrying the URL corresponding to the contact number according to a standard regular expression.

In step 406, the terminal detects whether the primary domain name in the website exists in the secure domain name database corresponding to the contact number of the short message.

When the terminal executes this step, it can query and acquire the security domain name database corresponding to the contact number of the SMS provided by the server and stored locally, and retrieve the primary domain name extracted in step 405 from the security domain name database. If the primary domain name is retrieved in the domain name database, then confirm that the primary domain name in the URL exists in the security domain name database corresponding to the contact number of the SMS message detected; otherwise, confirm that the security domain name database corresponding to the contact number of the SMS message is detected The primary domain name in this URL does not exist.

In step 407, when the detection result is that the primary domain name does not exist in the security database, the terminal detects whether the primary domain name exists in the malicious domain name database corresponding to the contact number of the short message.

The detection process is similar to the process in step 406 . When the terminal executes step 407, it can query and acquire the malicious domain name database corresponding to the contact number of the short message provided by the server and stored locally, and retrieve the URL in the short message extracted in step 405 from the above malicious domain name database. primary domain name for .

In step 408, when the primary domain name exists in the malicious domain name database, the terminal processes the short message according to the first processing manner.

The first processing method may include at least one of the following four processing methods:

1) A first prompt message is displayed on the incoming mail reminder interface, and the first prompt message is used to prompt that a short message containing a malicious URL is received.

Please refer to FIG. 5 , which is a schematic diagram of a reminder interface provided based on the embodiment shown in FIG. 4 . In FIG. 5 , the dialog box 51 is used to display the first prompt message, which may be a reminder text similar to "the new information contains a suspected fraudulent URL"; optionally, the reminder interface may also include a delete button 52 and a view button 53, the delete button 52 is used to delete the short message containing the main domain name in the malicious domain name address library, and the view button 53 is used to open the short message containing the website address of the main domain name present in the malicious domain name address library.

2) Move the short message to a designated group.

When the terminal has the primary domain name in the malicious domain name database, it will move the text message to a designated group. The designated group can be a text message group such as "suspected fraudulent text message", and the user cannot open it directly like opening a normal text message.

3) When an operation of viewing the content of the short message is detected, displaying second prompt information, the second prompt information is used to prompt that the short message contains a malicious URL.

Please refer to FIG. 6 , which is a schematic diagram of an operation interface provided based on the embodiment shown in FIG. 4 . In FIG. 6 , the dialog box 61 is used to display the second prompt message. When the user's finger 62 clicks on the location 63 of the short message, it is equivalent to the operation of viewing the content of the short message. The dialog box 61 displays a second prompt message, and the second prompt message may be a prompt text similar to "This information contains a suspected fraudulent URL, do you still want to open it?".

4) When an access operation to the URL is detected, the browser is prohibited from being invoked.

Please refer to FIG. 7 , which is a schematic diagram of another operation interface provided based on the embodiment shown in FIG. 4 . In FIG. 7 , when the user's finger 71 clicks on the malicious website in the text message, the terminal detects that the website is accessed, that is, the terminal is prohibited from invoking the browser to access the website. Optionally, the dialog box 72 may display a warning text similar to "This URL is a fraudulent URL, and access has been stopped".

In step 409, when the primary domain name does not exist in the malicious domain name database, the terminal processes the short message according to the second processing manner.

When an access operation to the website is detected, a third prompt message is displayed, and the third prompt message is used to prompt whether to determine to visit the website.

Please refer to FIG. 8 , which is a schematic diagram of another operation interface provided based on the embodiment shown in FIG. 4 . In Fig. 8, when the user clicks the URL in the short message with finger 81, the terminal detects that the URL is accessed, and a dialog box 82 may display something like "The website boco.cn/index you are trying to visit may be risky, confirm to continue ?” reminder text. The access button 83 is used to receive the user's confirmation operation and call the browser to open the website, and the cancel button 84 is used to cancel the operation of calling the browser.

To sum up, the embodiment of the present disclosure provides a method for processing a short message carrying a website address. When a terminal receives a short message carrying a website address, the terminal locally detects whether there is such a message in the secure domain name database corresponding to the contact number of the short message. The main domain name in the website, when the detection result is that the main domain name does not exist in the security database, the short message is scheduled to be processed. Compared with the main domain name, as long as the main domain name of the URL does not exist in the security domain name database, the SMS will be preset, which improves the security of opening the URL in the SMS and reduces the risk of users clicking on malicious URLs in the SMS. risk of property damage or information leakage.

