CN106603575B - Network side-based active internet surfing safety detection and real-time reminding method, device and system - Google Patents
Network side-based active internet surfing safety detection and real-time reminding method, device and system Download PDFInfo
- Publication number
- CN106603575B CN106603575B CN201710065316.2A CN201710065316A CN106603575B CN 106603575 B CN106603575 B CN 106603575B CN 201710065316 A CN201710065316 A CN 201710065316A CN 106603575 B CN106603575 B CN 106603575B
- Authority
- CN
- China
- Prior art keywords
- address
- target server
- user
- instruction
- content
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 32
- 238000000034 method Methods 0.000 title claims abstract description 25
- 230000006798 recombination Effects 0.000 claims abstract description 16
- 238000005215 recombination Methods 0.000 claims abstract description 16
- 230000006870 function Effects 0.000 claims description 24
- 230000008521 reorganization Effects 0.000 claims description 14
- 230000004044 response Effects 0.000 claims description 11
- 241000700605 Viruses Species 0.000 abstract description 18
- 230000008569 process Effects 0.000 abstract description 3
- 238000004458 analytical method Methods 0.000 abstract description 2
- 230000000694 effects Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000007667 floating Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000005206 flow analysis Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 239000002904 solvent Substances 0.000 description 1
- 238000004611 spectroscopical analysis Methods 0.000 description 1
- 230000003442 weekly effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a network side-based active detection and real-time reminding method, device and system for internet surfing safety, and relates to the technical field of network safety, wherein the method comprises the following steps: sending an HTTP request to a target server, and collecting the address of the target server; judging that the address meets a preset condition, and sending a first instruction to the user, wherein the first instruction comprises an HTTP200 service request success state and a page recombination JS; and the user acquires the reminding content and the content of the target server according to the first instruction. The technical scheme of the invention can carry out dynamic scanning and manual intervention analysis on malicious and virus websites, thereby achieving the effect of actively discovering and reminding whether the access content is safe or not in the internet surfing process of the user.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a network side-based active internet surfing security detection and real-time reminding method, device and system.
Background
At present, the active detection and reminding technology for internet access safety mainly comprises the following two technologies:
1. real-time tracking detection access website of browser built-in security scanning library
The method is characterized in that a virus and malicious website scanning library is built in a browser application, website accessed by a user in the browser is matched with the content in the library in real time, if a characteristic URL in the library is hit, the website security state is prompted in a browser interface, interception is carried out, the user can access more functions for continuously accessing the current website, otherwise, the user cannot see the browsed content, and the access is intercepted.
2. Safety software real-time tracking and monitoring access address safety state
The method is characterized in that security protection software is provided by a third-party application, the security protection software has the characteristic of being resident in a background of the smart phone, a browser of a user is monitored in real time to access records, when the user browses a page, the protection software matches with a security virus and malicious website feature library built in the security protection software according to a collected URL, a hit result is recorded, and the hit result is pushed or prompted to the user through an interface in a popup mode, and the function generally requires the software to acquire root authority of the smart phone.
With the rapid popularization of intelligent terminals, mobile applications are further enriched, and the selectivity of protection software of users in the aspect of safety is more and more, however, installing applications requires users to download, install and start corresponding functions, and the applications have the difficulty of cross-operating system function coverage, how to perform safety detection at the source of website access of users becomes an important research direction for solving the problems of application software installation cost, function starting power consumption, slow mobile phone speed caused by background resident applications and cross-platform compatibility.
Disclosure of Invention
The invention provides a method, a device and a system for actively detecting and reminding the access security based on the network side, which are used for actively finding and reminding whether the access content is safe or not in the internet surfing process of a user.
The technical scheme is as follows:
in a first aspect, an active detection and real-time reminding method for internet access security based on a network side is provided, which is characterized in that the method comprises:
sending an HTTP request to a target server, and collecting the address of the target server;
judging that the address meets a preset condition, and sending a first instruction to the user, wherein the first instruction comprises an HTTP200 service request success state and a page recombination JS;
and the user acquires the reminding content and the content of the target server according to the first instruction.
Preferably, the acquiring the address of the target server includes:
and collecting the address of the target server in a mirroring and/or light splitting mode.
Preferably, the determining that the address meets the preset condition, and sending the first instruction to the user includes:
comparing the address with malicious characteristics in a preset characteristic library;
and if the address is judged to be a malicious address, sending a first instruction to the user, wherein the period of the first instruction reaching the user is longer than the response period of the target server.
Preferably, the obtaining, by the user according to the first instruction, the reminding content and the content of the target server includes:
the user acquires reminding content according to the first address in the page recombination JS;
and the user acquires the content of the target server according to the second address in the page reorganization JS.
Preferably, the method further comprises:
and updating the preset feature library according to the judgment result of the address of the target server.
In a second aspect, an active detection and real-time reminding device for internet access security based on a network side is provided, which is characterized in that the device comprises:
the acquisition module is used for sending an HTTP request to a target server and acquiring the address of the target server;
the judging module is used for judging that the address meets the preset condition and sending a first instruction to the user, wherein the first instruction comprises an HTTP200 service request success state and a page recombination JS;
and the acquisition module is used for acquiring the reminding content and the content of the target server by the user according to the first instruction.
Preferably, the acquisition module is configured to:
and collecting the address of the target server in a mirroring and/or light splitting mode.
Preferably, the determination module is configured to:
comparing the address with malicious characteristics in a preset characteristic library;
and if the address is judged to be a malicious address, sending a first instruction to the user, wherein the period of the first instruction reaching the user is longer than the response period of the target server.
Preferably, the obtaining module is configured to:
the user acquires reminding content according to the first address in the page recombination JS;
and the user acquires the content of the target server according to the second address in the page reorganization JS.
Preferably, the apparatus further includes an updating module, configured to update the preset feature library according to a determination result of the address of the target server.
In a third aspect, an active detection and real-time reminding system for internet access security based on a network side is provided, which is characterized in that the system comprises: the system comprises a mobile terminal, a target server, a DPI and an aerial guard platform, wherein the system executes the following functions:
the mobile terminal sends an HTTP request to the target server, and the DPI acquires the address of the target server;
the DPI judges that the address meets a preset condition, and sends a first instruction to the mobile terminal, wherein the first instruction comprises an HTTP200 service request success state and a page recombination JS;
and the mobile terminal acquires the reminding content of the aerial guard platform and the content of the target server according to the first instruction.
Preferably, the DPI acquiring the address of the target server includes:
and the DPI acquires the address of the target server in a mirroring and/or light splitting mode.
Preferably, the DPI determines that the address meets a preset condition, and sending a first instruction to the mobile terminal includes:
comparing the address with malicious characteristics in a preset characteristic library;
and if the address is judged to be a malicious address, sending a first instruction to the user, wherein the period of the first instruction reaching the user is longer than the response period of the target server.
Preferably, the step of the mobile terminal obtaining the reminding content of the aerial guard platform and the content of the target server according to the first instruction comprises:
the user acquires reminding content according to the first address in the page recombination JS;
and the user acquires the content of the target server according to the second address in the page reorganization JS.
Preferably, the system also performs the following functions:
and updating the preset feature library according to the judgment result of the address of the target server.
The embodiment of the invention provides an online security active detection and real-time reminding method, device and system based on a network side. In addition, the safety guard platform can provide safety internet surfing protection service, can actively detect the internet surfing environment of a service user, block malicious access behaviors, provide safety of malicious websites (such as phishing websites, horse hanging websites, fake prize winning websites and the like), and simultaneously provide functions of online cloud searching and killing, mobile phone virus early warning, virus and malicious software infection detection and the like for the user, so that the user information identification, the flow deep analysis and the content access authority control of the mobile internet are realized.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of an active internet access security detection and real-time reminding method based on a network side according to a preferred embodiment of the present invention;
fig. 2 is a schematic structural diagram of an active internet access security detection and real-time reminding device based on a network side according to another preferred embodiment of the present invention;
fig. 3 is a schematic structural diagram of an active internet access security detection and real-time reminding system based on a network side according to another preferred embodiment of the present invention;
fig. 4 is a timing diagram of an active detection and real-time reminding system for internet access security based on a network side according to another preferred embodiment of the present invention;
fig. 5 is a schematic structural diagram of an aerial guard platform module in another preferred embodiment of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, in a preferred embodiment of the present invention, a network-side-based active internet access security detection and real-time reminding method is provided, where the method includes:
and S110, sending an HTTP request to the target server, and collecting the address of the target server.