In addition, the method provided by the embodiment of the present disclosure detects whether the main domain name of the website in the short message exists in the malicious domain name website when performing predetermined processing on the short message, and performs different processing according to the detection results, and performs different processing according to different risks. Provide a variety of processing methods to improve the processing effect on SMS containing risky URLs.

Fig. 9 is a flow chart showing a method for processing a short message carrying a website address according to yet another exemplary embodiment. The method can be applied to the server 110 and the terminal 120 in the implementation environment shown in FIG. 1 . The method may include the following steps.

In step 901, the server collects each short message carrying a website address corresponding to a contact number, counts and obtains the occurrence frequency of the primary domain name of each website in each short message carrying a website address corresponding to the contact number.

In step 902, the server adds, among the main domain names of each website, the main domain names whose occurrence frequency is greater than the first frequency threshold into the security domain name database corresponding to the contact number.

In step 903, the server adds the main domain names whose occurrence frequency is not greater than the second frequency threshold among the main domain names of each website into the malicious domain name database corresponding to the contact number.

For the relevant execution process of steps 901 to 903, please refer to the content in steps 401 to 403, and will not be repeated here.

In step 904, the terminal receives the short message corresponding to the contact number and carrying the URL, and sends a first detection request to the server. The first detection request is used to request the server to detect the security domain name database corresponding to the contact number of the short message. Whether there is a primary domain name in the URL.

Wherein, the first detection request may carry the contact number and the short message content; or, the first detection request may also carry the contact number and the URL in the short message; or, the first detection request may also carry The contact number and the main domain name of the URL in the short message can be carried.

In step 905, the server detects whether the primary domain name in the website exists in the secure domain name database corresponding to the contact number of the short message according to the detection request.

After the server extracts the contact number and the primary domain name from the information carried in the first detection request, it queries the security domain name database corresponding to the contact number of the short message, and retrieves the primary domain name from the query security domain name database, if If the primary domain name is retrieved in the secure domain name database, then confirm that the primary domain name in the website exists in the secure domain name database corresponding to the contact number of the SMS, otherwise, confirm that the security domain name corresponding to the contact number of the SMS is detected The primary domain at this URL does not exist in the database.

In step 906, the server returns the detection result of the first detection request to the terminal, and the terminal receives the detection result of the first detection request.

The server returns the detection result of the first detection request obtained through the detection in step 905 to the terminal.

In step 907, when the detection result is that the primary domain name does not exist in the security database, the terminal sends a second detection request to the server, and the second detection request is used to request the server to detect the malicious domain name database corresponding to the contact number of the SMS Whether the primary domain name exists in .

Optionally, the terminal may not perform step 907, and directly perform step 908 below when the server detects that the primary domain name does not exist in the security database.

In step 908, the server detects whether the primary domain name exists in the malicious domain name database corresponding to the contact number of the short message according to the second detection request.

The method for the server to detect whether the primary domain name exists in the malicious domain name database corresponding to the contact number of the short message is similar to the method for detecting whether the primary domain name exists in the secure domain name database in step 905 above, and will not be repeated here.

In step 909, the server returns the detection result of the second detection request to the terminal, and the terminal receives the detection result of the second detection request.

Optionally, if the terminal does not perform step 907, but the server directly performs step 908 when it detects that the primary domain name does not exist in the security database, the server may send the detection result of step 908 together with the detection result in step 905 to the terminal.

In step 910, when the primary domain name exists in the malicious domain name database, the terminal processes the short message in a first processing manner.

The first processing method may include: 1) displaying a first prompt message in the incoming mail reminder interface, the first prompt message is used to prompt that a short message containing a malicious URL is received; 2) moving the short message to a designated group; 3) when the detected When the operation of viewing the content of the short message is reached, a second prompt message is displayed, and the second prompt message is used to prompt that the short message contains a malicious website; 4) when an access operation to the website is detected, calling the browser is prohibited.

For the implementation methods of the above four first processing modes 1), 2), 3) and 4), please refer to step 308 and related content in FIGS. 5-7 , which will not be repeated here.

In step 911, when the primary domain name does not exist in the malicious domain name database, the terminal processes the short message in a second processing manner.