The user accesses the internet and sends an HTTP request to the target server, and the request address at the moment is marked as URL A. And a data acquisition device is arranged between the user and the target server.
Specifically, after the user sends the URL a, the data acquisition device acquires corresponding data, that is, acquires the URL a address in a mirror image/light splitting manner. The manner of collecting the address data may adopt other manners, which are not described herein again.
And S120, judging that the address meets the preset condition, and sending a first instruction to the user, wherein the first instruction comprises an HTTP200 service request success state and a page reorganization JS.
After the data acquisition equipment acquires the request address URL A, whether the request address is a safe address or not is judged. In particular, the amount of the solvent to be used,
comparing the address with malicious characteristics in a preset characteristic library;
and if the address is judged to be a malicious address, sending a first instruction to the user, wherein the period of the first instruction reaching the user is greater than the response period of the target server.
The preset feature library is a virus and malicious website feature library, virus features and malicious website features are stored in the preset feature library in advance, and the virus and malicious website feature library in the preset feature library can be automatically updated and maintained. Specifically, the data update mechanism of the preset feature library is as follows:
submitting the collected addresses (URL addresses collected by the DIP and URL addresses in spam messages) to a malicious website API;
the malicious website API returns a detection result;
if the target website is safe, ending; if not, judging whether the website is in a preset feature library or not;
if the website is in the preset feature library, updating the activity of the website; and if the target website is not in the preset feature library, warehousing the target website.
The update mechanism is suitable for the situation that the update period is short, and particularly suitable for real-time update or daily update and the like. In the case of a longer update period, for example: weekly, the following update mechanism may be employed:
submitting URL address data in a preset feature library to a malicious website API;
the malicious website API returns a detection result;
if the target website is safe, deleting the record in the preset feature library; otherwise, ending.
The short-term and long-term updating of the preset feature library can accurately detect and judge the acquired address data, and the accuracy and the real-time performance of the technical scheme are improved.
And when the request address hits the virus and malicious website characteristics in the preset characteristic library, judging that the request address is a malicious address, namely sending a first instruction to the user. And the page reorganization JS in the first instruction comprises the original URLA requested by the user and the URL B of the air guard needing to be reminded. And because the response of the target server is later than that of the data acquisition equipment, when the first instruction sent by the data acquisition equipment reaches the user, the response of the target server is discarded by the user browser, and the user browser only receives and responds to the content of the first instruction.
By judging whether the acquired address data is a safe address or not, highly suspected programs and malicious websites can be monitored in real time, and the network safety is improved; the first instruction is sent to the user, certain manual intervention is carried out, the user is reminded whether the corresponding request address is safe, and the user can know the safe environment of the target address.
S130, the user obtains the reminding content and the content of the target server according to the first instruction.
Specifically, the user acquires the reminding content according to the first address in the page reorganization JS;
and the user acquires the content of the target server according to the second address in the page reorganization JS.
Wherein, the second address refers to an original URL A requested by a user, and the first address refers to an address URL B of an aerial guard. And reminding contents aiming at the target website can be acquired from the air guard through the URL B in the first address, so that the user is reminded of the safety of browsing the website.
The step of acquiring the reminding content by the user according to the first address in the page reorganization JS specifically comprises:
the user browser recombines the URL B in the JS according to the page to request the address of the aerial guard;
the aerial guard responds to the request and sends the reminding content to the user browser;
the reminding content is displayed in the forms of inserting windows, floating windows, pop windows and the like.
The reminding content can remind a user that the user needs to pay attention to the content when accessing the content according to the classification of viruses and malicious websites, and any text, picture or voice and the like playing a reminding role can be used as the reminding content to be presented at a browser end of the user.
The air guard is a modular device for detecting the website accessed by the user in real time and reminding whether the internet is safe or not, and can return reminding contents of whether the target website is safe or not according to the request of the user. In addition, after detecting the website accessed by the user, the aerial guard can block malicious access behaviors in time, and an online cloud searching and killing function is provided.
The step of acquiring the content of the target server by the user according to the second address in the page restructuring JS specifically includes:
the user browser requests a target server address according to the URL A in the page recombination JS;
the target server responds to the request and sends the content of the target server to the user browser;
the content of the target server is presented to the user.
The final purpose of the user to surf the internet is to access the content in the target server, and the target server can be accessed again after the user is detected to be safe according to the URL A.
According to the network side-based online security active detection and real-time reminding method provided by the embodiment of the invention, malicious and virus characteristic detection is carried out on the accessed website, so that functions of user information identification, deep flow analysis, content access right control and the like can be realized, and the security of the target website can be judged in time; by sending the reminding content to the user, the user can be reminded whether the target server to be accessed is safe or not, and unnecessary loss is avoided.
Referring to fig. 2, in another preferred embodiment of the present invention, an active detection and real-time reminding device for internet access security based on a network side is provided, and the device includes:
the collecting module 210 is configured to send an HTTP request to the target server, and collect an address of the target server.
The acquisition module 210 is disposed between the user and the target server so that HTTP requests sent by the user can be acquired by the acquisition module 210 before reaching the target server.
And the judging module 220 is configured to judge that the address meets the preset condition, and send a first instruction to the user, where the first instruction includes a successful HTTP200 service request state and the page reorganization JS.
The determination module 220 can detect the collected target address, determine whether the detected address is a safe address according to the detected address, and send a prompt instruction to the user if the detected address is an unsafe address.
The obtaining module 230 is configured to obtain the reminding content and the content of the target server according to the first instruction.
Optionally, the acquisition module 210 is specifically configured to:
and collecting the address of the target server in a mirroring and/or light splitting mode.
Optionally, the determining module 220 is specifically configured to:
comparing the address with malicious characteristics in a preset characteristic library;
and if the address is judged to be a malicious address, sending a first instruction to the user, wherein the period of the first instruction reaching the user is greater than the response period of the target server.
Optionally, the obtaining module 230 is specifically configured to:
the user acquires the reminding content according to the first address in the page reorganization JS;
and the user acquires the content of the target server according to the second address in the page reorganization JS.
Optionally, the apparatus further includes an updating module 240, configured to update the preset feature library according to a determination result of the address of the target server.
According to the active detection and real-time reminding device for internet access safety based on the network side, provided by the embodiment of the invention, the access request sent by the user can be collected in real time through the collection module 210, so that the real-time monitoring of the access is realized; the security of the accessed target address can be judged through the judgment module 220, and active intervention is performed on the access of the target address; the obtaining module 230 can obtain the reminding content for the target address, provide a reference for the user to access the target address, and further improve the security of the network environment.
Referring to fig. 3, in another preferred embodiment of the present invention, an active detection and real-time reminding system for internet access security based on a network side is provided, and the system includes: mobile terminal 310, target server 320, DPI330 and aerial guard platform 340, the system performs the following functions:
the mobile terminal 310 sends an HTTP request to the target server 320, and the DPI330 acquires the address of the target server 320;
the DPI330 judges that the address meets the preset condition, and sends a first instruction to the mobile terminal 310, wherein the first instruction comprises an HTTP200 service request success state and a page recombination JS;
the mobile terminal 310 acquires the reminding content of the air guard platform 340 and the content of the target server 320 according to the first instruction.