For the execution method of step 911, refer to the execution method in step 409, and for the related interface diagram during execution, refer to FIG. 8 , which will not be further discussed here.

To sum up, the embodiment of the present disclosure provides a method for processing a short message carrying a website address. When a terminal receives a short message carrying a website address, the terminal requests the server to detect whether the security domain name database corresponding to the contact number of the short message exists. The main domain name in the website, when the detection result is that the main domain name does not exist in the security database, the short message is scheduled to be processed. Compared with the main domain name, as long as the main domain name of the URL does not exist in the security domain name database, the SMS will be preset, which improves the security of opening the URL in the SMS and reduces the risk of users clicking on malicious URLs in the SMS. risk of property damage or information leakage.

In addition, the method provided by the embodiment of the present disclosure detects whether the main domain name of the website in the short message exists in the malicious domain name website when performing predetermined processing on the short message, and performs different processing according to the detection results, and performs different processing according to different risks. Provide a variety of processing methods to improve the processing effect on SMS containing risky URLs.

Fig. 10 is a block diagram of an apparatus for processing short messages carrying URLs according to an exemplary embodiment. The apparatus may realize all or part of the terminal 120 by means of a hardware circuit or a combination of software and hardware. The device may include: an acquisition module 1001, a detection module 1002, and a processing module 1003;

The obtaining module 1001 is configured to obtain, when receiving a short message carrying a website address, a secure domain name database provided by the server and corresponding to the contact number of the short message;

The detection module 1002 is configured to detect whether the primary domain name in the website exists in the secure domain name database;

The processing module 1003 is configured to perform predetermined processing on the short message when the detection result is that the primary domain name does not exist in the security database.

To sum up, the embodiment of the present disclosure provides a short message processing device carrying a website address. When a terminal receives a short message carrying a website address, the terminal locally detects whether there is such a message in the secure domain name database corresponding to the contact number of the short message. The main domain name in the website, when the detection result is that the main domain name does not exist in the security database, the short message is scheduled to be processed. Compared with the main domain name, as long as the main domain name of the URL does not exist in the security domain name database, the SMS will be preset, which improves the security of opening the URL in the SMS and reduces the risk of users clicking on malicious URLs in the SMS. risk of property damage or information leakage.

Fig. 11 is a block diagram of an apparatus for processing short messages carrying URLs according to another exemplary embodiment. The apparatus may realize all or part of the terminal 120 by means of a hardware circuit or a combination of software and hardware. The device may include: an acquisition module 1001, a detection module 1002, and a processing module 1003;

The obtaining module 1001 is configured to obtain, when receiving a short message carrying a website address, a secure domain name database provided by the server and corresponding to the contact number of the short message;

The detection module 1002 is configured to detect whether the primary domain name in the website exists in the secure domain name database;

The processing module 1003 is configured to perform predetermined processing on the short message when the detection result is that the primary domain name does not exist in the security database.

Optionally, the processing module 1003 includes:

The obtaining submodule 1003a is configured to obtain the malicious domain name database provided by the server and corresponding to the contact number of the short message;

The detection submodule 1003b is configured to detect whether the primary domain name exists in the malicious domain name database;

The first processing sub-module 1003c is configured to process the short message in a first processing manner when the primary domain name exists in the malicious domain name database;

The second processing sub-module 1003d is configured to process the short message in a second processing manner when the primary domain name does not exist in the malicious domain name database.

Optionally, the first processing submodule 1003c is configured to process the short message according to at least one of the following processing methods:

Displaying a first prompt message in the incoming letter reminder interface, the first prompt message is used to prompt that a short message containing a malicious URL is received;

Move the short message to a designated group;

When an operation of viewing the content of the short message is detected, displaying second prompt information, the second prompt information is used to prompt that the short message contains a malicious URL;

When an access operation to said URL is detected, the browser is prohibited from being invoked.

Optionally, the second processing submodule 1003d is configured to display third prompt information when an access operation to the website is detected, and the third prompt information is used to prompt whether to determine to visit the website. URL.