Optionally, the DPI330 may be integrated inside the security guard platform 340, and used as a data acquisition module of the security guard platform 340, or may be independently set as a data acquisition device. When the DPI330 is disposed inside the security guard platform 340, active intervention operations such as collection, detection, notification transmission, and the like of the system are all completed through the security guard platform 340, which is convenient for the architecture of the system. When the DPI330 is independently arranged as a data acquisition device, if the system fails, the system is convenient to inspect and replace, and the maintenance time is saved.
Optionally, the system further performs the following functions:
the address of the target server 320 is collected by mirroring and/or spectroscopy.
Optionally, the system further performs the following functions:
comparing the address with malicious characteristics in a preset characteristic library;
and if the address is judged to be a malicious address, sending a first instruction to the mobile terminal 310 of the user, wherein the period of the first instruction reaching the user is greater than the response period of the target server 320.
Optionally, the system further performs the following functions:
the mobile terminal 310 of the user acquires the reminding content of the security guard platform 340 according to the first address in the page reorganization JS;
the mobile terminal 310 of the user acquires the content of the target server 320 according to the second address in the page restructuring JS.
Optionally, the system further performs the following functions:
the preset feature library is updated according to the determination result of the address of the target server 320.
Specifically, referring to fig. 4, the steps of the interactive communication between the mobile terminal, the core switch, the DPI device, the aerial guard and the target WEB are as follows:
step 1: a user surfs the internet and sends an HTTP request to a target WEB, namely URL A;
step 2: collecting data by a DPI (deep packet inspection) device in a mirror image/light splitting mode;
and step 3: judging whether the request address hits a virus or malicious website feature library according to the acquired data, and if so, sending an HTTP200 service request success state and a page recombination js (including an original URL A requested by a user and an aerial guard URL B needing to be reminded);
and 4, step 4: the response of the target WEB is later than the collection of the DPI, so the target WEB is discarded by the client browser;
and 5: the mobile terminal browser requests an aerial guard address according to the URL B in the page recombination js;
step 6: displaying the reminding content in the forms of inserting windows, floating windows, pop windows and the like;
and 7: the mobile terminal browser requests a target address according to the URL A in the js recombined by the page;
and 8: the content of the target address is displayed to the end user.
The aerial guard platform is used as equipment for detecting and sending user reminding content, the specific structure of the aerial guard platform is shown in a reference figure 5, and the aerial guard platform comprises a window inserting module, a virus and malicious website feature library module and a risk reminding module, wherein the window inserting module comprises a DPI real-time acquisition function, a service inserting function and a service management function, and the service inserting function can insert required services in real time, for example: malicious website reminder content, etc.; the virus and malicious website characteristic library module comprises virus characteristic updating and malicious website characteristic updating functions; and the risk reminding module reminds the user of needing attention to access the content according to virus and malicious website classification. In addition, the aerial guard platform can provide functions of online cloud searching and killing, mobile phone virus early warning and detection and the like for users.
The internet-surfing safety active detection and real-time reminding system based on the network side can detect and intervene the acquired target address in real time through the aerial guard platform, send reminding content to the user, actively remind the user whether the access content is safe or not, and avoid unnecessary loss caused by accessing a virus website.
It should be noted that: in the active detection and real-time reminding method, device and system for internet access security based on the network side, which are provided by the embodiment, only the division of the functional modules is used for illustration, and in practical application, the function distribution can be completed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules so as to complete all or part of the functions described above. In addition, the method, the device and the system for active detection and real-time reminding of internet access security based on the network side provided by the embodiment belong to the same concept, and the specific implementation process is described in detail in the embodiment and is not described herein again.
It will be understood by those skilled in the art that all or part of the steps for implementing the embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, and the program may be stored in a computer-readable storage medium, which may be a read-only memory, a magnetic or optical disk, and the like.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (7)
1. The network side-based active internet surfing safety detection and real-time reminding method is characterized by comprising the following steps:
sending an HTTP request to a target server, and collecting the address of the target server;
judging that the address meets a preset condition, and sending a first instruction to the user, wherein the first instruction comprises an HTTP200 service request success state and a page recombination JS;
the user acquires reminding content and the content of the target server according to the first instruction;
wherein the acquiring the address of the target server comprises:
collecting the address of the target server by DPI equipment in a mirroring and/or light splitting mode;
the step of judging that the address meets the preset condition and sending a first instruction to the user comprises the following steps:
comparing the address with malicious characteristics in a preset characteristic library;
and if the address is judged to be a malicious address, sending a first instruction to the user, wherein the period of the first instruction reaching the user is longer than the response period of the target server.
2. The method of claim 1, wherein the user obtaining the reminder content and the content of the target server according to the first instruction comprises:
the user acquires reminding content according to the first address in the page recombination JS;
and the user acquires the content of the target server according to the second address in the page reorganization JS.
3. The method according to claim 1 or 2, characterized in that the method further comprises:
and updating the preset feature library according to the judgment result of the address of the target server.
4. Network safety active detection and real-time reminding device based on network side, its characterized in that, the device includes:
the acquisition module is used for sending an HTTP request to a target server and acquiring the address of the target server;
the judging module is used for judging that the address meets the preset condition and sending a first instruction to the user, wherein the first instruction comprises an HTTP200 service request success state and a page recombination JS;
the acquisition module is used for acquiring the reminding content and the content of the target server by the user according to the first instruction;
the acquisition module is DPI equipment and can acquire the address of the target server in a mirror image and/or light splitting mode;
wherein the determination module is to:
comparing the address with malicious characteristics in a preset characteristic library;
and if the address is judged to be a malicious address, sending a first instruction to the user, wherein the period of the first instruction reaching the user is longer than the response period of the target server.
5. The apparatus of claim 4, wherein the obtaining module is configured to:
the user acquires reminding content according to the first address in the page recombination JS;
and the user acquires the content of the target server according to the second address in the page reorganization JS.
6. The apparatus according to claim 4 or 5, further comprising an updating module configured to update the preset feature library according to a determination result of the address of the target server.
7. Network side-based active internet surfing safety detection and real-time reminding system, which is characterized by comprising: the system comprises a mobile terminal, a target server, a DPI and an aerial guard platform, wherein the system executes the following functions:
the mobile terminal sends an HTTP request to the target server, and the DPI acquires the address of the target server;
the DPI judges that the address meets a preset condition, and sends a first instruction to the mobile terminal, wherein the first instruction comprises an HTTP200 service request success state and a page recombination JS;
and the mobile terminal acquires the reminding content of the aerial guard platform and the content of the target server according to the first instruction.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710065316.2A CN106603575B (en) | 2017-02-06 | 2017-02-06 | Network side-based active internet surfing safety detection and real-time reminding method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710065316.2A CN106603575B (en) | 2017-02-06 | 2017-02-06 | Network side-based active internet surfing safety detection and real-time reminding method, device and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106603575A CN106603575A (en) | 2017-04-26 |
| CN106603575B true CN106603575B (en) | 2020-05-26 |
Family
ID=58585523