To sum up, the embodiment of the present disclosure provides a short message processing device carrying a website address. When a terminal receives a short message carrying a website address, the terminal locally detects whether there is such a message in the secure domain name database corresponding to the contact number of the short message. The main domain name in the website, when the detection result is that the main domain name does not exist in the security database, the short message is scheduled to be processed. Compared with the main domain name, as long as the main domain name of the URL does not exist in the security domain name database, the SMS will be preset, which improves the security of opening the URL in the SMS and reduces the risk of users clicking on malicious URLs in the SMS. risk of property damage or information leakage.

In addition, the device provided by the embodiment of the present disclosure detects whether the main domain name of the website in the short message exists in the malicious domain name website when performing predetermined processing on the short message, and performs different processing according to the detection results, and performs different processing according to different risks. Provide a variety of processing methods to improve the processing effect on SMS containing risky URLs.

Fig. 12 is a block diagram of an apparatus for processing short messages carrying URLs according to an exemplary embodiment. The apparatus may implement all or part of the server 110 by means of a hardware circuit or a combination of software and hardware. The apparatus may include: a first generating module 1201 and a first providing module 1202;

The first generating module 1201 is configured to generate a secure domain name database corresponding to a contact number;

The first providing module 1202 is configured to provide the secure domain name database to the terminal, so that the terminal receives the short message corresponding to the contact number and carries the URL, and detects that the domain name in the secure database is When the primary domain name of the website does not exist, predetermined processing is performed on the short message.

To sum up, the embodiment of the present disclosure provides a short message processing device carrying a website address. The server generates a secure domain name database corresponding to the contact number and provides it to the terminal. When sending a short message, the terminal detects whether the main domain name in the website exists in the security domain name database corresponding to the contact number of the short message. A secure domain name database is set in advance, and the primary domain name of the URL in the SMS is compared with the primary domain name in the secure domain name database. As long as the primary domain name of the URL does not exist in the secure domain name database, the SMS will be preset. The security of opening the URL in the text message is improved, and the risk of property loss or information leakage caused by the user clicking a malicious URL in the text message is reduced.

Fig. 13 is a block diagram of an apparatus for processing short messages carrying URLs according to another exemplary embodiment. The apparatus may implement all or part of the server 110 by means of a hardware circuit or a combination of software and hardware. The apparatus may include: a first generating module 1201 and a first providing module 1202;

The first generating module 1201 is configured to generate a secure domain name database corresponding to a contact number;

The first providing module 1202 is configured to provide the secure domain name database to the terminal, so that the terminal receives the short message corresponding to the contact number and carries the URL, and detects that the domain name in the secure database is When the primary domain name of the website does not exist, predetermined processing is performed on the short message.

Optionally, the device further includes: a second generating module 1203 and a second providing module 1204;

The second generating module 1203 is configured to generate a malicious domain name database corresponding to the contact number;

The second providing module 1204 is configured to provide the malicious domain name database to the terminal.

Optionally, the first generating module 1201 includes:

The frequency obtaining sub-module 1201a is configured to obtain the frequency of occurrence of the main domain name of each website in each short message carrying a website corresponding to the contact number;

The adding sub-module 1201b is configured to add, among the main domain names of each website, the main domain names whose occurrence frequency is greater than the first frequency threshold to the security domain name database corresponding to the contact number.

Optionally, the second generating module 1203 is configured to add the main domain names whose frequency of occurrence is not greater than the second frequency threshold among the main domain names of each website to the malicious domain name database corresponding to the contact number ;

Wherein, the second frequency threshold is less than or equal to the first frequency threshold.

To sum up, the embodiment of the present disclosure provides a short message processing device carrying a website address. The server generates a secure domain name database corresponding to the contact number and provides it to the terminal. When sending a short message, the terminal detects whether the main domain name in the website exists in the security domain name database corresponding to the contact number of the short message. A secure domain name database is set in advance, and the primary domain name of the URL in the SMS is compared with the primary domain name in the secure domain name database. As long as the primary domain name of the URL does not exist in the secure domain name database, the SMS will be preset. The security of opening the URL in the text message is improved, and the risk of property loss or information leakage caused by the user clicking a malicious URL in the text message is reduced.

In addition, in the method provided by the embodiment of the present disclosure, for a certain contact number, the frequency of occurrence of the main domain name of the website in each text message corresponding to the contact number is counted. When a certain main domain name appears frequently, then Confirm that the main domain name is a safe domain name. If the frequency of occurrence of the main domain name is very small, then confirm that the main domain name is a malicious domain name, so as to achieve the effect of automatically and quickly generating a safe name database and a malicious domain name database corresponding to the contact number.

The implementation example of the present disclosure also provides a short message processing device carrying a website address, capable of implementing the method for processing a short message carrying a website address provided in the embodiment of the present disclosure. The apparatus may be used in the server 110 or the terminal 120 in the implementation environment shown in FIG. 1 above. The device includes: a processor, and a memory for storing executable instructions of the processor.

Wherein, when the device is used in the terminal 120 in the implementation environment shown in FIG. 1 above, the processor is configured to:

When receiving a short message carrying a website address, obtain the security domain name database provided by the server and corresponding to the contact number of the short message;

Detecting whether the primary domain name in the website exists in the secure domain name database;

When the detection result is that the primary domain name does not exist in the security database, predetermined processing is performed on the short message.

Optionally, when the detection result is that the primary domain name does not exist in the security database, performing predetermined processing on the short message includes:

Obtaining the malicious domain name database provided by the server and corresponding to the contact number of the short message;

Detecting whether the primary domain name exists in the malicious domain name database;

When the primary domain name exists in the malicious domain name database, process the short message according to the first processing method;

When the primary domain name does not exist in the malicious domain name database, the short message is processed in a second processing manner.

Optionally, the processing of the short message according to the first processing method includes:

Process the short message according to at least one of the following processing methods:

Displaying a first prompt message in the incoming letter reminder interface, the first prompt message is used to prompt that a short message containing a malicious URL is received;

Move the short message to a designated group;

When an operation of viewing the content of the short message is detected, displaying second prompt information, the second prompt information is used to prompt that the short message contains a malicious URL;

Alternatively, when an access operation to the URL is detected, calling the browser is prohibited.

Optionally, the processing of the short message according to the second processing method includes:

When an access operation to the website is detected, third prompt information is displayed, and the third prompt information is used to prompt whether to determine to visit the website.

When the device is used in the server 110 in the implementation environment shown in FIG. 1 above, the processor is configured to:

Generate a secure domain name database corresponding to the contact number;

The secure domain name database is provided to the terminal, so that when the terminal receives the short message corresponding to the contact number and carries the website address, and detects that the primary domain name of the website does not exist in the security database, The short message is scheduled to be processed.

Optionally, the processor is also configured to:

generating a malicious domain name database corresponding to the contact number;

The malicious domain name database is provided to the terminal.

Optionally, the generating a security domain name database corresponding to a contact number includes:

Acquiring the frequency of occurrence of the main domain name of each website in each text message carrying a website corresponding to the contact number;

Among the primary domain names of the respective websites, the primary domain names whose occurrence frequency is greater than the first frequency threshold are added to the security domain name database corresponding to the contact number.

Optionally, the generating the malicious domain name database corresponding to the contact number includes:

Adding the main domain names whose frequency of occurrence is not greater than the second frequency threshold among the main domain names of the respective URLs to the malicious domain name database corresponding to the contact number;

Wherein, the second frequency threshold is less than or equal to the first frequency threshold.

It should be noted that when the device provided by the above embodiment realizes its functions, it only uses the division of the above-mentioned functional modules as an example for illustration. In practical applications, the above-mentioned function allocation can be completed by different functional modules according to actual needs. That is, the content structure of the device is divided into different functional modules to complete all or part of the functions described above.

Regarding the apparatus in the foregoing embodiments, the specific manner in which each module executes operations has been described in detail in the embodiments related to the method, and will not be described in detail here.

Fig. 14 is a block diagram of an apparatus 1400 according to an exemplary embodiment. For example, the apparatus 1400 may be electronic equipment such as a smart phone, a wearable device, a smart TV, and a vehicle terminal.

14, device 1400 may include one or more of the following components: processing component 1402, memory 1404, power supply component 1406, multimedia component 1408, audio component 1410, input/output (I/O) interface 1412, sensor component 1414, and communication component 1416 .

The processing component 1402 generally controls the overall operations of the device 1400, such as those associated with display, telephone calls, data communications, camera operations, and recording operations. The processing component 1402 may include one or more processors 1420 to execute instructions to complete all or part of the steps of the above method. Additionally, processing component 1402 may include one or more modules that facilitate interaction between processing component 1402 and other components. For example, processing component 1402 may include a multimedia module to facilitate interaction between multimedia component 1408 and processing component 1402 .

The memory 1404 is configured to store various types of data to support operations at the device 1400 . Examples of such data include instructions for any application or method operating on device 1400, contact data, phonebook data, messages, pictures, videos, and the like. The memory 1404 can be implemented by any type of volatile or non-volatile storage device or their combination, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable Programmable Read Only Memory (EPROM), Programmable Read Only Memory (PROM), Read Only Memory (ROM), Magnetic Memory, Flash Memory, Magnetic or Optical Disk.

The power supply component 1406 provides power to various components of the device 1400 . Power components 1406 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for device 1400 .

The multimedia component 1408 includes a screen that provides an output interface between the device 1400 and the user. In some embodiments, the screen may include a liquid crystal display (LCD) and a touch panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive input signals from a user. The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensor may not only sense a boundary of a touch or a swipe action, but also detect duration and pressure associated with the touch or swipe operation. In some embodiments, the multimedia component 1408 includes a front camera and/or a rear camera. When the device 1400 is in an operation mode, such as a shooting mode or a video mode, the front camera and/or the rear camera can receive external multimedia data. Each front camera and rear camera can be a fixed optical lens system or have focal length and optical zoom capability.

The audio component 1410 is configured to output and/or input audio signals. For example, the audio component 1410 includes a microphone (MIC), which is configured to receive external audio signals when the device 1400 is in operation modes, such as call mode, recording mode and voice recognition mode. Received audio signals may be further stored in memory 1404 or sent via communication component 1416 . In some embodiments, the audio component 1410 also includes a speaker for outputting audio signals.

The I/O interface 1412 provides an interface between the processing component 1402 and a peripheral interface module, which may be a keyboard, a click wheel, a button, and the like. These buttons may include, but are not limited to: a home button, volume buttons, start button, and lock button.

Sensor assembly 1414 includes one or more sensors for providing various aspects of status assessment for device 1400 . For example, the sensor component 1414 can detect the open/closed state of the device 1400, the relative positioning of components, such as the display and keypad of the device 1400, the sensor component 1414 can also detect a change in the position of the device 1400 or a component of the device 1400, the user Presence or absence of contact with device 1400 , device 1400 orientation or acceleration/deceleration and temperature change of device 1400 . Sensor assembly 1414 may include a proximity sensor configured to detect the presence of nearby objects in the absence of any physical contact. Sensor assembly 1414 may also include optical sensors, such as CMOS or CCD image sensors, for use in imaging applications. In some embodiments, the sensor component 1414 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor or a temperature sensor.

The communication component 1416 is configured to facilitate wired or wireless communication between the apparatus 1400 and other devices. The device 1400 can access a wireless network based on a communication standard, such as WiFi, 2G, 3G or 4G, or a combination thereof. In one exemplary embodiment, the communication component 1416 receives broadcast signals or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 1416 also includes a near field communication (NFC) module to facilitate short-range communication. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, Infrared Data Association (IrDA) technology, Ultra Wide Band (UWB) technology, Bluetooth (BT) technology and other technologies.

In an exemplary embodiment, apparatus 1400 may be programmed by one or more application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable A gate array (FPGA), controller, microcontroller, microprocessor or other electronic component implementation for performing the methods described above.

In an exemplary embodiment, there is also provided a non-transitory computer-readable storage medium including instructions, such as the memory 1404 including instructions, which can be executed by the processor 1420 of the device 1400 to implement the above method. For example, the non-transitory computer readable storage medium may be ROM, random access memory (RAM), CD-ROM, magnetic tape, floppy disk, optical data storage device, and the like.

A non-transitory computer-readable storage medium, when the instructions in the storage medium are executed by the processor of the device 1400, the device 1400 can execute the above method for processing short messages carrying URLs executed by the terminal.

Fig. 15 is a block diagram of an apparatus 1500 according to an exemplary embodiment. For example, the apparatus 1500 may be provided as a server. 15, apparatus 1500 includes processing component 1522, which further includes one or more processors, and a memory resource represented by memory 1532 for storing instructions executable by processing component 1522, such as application programs. The application programs stored in memory 1532 may include one or more modules each corresponding to a set of instructions. In addition, the processing component 1522 is configured to execute instructions, so as to execute the above-mentioned method for processing short messages carrying URLs executed by the server.

Device 1500 may also include a power component 1526 configured to perform power management of device 1500 , a wired or wireless network interface 1550 configured to connect device 1500 to a network, and an input-output (I/O) interface 1558 . The apparatus 1500 can operate based on an operating system stored in the memory 1532, such as Windows Server™, MacOS X™, Unix™, Linux™, FreeBSD™ or the like.

Other embodiments of the present disclosure will be readily apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any modification, use or adaptation of the present disclosure, and these modifications, uses or adaptations follow the general principles of the present disclosure and include common knowledge or conventional technical means in the technical field not disclosed in the present disclosure . The specification and examples are to be considered exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

It should be understood that the present disclosure is not limited to the precise constructions which have been described above and shown in the drawings, and various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims (18)

1. a kind of SMS processing method for carrying network address, which is characterized in that the described method includes:

When receiving the short message for carrying network address, the corresponding peace of contact number of the short message that server provides, described is obtained Universe name database；

It detects in the secure domain name database with the presence or absence of the Main Domain in the network address；

When testing result is that the Main Domain is not present in the safety database, predetermined process is carried out to the short message；

The secure domain name database obtains in the following manner:

It obtains in the short message of the corresponding each item carrying network address of the contact number, the frequency of occurrence of the Main Domain of each network address；

By in the Main Domain of each network address, the Main Domain that frequency of occurrence is greater than the first frequency threshold value is added into the contact person The corresponding secure domain name database of number.

2. the method according to claim 1, wherein described when testing result is not deposit in the safety database In the Main Domain, predetermined process is carried out to the short message, comprising:

Obtain the corresponding malice dns database of contact number of the short message that server provides, described；

It detects in the malice dns database with the presence or absence of the Main Domain；

When in the malice dns database there are when the Main Domain, according to the first processing mode to the short message at Reason；

When in the malice dns database be not present the Main Domain when, according to second processing mode to the short message at Reason.

3. according to the method described in claim 2, it is characterized in that, it is described according to the first processing mode to the short message at Reason, comprising:

The short message is handled according at least one of following processing mode:

It is reminded in letter and shows the first prompting message in interface, first prompting message is received for prompting comprising malice net The short message of location；

The short message is moved to designated packet；

When detecting the operation for checking the content of the short message, show that the second prompt information, second prompt information are used for It prompts in the short message comprising malice network address；

Alternatively, forbidding calling browser when detecting the access operation to the network address.

4. according to the method described in claim 2, it is characterized in that, it is described according to second processing mode to the short message at Reason, comprising:

When detecting the access operation to the network address, third prompt information is shown, the third prompt information is for prompting Whether the access network address is determined.

5. a kind of SMS processing method for carrying network address, which is characterized in that the described method includes:

It obtains in the short message of the corresponding each item carrying network address of contact number, the frequency of occurrence of the Main Domain of each network address；

By in the Main Domain of each network address, the Main Domain that frequency of occurrence is greater than the first frequency threshold value is added into the contact person The corresponding secure domain name database of number；

The secure domain name database is supplied to terminal so that the terminal receive the contact number it is corresponding, When carrying the short message of network address, and detecting that the Main Domain of the network address is not present in the safety database, to the short message Carry out predetermined process.

6. according to the method described in claim 5, it is characterized in that, the method also includes:

Generate the corresponding malice dns database of the contact number；

The malice dns database is supplied to the terminal.

7. according to the method described in claim 6, it is characterized in that, described generate the corresponding malice domain name of the contact number Database, comprising:

By in the Main Domain of each network address, frequency of occurrence is added into the connection no more than the Main Domain of the second frequency threshold value The corresponding malice dns database of people's number；

Wherein, second frequency threshold value is less than or equal to first frequency threshold value.

8. a kind of short message processing device for carrying network address, which is characterized in that described device includes:

Module is obtained, for when receiving the short message for carrying network address, obtaining the contact person of the short message that server provides, described The corresponding secure domain name database of number；

Detection module, for detecting in the secure domain name database with the presence or absence of the Main Domain in the network address；

Processing module, for when testing result be the safety database in be not present the Main Domain when, to the short message into Row predetermined process；

The secure domain name database obtains in the following manner:

It obtains in the short message of the corresponding each item carrying network address of the contact number, the frequency of occurrence of the Main Domain of each network address；

By in the Main Domain of each network address, the Main Domain that frequency of occurrence is greater than the first frequency threshold value is added into the contact person The corresponding secure domain name database of number.

9. device according to claim 8, which is characterized in that the processing module, comprising:

Acquisition submodule, for obtaining the corresponding malice dns database of contact number of the short message that server provides, described；

Detection sub-module, for detecting in the malice dns database with the presence or absence of the Main Domain；

First processing submodule, for when in the malice dns database there are when the Main Domain, according to the first processing side Formula handles the short message；

Second processing submodule is used for when the Main Domain is not present in the malice dns database, according to second processing Mode handles the short message.

10. device according to claim 9, which is characterized in that the first processing submodule, for according to following processing At least one of mode handles the short message:

It is reminded in letter and shows the first prompting message in interface, first prompting message is received for prompting comprising malice net The short message of location；

The short message is moved to designated packet；

When detecting the operation for checking the content of the short message, show that the second prompt information, second prompt information are used for It prompts in the short message comprising malice network address；

When detecting the access operation to the network address, forbid calling browser.

11. device according to claim 9, which is characterized in that

The second processing submodule, for showing third prompt information, institute when detecting the access operation to the network address State third prompt information for prompt whether determine and access the network address.

12. a kind of short message processing device for carrying network address, which is characterized in that described device includes:

First generation module, for generating the corresponding secure domain name database of a contact number；

First provides module, for the secure domain name database to be supplied to terminal so that the terminal receive it is described Contact number is corresponding, carries the short message of network address, and detects the master that the network address is not present in the safety database When domain name, predetermined process is carried out to the short message；

Wherein, first generation module, comprising:

Frequency acquisition submodule carries in the short message of network address, the master of each network address for obtaining the corresponding each item of contact number The frequency of occurrence of domain name；

Submodule is added, for by the Main Domain of each network address, frequency of occurrence to be greater than the Main Domain of the first frequency threshold value It is added into the corresponding secure domain name database of the contact number.

13. device according to claim 11, which is characterized in that described device further include:

Second generation module, for generating the corresponding malice dns database of the contact number；

Second provides module, for the malice dns database to be supplied to terminal.

14. device according to claim 13, which is characterized in that

Second generation module, for by the Main Domain of each network address, frequency of occurrence to be not more than the second frequency threshold value Main Domain be added into the corresponding malice dns database of the contact number；

Wherein, second frequency threshold value is less than or equal to first frequency threshold value.

15. a kind of short message processing device for carrying network address, which is characterized in that described device includes:

Processor；

For storing the memory of the executable instruction of the processor；

Wherein, processor is matched and is set as:

When receiving the short message for carrying network address, the corresponding peace of contact number of the short message that server provides, described is obtained Universe name database；

It detects in the secure domain name database with the presence or absence of the Main Domain in the network address；

When testing result is that the Main Domain is not present in the safety database, predetermined process is carried out to the short message；

The secure domain name database obtains in the following manner:

It obtains in the short message of the corresponding each item carrying network address of the contact number, the frequency of occurrence of the Main Domain of each network address；

By in the Main Domain of each network address, the Main Domain that frequency of occurrence is greater than the first frequency threshold value is added into the contact person The corresponding secure domain name database of number.

16. a kind of short message processing device for carrying network address, which is characterized in that described device includes:

Processor；

For storing the memory of the executable instruction of the processor；

Wherein, processor is matched and is set as:

It obtains in the short message of the corresponding each item carrying network address of contact number, the frequency of occurrence of the Main Domain of each network address；

By in the Main Domain of each network address, the Main Domain that frequency of occurrence is greater than the first frequency threshold value is added into the contact person The corresponding secure domain name database of number；

The secure domain name database is supplied to terminal so that the terminal receive the contact number it is corresponding, When carrying the short message of network address, and detecting that the Main Domain of the network address is not present in the safety database, to the short message Carry out predetermined process.

17. a kind of computer readable storage medium, which is characterized in that the computer readable storage medium includes at least one finger It enables, when at least one instruction is executed by processor, perform claim is required at the described in any item short messages for carrying network address of 1-4 Reason method.

18. a kind of computer readable storage medium, which is characterized in that the computer readable storage medium includes at least one finger It enables, when at least one instruction is executed by processor, perform claim is required at the described in any item short messages for carrying network address of 5-7 Reason method.