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710065316.2A Active CN106603575B (en) | 2017-02-06 | 2017-02-06 | Network side-based active internet surfing safety detection and real-time reminding method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106603575B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113507438A (en) * | 2021-06-04 | 2021-10-15 | 茂名市群英网络有限公司 | Multistage defense system for ensuring use safety of network user |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103701779A (en) * | 2013-12-13 | 2014-04-02 | 北京神州绿盟信息安全科技股份有限公司 | Method and device for accessing website for second time and firewall equipment |
| CN104348803A (en) * | 2013-07-31 | 2015-02-11 | 深圳市腾讯计算机系统有限公司 | Link hijacking detecting method and device, user equipment, analysis server and link hijacking detecting system |
| WO2015138508A1 (en) * | 2014-03-11 | 2015-09-17 | Vectra Networks, Inc. | Method and system for detecting bot behavior |
| CN105656950A (en) * | 2016-04-13 | 2016-06-08 | 南京烽火软件科技有限公司 | HTTP (Hyper Text Transport Protocol) access hijack detection and purification device and method based on domain name |
| CN105791293A (en) * | 2012-11-07 | 2016-07-20 | 北京奇虎科技有限公司 | Malicious website blocking method and device in multi-core browser |
| US9531736B1 (en) * | 2012-12-24 | 2016-12-27 | Narus, Inc. | Detecting malicious HTTP redirections using user browsing activity trees |
-
2017
- 2017-02-06 CN CN201710065316.2A patent/CN106603575B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105791293A (en) * | 2012-11-07 | 2016-07-20 | 北京奇虎科技有限公司 | Malicious website blocking method and device in multi-core browser |
| US9531736B1 (en) * | 2012-12-24 | 2016-12-27 | Narus, Inc. | Detecting malicious HTTP redirections using user browsing activity trees |
| CN104348803A (en) * | 2013-07-31 | 2015-02-11 | 深圳市腾讯计算机系统有限公司 | Link hijacking detecting method and device, user equipment, analysis server and link hijacking detecting system |
| CN103701779A (en) * | 2013-12-13 | 2014-04-02 | 北京神州绿盟信息安全科技股份有限公司 | Method and device for accessing website for second time and firewall equipment |
| WO2015138508A1 (en) * | 2014-03-11 | 2015-09-17 | Vectra Networks, Inc. | Method and system for detecting bot behavior |
| CN105656950A (en) * | 2016-04-13 | 2016-06-08 | 南京烽火软件科技有限公司 | HTTP (Hyper Text Transport Protocol) access hijack detection and purification device and method based on domain name |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106603575A (en) | 2017-04-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111651757B (en) | Method, device, equipment and storage medium for monitoring attack behaviors | |
| CN108881339B (en) | Push method, user tag generation method, device and equipment | |
| US10262341B2 (en) | Resource downloading method and device | |
| CN109302434B (en) | Prompt message pushing method and device, service platform and storage medium | |
| EP2680624A1 (en) | Method, system and device for improving security of terminal when surfing internet | |
| CN109862003B (en) | Method, device, system and storage medium for generating local threat intelligence library | |
| CN108092962A (en) | A kind of malice URL detection method and device | |
| CN104113519A (en) | Network attack detection method and device thereof | |
| US20150150128A1 (en) | Method and apparatus for intercepting or cleaning-up plugins | |
| CN109688097A (en) | Website protection method, website protective device, website safeguard and storage medium | |
| CN111404937B (en) | Method and device for detecting server vulnerability | |
| CN106709346B (en) | Document handling method and device | |
| CN108009424A (en) | Virus behavior detection method, apparatus and system | |
| CN107528818B (en) | Data processing method and device for media file | |
| CN103810176A (en) | Pre-fetching accessing method and device of webpage information | |
| CN106899549B (en) | Network security detection method and device | |
| WO2017000439A1 (en) | Detection method, system and device for malicious behaviour, and computer storage medium | |
| CN103391520A (en) | Method, terminal, server and system for intercepting malicious short message | |
| CN108183900A (en) | A kind of method, server, client and system for digging the detection of ore deposit script | |
| CN104010035A (en) | Method and system for application program distribution | |
| CN109688094B (en) | Suspicious IP configuration method, device, equipment and storage medium based on network security | |
| CN108804501B (en) | A method and device for detecting valid information | |
| CN113709748A (en) | Method for identifying virus short message based on sending behavior and website characteristics | |
| CN106603575B (en) | Network side-based active internet surfing safety detection and real-time reminding method, device and system | |
| CN113709136B (en) | Access request verification method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100191 Beijing City, North Third Ring Road West, No. 27, building 25, room five, floor 5002 Applicant after: Heng Jia Jia (Beijing) Technology Co., Ltd. Address before: 100191 Beijing City, North Third Ring Road West, No. 27, building 25, room five, floor 5002 Applicant before: Eversec (Beijing) Technology Co., Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |