[go: up one dir, main page]

CN116910751A - Information security detection methods, devices, electronic equipment and storage media - Google Patents

Information security detection methods, devices, electronic equipment and storage media Download PDF

Info

Publication number
CN116910751A
CN116910751A CN202211397872.7A CN202211397872A CN116910751A CN 116910751 A CN116910751 A CN 116910751A CN 202211397872 A CN202211397872 A CN 202211397872A CN 116910751 A CN116910751 A CN 116910751A
Authority
CN
China
Prior art keywords
text
webpage
web page
information
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211397872.7A
Other languages
Chinese (zh)
Inventor
程鑫滟
王�琦
袁勇
鲁银冰
丁国伟
谢懿
陈东
陈敏时
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Hangzhou Information Technology Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Hangzhou Information Technology Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202211397872.7A priority Critical patent/CN116910751A/en
Publication of CN116910751A publication Critical patent/CN116910751A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/561Virus type analysis
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/955Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
    • G06F16/9566URL specific, e.g. using aliases, detecting broken or misspelled links
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/957Browsing optimisation, e.g. caching or content distillation
    • G06F16/9577Optimising the visualization of content, e.g. distillation of HTML documents

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Data Mining & Analysis (AREA)
  • General Health & Medical Sciences (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

本公开实施例提供信息安全检测方法,由包含预设插件的网页客户端执行,所述方法包括:当监听作用于第一网页的第一类操作事件时,获取所述第一网页上目标区域对应的目标文本;其中,所述目标区域为所述第一类操作事件作用于所述第一网页的网页区域;通过所述预设插件将所述目标文本发送给服务器;接收所述服务器返回的风险评估信息;根据所述风险评估信息,在基于作用于所述目标区域的第二类操作跳转到第二网页之前,输出风险提示信息。这里,相较于用户人工复制第一网页的文本并查询分析第一网页的风险,可以自动检测网页风险并预警,减少了人工操作,提高了网页风险检测的效率和准确率,提高了用户浏览网页的安全性以及浏览网页的智能性。

Embodiments of the present disclosure provide an information security detection method, which is executed by a webpage client containing a preset plug-in. The method includes: when monitoring a first type of operation event acting on a first webpage, obtaining a target area on the first webpage. Corresponding target text; wherein, the target area is the web page area where the first type of operation event acts on the first web page; send the target text to the server through the preset plug-in; receive the return from the server risk assessment information; according to the risk assessment information, before jumping to the second web page based on the second type of operation acting on the target area, the risk prompt information is output. Here, compared with the user manually copying the text of the first webpage and querying and analyzing the risks of the first webpage, webpage risks can be automatically detected and warned, which reduces manual operations, improves the efficiency and accuracy of webpage risk detection, and improves user browsing The security of the web and the intelligence of browsing the web.

Description

信息安全检测方法、装置、电子设备及存储介质Information security detection methods, devices, electronic equipment and storage media

技术领域Technical field

本公开涉及但不限于网络安全技术领域,尤其涉及一种信息安全检测方法、装置、电子设备及存储介质。The present disclosure relates to but is not limited to the field of network security technology, and in particular, to an information security detection method, device, electronic equipment and storage medium.

背景技术Background technique

随着网络技术的快速发展,个人和企业对网页的应用越来越广泛,访问网页面临的风险也越来越多。With the rapid development of network technology, individuals and enterprises are using web pages more and more widely, and the risks faced by accessing web pages are also increasing.

在现有网页信息安全检测方法,往往通过人工手动复制网页信息到威胁分析平台中进行检测分析确定信息安全,或通过调用应用程序编程接口检测分析确定信息安全。通过人工手动复制网页信息检测信息安全的效率低,通过调用应用程序编程接口检测信息安全专业性强,适用范围小。In existing web page information security detection methods, we often manually copy web page information to a threat analysis platform for detection and analysis to determine information security, or by calling application programming interfaces to detect and analyze information security. The efficiency of detecting information security by manually copying web page information is low, while detecting information security by calling application programming interfaces is highly professional and has a small scope of application.

发明内容Contents of the invention

有鉴于此,本公开实施例公开了一种信息安全检测方法、装置、电子设备及存储介质。In view of this, embodiments of the present disclosure disclose an information security detection method, device, electronic device, and storage medium.

根据本公开实施例的第一方面,提供一种信息安全检测方法,由包含预设插件的网页客户端执行,所述方法包括:当监听作用于第一网页的第一类操作事件时,获取所述第一网页上目标区域对应的目标文本;其中,所述目标区域为所述第一类操作事件作用于的所述第一网页的网页区域;According to a first aspect of an embodiment of the present disclosure, an information security detection method is provided, which is executed by a web client containing a preset plug-in. The method includes: when monitoring a first type of operation event acting on a first web page, obtain The target text corresponding to the target area on the first web page; wherein the target area is the web page area of the first web page on which the first type of operation event acts;

通过所述预设插件将所述目标文本发送给服务器;Send the target text to the server through the preset plug-in;

接收所述服务器返回的风险评估信息;Receive risk assessment information returned by the server;

根据所述风险评估信息,在基于作用于所述目标区域的第二类操作跳转到第二网页之前,输出风险提示信息。According to the risk assessment information, risk prompt information is output before jumping to the second web page based on the second type of operation acting on the target area.

在一个实施例中,所述当监听到作用于第一网页的第一类操作事件时,获取所述第一网页上目标区域对应的目标文本,包括:当监听作用于第一网页的第一类操作事件时,根据所述第一类操作事件的事件信息,确定获取所述目标文本的目标方式;根据所述目标方式,获得所述目标文本。In one embodiment, when monitoring the first type of operation event acting on the first web page, obtaining the target text corresponding to the target area on the first web page includes: when monitoring the first type of operation event acting on the first web page. When a type operation event occurs, the target method for obtaining the target text is determined based on the event information of the first type operation event; and the target text is obtained according to the target method.

在一个实施例中,所述当监听作用于第一网页的第一类操作事件时,根据所述第一类操作事件的事件信息,确定获取所述目标文本的目标方式,包括:当监听到作用于所述第一网页的光标悬浮事件或光标选中事件时,提取所述第一网页的光标悬浮对应的网页标签所包含的文本或所述光标选中的文本。In one embodiment, when monitoring the first type of operation event acting on the first web page, determining the target method of obtaining the target text based on the event information of the first type of operation event includes: when monitoring When acting on the cursor hover event or cursor selection event of the first web page, extract the text contained in the web page tag corresponding to the cursor hover of the first web page or the text selected by the cursor.

在一个实施例中,所述当监听作用于第一网页的第一类操作事件时,根据所述第一类操作事件的事件信息,确定获取所述目标文本的目标方式,包括:当监听到作用于所述第一网页上截图控件的操作事件时,获取所述第一网页的截图;根据所述第一网页的截图,识别获得所述第一网页的截图内的文本。In one embodiment, when monitoring the first type of operation event acting on the first web page, determining the target method of obtaining the target text based on the event information of the first type of operation event includes: when monitoring When acting on an operation event of a screenshot control on the first web page, a screenshot of the first web page is obtained; and based on the screenshot of the first web page, text in the screenshot of the first web page is identified and obtained.

在一个实施例中,所述当监听到作用于第一网页的第一类操作事件时,获取所述第一网页上目标区域对应的目标文本包括:当监听到作用于所述第一网页的第一类操作事件时,获取所述第一网页目标区域对应的备选文本;使用预设正则匹配表达式对所述备选文本进行匹配,获得与所述预设正则匹配表达式匹配成功的所述目标文本。In one embodiment, when a first type of operation event acting on the first web page is monitored, obtaining the target text corresponding to the target area on the first web page includes: when a first type of operation event acting on the first web page is monitored, In the first type of operation event, obtain the alternative text corresponding to the target area of the first web page; use a preset regular matching expression to match the alternative text, and obtain a text that successfully matches the preset regular matching expression. The target text.

在一个实施例中,所述预设正则匹配表达式包括:域名正则匹配表达式,用于从所述备选文本中提取域名;互联网协议地址正则匹配表达式,用于从所述备选文本中提取互联网协议地址;邮箱地址正则匹配表达式,用于从所述备选文本中提取电子邮箱地址;通信标识正则表达式,用于从所述备选文本中提取通信标识;文件哈希正则表达式,用于从所述备选文本中提取文件的哈希值。In one embodiment, the preset regular matching expression includes: a domain name regular matching expression, used to extract domain names from the alternative text; an Internet protocol address regular matching expression, used to extract the domain name from the alternative text Extract the Internet protocol address from the alternative text; the email address regular matching expression, used to extract the email address from the alternative text; the communication identification regular expression, used to extract the communication identification from the alternative text; the file hash regular expression Expression used to extract the file's hash value from the alternative text.

在一个实施例中,所述方法还包括:确定所述预设插件是否登录过所述服务器;在所述预设插件登录过所述服务器时,获取所述预设插件登录所述服务器后返回认证令牌;所述通过所述预设插件将所述目标文本发送给服务器,包括:根据所述认证令牌,通过所述预设插件将所述目标文本发送给所述服务器。In one embodiment, the method further includes: determining whether the preset plug-in has logged into the server; when the preset plug-in has logged into the server, obtain the preset plug-in and return after logging into the server. Authentication token; sending the target text to the server through the preset plug-in includes: sending the target text to the server through the preset plug-in according to the authentication token.

第二方面,本公开实施例提供一种信息安全检测方法,由服务器执行,所述方法包括:In a second aspect, embodiments of the present disclosure provide an information security detection method, which is executed by a server. The method includes:

接收网页客户端预设插件发送的目标文本;Receive the target text sent by the default plug-in of the web client;

对所述目标文本进行威胁分析,获得风险评估信息;其中,所述风险评估信息用于:所述网页客户端的预设插件根据所述风险评估信息,输出风险提示信息;Perform threat analysis on the target text to obtain risk assessment information; wherein the risk assessment information is used for: the preset plug-in of the web client to output risk prompt information based on the risk assessment information;

将所述风险评估信息发送至客户端。Send the risk assessment information to the client.

第三方面,本公开实施例提供一种信息安全检测装置,所述装置包括:In a third aspect, an embodiment of the present disclosure provides an information security detection device, which includes:

获取模块,用于当监听作用于第一网页的第一类操作事件时,获取所述第一网页上目标区域对应的目标文本;其中,所述目标区域为所述第一类操作事件作用于所述第一网页的网页区域;An acquisition module configured to acquire the target text corresponding to the target area on the first web page when monitoring the first type of operation event acting on the first web page; wherein the target area is the area where the first type operation event acts on the first web page. The web page area of the first web page;

发送模块,用于通过预设插件将所述目标文本发送给服务器;A sending module, used to send the target text to the server through a preset plug-in;

接收模块,用于接收所述服务器返回的风险评估信息;A receiving module, configured to receive the risk assessment information returned by the server;

输出模块,用于根据所述风险评估信息,在基于作用于所述目标区域的第二类操作跳转到第二网页之前,输出风险提示信息。An output module, configured to output risk prompt information according to the risk assessment information before jumping to the second web page based on the second type of operation acting on the target area.

第四方面,本公开实施例提供一种信息安全检测装置,所述装置包括:In a fourth aspect, embodiments of the present disclosure provide an information security detection device, which includes:

接收模块,用于接收网页客户端预设插件发送的目标文本;The receiving module is used to receive the target text sent by the preset plug-in of the web client;

获得模块,用于对所述目标文本进行威胁分析,获得风险评估信息;其中,所述风险评估信息用于:所述网页客户端的预设插件根据所述风险评估信息,输出风险提示信息;An acquisition module is used to perform threat analysis on the target text and obtain risk assessment information; wherein the risk assessment information is used for: the preset plug-in of the web client to output risk prompt information based on the risk assessment information;

发送模块,用于将所述风险评估信息发送至客户端。A sending module is used to send the risk assessment information to the client.

第五方面,本公开实施例提供一种电子设备,所述电子设备包括:处理器和用于存储能够在处理器上运行的计算机程序的存储器;其中,所述处理器运行所述计算机程序时,执行前述一个或多个技术方案所述方法的步骤。In a fifth aspect, embodiments of the present disclosure provide an electronic device, the electronic device including: a processor and a memory for storing a computer program capable of running on the processor; wherein when the processor runs the computer program , perform the steps of the method described in one or more of the foregoing technical solutions.

第六方面,本公开实施例提供一种计算机可读存储介质,所述计算机可读存储介质存储有计算机可执行指令;计算机可执行指令被处理器执行后,能够实现前述一个或多个技术方案所述方法。In a sixth aspect, embodiments of the present disclosure provide a computer-readable storage medium that stores computer-executable instructions; after the computer-executable instructions are executed by a processor, one or more of the foregoing technical solutions can be implemented described method.

本公开实施例提供的信息安全检测方法,包含预设插件的网页客户端根据监听所述第一类操作事件获取所述第一网页的目标文本,并通过所述目标文本从服务器获取风险评估信息,从而输出风险提示信息,相较于用户人工复制第一网页的目标文本并人工查询分析第一网页的风险,可以由插件自动获取第一网页的目标文本,根据服务器确定第一网页的风险评估信息,可以减少人工操作,提高了对网页风险的检测的效率和准确率,并及时在第一网页存在风险时进行风险预警,提高了用户浏览网页的安全性以及浏览网页的智能性。In the information security detection method provided by the embodiment of the present disclosure, a web client containing a preset plug-in obtains the target text of the first web page based on monitoring the first type of operation event, and obtains risk assessment information from the server through the target text. , thereby outputting risk warning information. Compared with the user manually copying the target text of the first webpage and manually querying and analyzing the risks of the first webpage, the plug-in can automatically obtain the target text of the first webpage and determine the risk assessment of the first webpage based on the server. Information can reduce manual operations, improve the efficiency and accuracy of detecting web page risks, and provide timely risk warning when there is a risk on the first web page, improving the security and intelligence of users browsing web pages.

附图说明Description of the drawings

图1为本公开实施例提供的一种信息安全检测方法的流程示意图。Figure 1 is a schematic flowchart of an information security detection method provided by an embodiment of the present disclosure.

图2为本公开实施例提供的一种信息安全检测方法的流程示意图。Figure 2 is a schematic flowchart of an information security detection method provided by an embodiment of the present disclosure.

图3为本公开实施例提供的一种信息安全检测方法的流程示意图。Figure 3 is a schematic flowchart of an information security detection method provided by an embodiment of the present disclosure.

图4为本公开实施例提供的一种信息安全检测方法的流程示意图。Figure 4 is a schematic flowchart of an information security detection method provided by an embodiment of the present disclosure.

图5为本公开实施例提供的一种信息安全检测方法的流程示意图。Figure 5 is a schematic flowchart of an information security detection method provided by an embodiment of the present disclosure.

图6为本公开实施例提供的一种第一网页页面的示意图。FIG. 6 is a schematic diagram of a first web page provided by an embodiment of the present disclosure.

图7为本公开实施例提供的一种单点登录方法的示意图。Figure 7 is a schematic diagram of a single sign-on method provided by an embodiment of the present disclosure.

图8为本公开实施例提供的一种信息安全检测方法的流程示意图。Figure 8 is a schematic flowchart of an information security detection method provided by an embodiment of the present disclosure.

图9为本公开实施例提供的一种信息安全检测装置的示意图。Figure 9 is a schematic diagram of an information security detection device provided by an embodiment of the present disclosure.

图10为本公开实施例提供的一种信息安全检测装置的示意图。Figure 10 is a schematic diagram of an information security detection device provided by an embodiment of the present disclosure.

具体实施方式Detailed ways

为了使本公开的目的、技术方案和优点更加清楚,下面将结合附图对本公开作进一步地详细描述,所描述的实施例不应视为对本公开的限制,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其它实施例,都属于本公开保护的范围。In order to make the purpose, technical solutions and advantages of the present disclosure clearer, the present disclosure will be further described in detail below in conjunction with the accompanying drawings. The described embodiments should not be regarded as limiting the present disclosure. Those of ordinary skill in the art will not make any All other embodiments obtained under the premise of creative work belong to the scope of protection of this disclosure.

在以下的描述中,涉及到“一些实施例”,其描述了所有可能实施例的子集,但是可以理解,“一些实施例”可以是所有可能实施例的相同子集或不同子集,并且可以在不冲突的情况下相互结合。In the following description, reference is made to "some embodiments" which describe a subset of all possible embodiments, but it is understood that "some embodiments" may be the same subset or a different subset of all possible embodiments, and Can be combined with each other without conflict.

在以下的描述中,所涉及的术语“第一\第二\第三”仅仅是区别类似的对象,不代表针对对象的特定排序,可以理解地,“第一\第二\第三”在允许的情况下可以互换特定的顺序或先后次序,以使这里描述的本公开实施例能够以除了在这里图示或描述的以外的顺序实施。In the following description, the terms "first\second\third" are only used to distinguish similar objects and do not represent a specific ordering of objects. It is understandable that "first\second\third" is used in Where permitted, the specific order or sequence may be interchanged so that the disclosed embodiments described herein can be practiced in other sequences than illustrated or described herein.

除非另有定义,本文所使用的所有的技术和科学术语与属于本公开的技术领域的技术人员通常理解的含义相同。本文中所使用的术语只是为了描述本公开实施例的目的,不是旨在限制本公开。Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this disclosure belongs. The terminology used herein is for the purpose of describing embodiments of the disclosure only and is not intended to limit the disclosure.

如图1所示,本公开实施例提供一种信息安全检测方法,由包含预设插件的网页客户端执行,所述方法包括:As shown in Figure 1, an embodiment of the present disclosure provides an information security detection method, which is executed by a web client containing a preset plug-in. The method includes:

步骤S101:当监听作用于第一网页的第一类操作事件时,获取所述第一网页上目标区域对应的目标文本;其中,所述目标区域为所述第一类操作事件作用于的所述第一网页的网页区域;Step S101: When monitoring the first type of operation event acting on the first web page, obtain the target text corresponding to the target area on the first web page; wherein the target area is the place where the first type operation event acts. The web page area of the first web page;

步骤S102:通过所述预设插件将所述目标文本发送给服务器;Step S102: Send the target text to the server through the preset plug-in;

步骤S103:接收所述服务器返回的风险评估信息;Step S103: Receive the risk assessment information returned by the server;

步骤S104:根据所述风险评估信息,在基于作用于所述目标区域的第二类操作跳转到第二网页之前,输出风险提示信息。Step S104: According to the risk assessment information, before jumping to the second web page based on the second type of operation acting on the target area, output risk prompt information.

在一个实施例中,网页可以为超文本标记语言(HTML,Hyper Text MarkupLanguage)格式的文本文件,根据至少一个网页可以构成网站;所述网页客户端可以包括:阅读显示网页的应用程序,如浏览器等。In one embodiment, the web page may be a text file in Hyper Text Markup Language (HTML) format, and a website may be constructed based on at least one web page; the web page client may include: an application program for reading and displaying web pages, such as browsing Devices etc.

在一个实施例中,插件可以为一种运行在预定系统平台的程序,可以包括:文本插件、脚本插件或程序插件等。所述网页客户端包括的预设插件可以包括:浏览器插件等。In one embodiment, a plug-in may be a program running on a predetermined system platform, and may include: text plug-in, script plug-in or program plug-in, etc. The default plug-ins included in the web page client may include: browser plug-ins, etc.

在一个实施例中,所述第一网页可以根据文档对象模型(DOM,Document ObjectModel)表示。所述文档对象模型可以将第一网页表示为一个由至少一个节点组成的树形结构;其中,所述节点可以包括:元素节点,可以包括网页标签和网页标签包含的文本;文本节点,可以包括标签对应的内容文本;和/或,属性节点,可以包括标签的属性等。在一个实施例中,所述步骤S101可以包括:通过网页客户端的预设插件对输入设备作用于第一网页的第一类操作事件进行监听;当监听作用于第一网页的第一类操作事件时,获取所述第一网页上目标区域对应的目标文本。In one embodiment, the first web page may be represented according to a Document Object Model (DOM, Document Object Model). The document object model may represent the first web page as a tree structure composed of at least one node; wherein the node may include: an element node, which may include a web page tag and the text contained in the web page tag; a text node, which may include The content text corresponding to the label; and/or, the attribute node, which can include the attributes of the label, etc. In one embodiment, the step S101 may include: monitoring the first type of operation event of the input device acting on the first web page through a default plug-in of the web client; when monitoring the first type of operation event of the first web page, When, the target text corresponding to the target area on the first web page is obtained.

在一个实施例中,所述输入设备可以包括但不限于:鼠标、键盘和/或触控设备等。In one embodiment, the input device may include but is not limited to: a mouse, a keyboard and/or a touch device, etc.

在一个实施例中,网页客户端中可以包括至少一个网页,则所述第一网页可以包括:当前显示的第一网页;和/或,所述输入设备当前作用的第一网页。In one embodiment, the web client may include at least one web page, and the first web page may include: the first web page currently displayed; and/or the first web page currently acted upon by the input device.

所述第一类操作事件可以包括:作用于第一网页的目标区域的提取目标文本的预定操作事件。The first type of operation event may include: a predetermined operation event that acts on the target area of the first web page to extract target text.

在一个实施例中,所述监听的方式可以包括:通过编程语言进行监听。示例性的,所述编程语言可以包括:JavaScript编程语言,通过所述编程语言可以监听所述输入设备的操作事件。其中,所述输入设备的操作事件可以包括:鼠标的点击事件、鼠标的移动事件、键盘的键盘按键的按下事件和/或键盘按键的松开事件等。In one embodiment, the monitoring method may include: monitoring through a programming language. Exemplarily, the programming language may include: JavaScript programming language, through which operating events of the input device may be monitored. The operation events of the input device may include: mouse click events, mouse movement events, keyboard key press events and/or keyboard key release events, etc.

在一个实施例中,所述服务器可以用于:对所述目标文本进行威胁分析,获得风险评估信息。所述服务器可以包括:威胁情报平台的服务器。所述威胁情报平台可以在客户端通过威胁情报平台的网页与所述服务器通信。In one embodiment, the server may be configured to perform threat analysis on the target text and obtain risk assessment information. The server may include: a server of the threat intelligence platform. The threat intelligence platform can communicate with the server on the client side through the web page of the threat intelligence platform.

在一个实施例中,所述步骤S102可以包括:所述预设插件向服务器发送请求,其中,所述请求中携带有所述目标文本。In one embodiment, the step S102 may include: the preset plug-in sends a request to the server, where the request carries the target text.

在一个实施例中,所述预设插件可以通过调用所述服务器的接口,向服务器发送携带所述目标文本的请求。In one embodiment, the preset plug-in can send a request carrying the target text to the server by calling an interface of the server.

在一个实施例中,所述风险评估信息可以用于评估所述第一网页是否存在风险,所述风险评估信息可以包括:目标文本是否存在威胁信息、威胁信息文本、风险类型和/或风险等级等。In one embodiment, the risk assessment information may be used to assess whether there is a risk in the first web page. The risk assessment information may include: whether threat information exists in the target text, threat information text, risk type and/or risk level. wait.

所述风险类型可以包括威胁信息可能导致的风险。示例性的,所述风险类型可以包括:第一网页中存在恶意链接、第一网页中存在非法信息和/或第一网页中存在恶意攻击信息等。The risk types may include risks that may be caused by threat information. For example, the risk type may include: the presence of malicious links in the first web page, the presence of illegal information in the first web page, and/or the presence of malicious attack information in the first web page, etc.

所述风险等级可以用于指示风险的重要和紧急程度。示例性的,所述风险等级可以包括:高风险、中风险和低风险等。示例性地,紧急程度可分为:非常紧急、紧急以及不紧急等三个程度。The risk level may be used to indicate the importance and urgency of a risk. For example, the risk levels may include: high risk, medium risk, low risk, etc. For example, the urgency level can be divided into three levels: very urgent, urgent and not urgent.

在一个实施例中,所述步骤S104中所述第二网页可以包括:与所述第一网页相关联的第二网页,所述第二类操作可以包括跳转网页操作。示例性的,在基于作用于所述目标区域的第二类操作跳转到第二网页,可以包括:第一网页的目标区域中包含第二网页的统一资源定位系统(URL,uniform resource locator),根据点击所述URL的操作跳转到第二网页。In one embodiment, the second web page in step S104 may include: a second web page associated with the first web page, and the second type of operation may include a jump web page operation. For example, jumping to the second web page based on the second type of operation acting on the target area may include: the target area of the first web page contains a uniform resource locator (URL) of the second web page. , jumping to the second web page based on the operation of clicking the URL.

在一个实施例中,所述风险提示信息可以包括:在基于作用于所述目标区域的第二类操作跳转到第二网页之前,通过页面或提示框显示的风险提示信息;其中,所述风险提示信息可以包括:图片信息和/或文字信息等。In one embodiment, the risk prompt information may include: risk prompt information displayed through the page or prompt box before jumping to the second web page based on the second type of operation acting on the target area; wherein, the Risk warning information may include: picture information and/or text information, etc.

在一个实施例中,所述步骤S104可以包括:若所述风险评估信息中确定第一网页不存在风险,输出第一风险提示信息;其中,所述第一风险提示信息用于指示第一网页不存在风险。In one embodiment, the step S104 may include: if it is determined in the risk assessment information that the first web page does not have a risk, outputting the first risk prompt information; wherein the first risk prompt information is used to indicate that the first web page There is no risk.

在一个实施例中,所述步骤S104还可以包括:若所述风险评估信息中确定第一网页存在风险,输出第二风险提示信息;其中,所述第二风险提示信息用于指示第一网页存在风险。In one embodiment, step S104 may also include: if it is determined in the risk assessment information that the first web page has a risk, outputting second risk prompt information; wherein the second risk prompt information is used to indicate that the first web page There is a risk.

在一个实施例中,所述第二风险提示信息还可以用于显示所述风险评估信息中所述威胁信息文本、风险类型和/或风险等级等信息。In one embodiment, the second risk prompt information may also be used to display information such as the threat information text, risk type and/or risk level in the risk assessment information.

示例性的,所述预设插件在第一网页输出第二风险提示信息可以如图6所示,通过提示框显示风险提示的文字信息。For example, when the preset plug-in outputs the second risk warning information on the first web page, as shown in Figure 6, the text information of the risk warning can be displayed through a prompt box.

这里,通过网页客户端的预设插件监听所述第一类操作事件获取所述第一网页的目标文本,并通过所述目标文本从服务器获取风险评估信息,从而输出风险提示信息,相较于用户人工复制第一网页的目标文本并人工查询分析第一网页的风险,可以由插件自动获取第一网页的目标文本,根据服务器确定第一网页的风险评估信息,可以减少人工操作,提高了对网页风险的检测的效率和准确率,并及时在第一网页存在风险时进行风险预警,提高了用户浏览网页的安全性以及浏览网页的智能性。Here, the first type of operation event is monitored through the preset plug-in of the web client to obtain the target text of the first web page, and the risk assessment information is obtained from the server through the target text, thereby outputting the risk prompt information. Compared with the user Manually copy the target text of the first webpage and manually query and analyze the risk of the first webpage. The plug-in can automatically obtain the target text of the first webpage and determine the risk assessment information of the first webpage based on the server, which can reduce manual operations and improve the understanding of the webpage. The efficiency and accuracy of risk detection, and timely risk warning when there is a risk on the first web page, improve the security and intelligence of users browsing web pages.

如图2所示,在一些实施例中,所述当监听到作用于第一网页的第一类操作事件时,获取所述第一网页上目标区域对应的目标文本,包括:As shown in Figure 2, in some embodiments, when monitoring the first type of operation event acting on the first web page, obtaining the target text corresponding to the target area on the first web page includes:

步骤S201:当监听作用于第一网页的第一类操作事件时,根据所述第一类操作事件的事件信息,确定获取所述目标文本的目标方式;Step S201: When monitoring the first type of operation event acting on the first web page, determine the target method of obtaining the target text according to the event information of the first type of operation event;

步骤S202:根据所述目标方式,获得所述目标文本。Step S202: Obtain the target text according to the target mode.

在一个实施例中,所述第一网页的文本的类型信息可以包括:文字文本和/或图片文本等。In one embodiment, the type information of the text of the first web page may include: text text and/or picture text, etc.

在一个实施例中,所述第一类操作事件可以包括:获取文字文本操作事件和/或获取图片文本操作事件;若所述第一类操作事件为获取文字文本操作事件,确定获取目标文本的目标方式为获取文字文本;若所述第一类操作事件为获取图片文本操作事件,确定获取目标文本的方式为:获取图片文本;提取图片文本中的文字文本。In one embodiment, the first type of operation event may include: an operation event of obtaining text text and/or an operation event of obtaining picture text; if the operation event of the first type is an operation event of obtaining text text, determine the method of obtaining the target text. The target method is to obtain text text; if the first type of operation event is an operation event to obtain picture text, the method for obtaining the target text is determined to be: obtain picture text; extract the text text in the picture text.

在一个实施例中,所述获取图片文本可以包括:直接获取图片文本和/或截图获取图片文本等。In one embodiment, obtaining the image text may include: directly obtaining the image text and/or taking a screenshot to obtain the image text, etc.

在一个实施例中,所述方法可以包括:所述预设插件中设置文字文本获取控件和图片获取控件,当检测到选择所述预设插件中控件的操作时,确定获取所述目标文本的目标方式。其中,所述图片获取控件可以包括截图控件等。In one embodiment, the method may include: setting a text acquisition control and a picture acquisition control in the preset plug-in, and when an operation of selecting a control in the preset plug-in is detected, determining how to obtain the target text. target way. Wherein, the picture acquisition control may include a screenshot control, etc.

在一个实施例中,所述方法还包括:当监听到第一页面加载完成时,确定第一网页中文本的类型信息;根据所述第一网页中文本的类型信息,确定获取所述目标文本的目标方式。In one embodiment, the method further includes: when monitoring that the loading of the first page is completed, determining the type information of the text in the first web page; and determining to obtain the target text according to the type information of the text in the first web page. target method.

当所述第一网页的文本类型仅包括文字文本或图片文本时,获取所述目标文本的目标方式可以包括:根据所述获取文字文本操作事件获取文字文本或根据所述获取图片文本操作事件获取图片中的文字文本。When the text type of the first web page only includes text text or picture text, the target method of obtaining the target text may include: obtaining the text text according to the obtain text text operation event or obtaining the text text according to the obtain picture text operation event. Word text in picture.

当所述第一网页的文本类型包括文字文本和图片文本时,获取所述目标文本的目标方式包括:获取文字文本事件和/或获取图片文本事件等。When the text type of the first web page includes text text and picture text, the target method of obtaining the target text includes: obtaining text text events and/or obtaining picture text events, etc.

在一个实施例中,当所述第一网页的文本嵌套可携带文档格式(PDF,PortableDocument Format)文本时,可以根据获取文字文本操作事件获取PDF文件中目标文字文本,若根据获取文字文本操作事件无法获取PDF文件中文字文本,可以通过获取图片文本操作事件获取PDF文件中的目标文字文本。In one embodiment, when the text of the first web page is embedded in Portable Document Format (PDF, Portable Document Format) text, the target text text in the PDF file can be obtained according to the Get Text Text operation event. If the target text text in the PDF file is obtained according to the Get Text Text operation event, The event cannot obtain the text in the PDF file. You can obtain the target text in the PDF file through the Get Image Text operation event.

在一个实施例中,所述当监听作用于第一网页的第一类操作事件时,根据所述第一类操作事件的事件信息,确定获取所述目标文本的目标方式,可以包括:当监听到第一网页加载完成事件时,提取所述第一网页的全部文本。In one embodiment, when monitoring the first type of operation event acting on the first web page, determining the target method of obtaining the target text based on the event information of the first type of operation event may include: when monitoring When the first web page is loaded, all text of the first web page is extracted.

在一个实施例中,所述提取所述第一网页的全部文本可以包括:根据文档对象模型提取所述第一网页中从根元素节点开始的所有节点内的文本。In one embodiment, the extracting all the text of the first web page may include: extracting the text in all nodes starting from the root element node in the first web page according to the document object model.

在一些实施例中,所述当监听作用于第一网页的第一类操作事件时,根据所述第一类操作事件的事件信息,确定获取所述目标文本的目标方式,包括:In some embodiments, when monitoring the first type of operation event acting on the first web page, determining the target method of obtaining the target text based on the event information of the first type of operation event includes:

当监听到作用于所述第一网页的光标悬浮事件或光标选中事件时,提取所述第一网页的光标悬浮对应的网页标签所包含的文本或所述光标选中的文本。When a cursor hover event or a cursor selection event acting on the first web page is monitored, the text contained in the web page tag corresponding to the cursor hover of the first web page or the text selected by the cursor is extracted.

在一个实施例中,所述光标可以包括输入设备显示的光标。In one embodiment, the cursor may include a cursor displayed by an input device.

在一个实施例中,所述光标悬浮事件可以包括:当光标悬浮在第一网页的网页标签的目标区域内,提取所述光标悬浮对应的网页标签所包含的文本。In one embodiment, the cursor hovering event may include: when the cursor hovers within a target area of a webpage tag of the first webpage, extracting the text contained in the webpage tag corresponding to the cursor hovering.

在一个实施例中,所述网页标签可以包括HTML标签。所述网页标签可以包括:标题标签、段落标签和/或链接标签等。In one embodiment, the web page tags may include HTML tags. The web page tags may include: title tags, paragraph tags and/or link tags, etc.

示例性的,当监听到光标悬浮在第一网页的标题标签的目标区域内,提取所述标题标签所包含的标题文本。For example, when it is monitored that the cursor is hovering in the target area of the title tag of the first web page, the title text contained in the title tag is extracted.

在一个实施例中,所述光标悬浮事件还可以包括:当光标悬浮在第一网页的网页标签的目标区域内,根据文档对象模型确定光标悬浮对应的网页标签所在的元素节点,提取所述元素节点中光标悬浮对应的网页标签所包含的文本。In one embodiment, the cursor hovering event may further include: when the cursor is hovering in the target area of the webpage tag of the first webpage, determining the element node where the webpage tag corresponding to the cursor hovering is located according to the document object model, and extracting the element The text contained in the web page label corresponding to the cursor hovering in the node.

在一个实施例中,所述光标选中事件可以包括:所述第一网页中文字被光标选中的事件。当监听到作用于所述第一网页的光标选中事件时,提取所述第一网页的光标选中的文本。In one embodiment, the cursor selection event may include an event that text in the first web page is selected by the cursor. When a cursor selection event acting on the first web page is monitored, the text selected by the cursor of the first web page is extracted.

示例性的,所述光标选中事件可以包括:鼠标左键的按下、移动和鼠标左键的松开操作事件;或,触控屏幕的长按与光标的拖动操作事件;或,在键盘的转移(shift)键的按下时进行鼠标光标的点击的操作事件等。Exemplarily, the cursor selection event may include: pressing, moving and releasing the left mouse button; or, long pressing on the touch screen and dragging the cursor; or, on the keyboard Operation events such as mouse cursor click when the shift key is pressed.

这里,当监听到作用于所述第一网页的光标选中事件时,提取光标选中的文本,可以对光标选中的文本进行重点检测,还可以在提取第一网页文本中出现文本识别不全或文本识别错误时,选中正确的文本进行检测分析,提高了获取目标文本的准确性和智能性。Here, when the cursor selection event acting on the first web page is monitored, the text selected by the cursor is extracted, and the text selected by the cursor can be focused. In addition, incomplete text recognition or text recognition may occur during the extraction of the text of the first web page. When an error occurs, the correct text is selected for detection and analysis, which improves the accuracy and intelligence of obtaining the target text.

如图3所示,在一些实施例中,所述当监听作用于第一网页的第一类操作事件时,根据所述第一类操作事件的事件信息,确定获取所述目标文本的目标方式,包括:As shown in Figure 3, in some embodiments, when monitoring the first type of operation event acting on the first web page, the target method of obtaining the target text is determined based on the event information of the first type of operation event. ,include:

步骤S301:当监听到作用于所述第一网页上截图控件的操作事件时,获取所述第一网页的截图;Step S301: When an operation event acting on the screenshot control on the first web page is monitored, obtain a screenshot of the first web page;

步骤S302:根据所述第一网页的截图,识别获得所述第一网页的截图内的文本。Step S302: According to the screenshot of the first web page, identify and obtain the text in the screenshot of the first web page.

在一个实施例中,所述预设插件中包括所述截图控件。在一个实施例中,当监听到作用于所述第一网页上截图控件的点击操作时,开始进行截图操作,根据所述截图操作获取所述第一网页的截图。在一个实施例中,所述截图操作可以包括:鼠标的按键的按下、移动和松开的操作。根据截图操作中鼠标的按键的按下操作时的光标的起点坐标位置与鼠标的按键松开操作时的光标的终点坐标位置,可以确定第一网页中的截图区域,获取所述第一网页的截图区域的截图。In one embodiment, the screenshot control is included in the preset plug-in. In one embodiment, when a click operation on the screenshot control on the first web page is monitored, a screenshot operation is started, and a screenshot of the first web page is obtained according to the screenshot operation. In one embodiment, the screenshot operation may include: pressing, moving, and releasing operations of a mouse button. According to the starting coordinate position of the cursor when the mouse button is pressed during the screenshot operation and the end coordinate position of the cursor when the mouse button is released, the screenshot area in the first web page can be determined, and the screenshot area of the first web page can be obtained. A screenshot of the screenshot area.

在一个实施例中,所述步骤S301可以根据所述预设插件调用画布应用程序接口(Canvas API)实现。根据预设插件中的截图控件的截图操作确定第一网页的截图区域信息,其中,截图区域信息可以包括:起点光标的坐标位置、终点光标的坐标位置、截图区域的宽度和高度;所述预设插件将所述截图区域信息通过画布应用程序接口发送至画布应用程序;所述预设插件接收画布应用程序根据所述截图区域信息生成第一网页的截图。其中,所述画布应用程序还可以将所述第一网页的截图通过基于64个可打印字符来表示二进制数据(Base64)编码方式进行编码,将编码后的第一网页的截图发送至预设插件。In one embodiment, the step S301 can be implemented by calling the Canvas API according to the preset plug-in. The screenshot area information of the first web page is determined according to the screenshot operation of the screenshot control in the preset plug-in, where the screenshot area information may include: the coordinate position of the starting point cursor, the coordinate position of the end cursor, and the width and height of the screenshot area; the preset It is assumed that the plug-in sends the screenshot area information to the canvas application through the canvas application interface; the preset plug-in receives the canvas application and generates a screenshot of the first web page based on the screenshot area information. Wherein, the canvas application can also encode the screenshot of the first web page using a encoding method based on 64 printable characters to represent binary data (Base64), and send the encoded screenshot of the first web page to the default plug-in .

在一个实施例中,所述步骤S302可以包括:通过光学字符识别(OCR,OpticalCharacter Recognition)识别所述第一网页的截图,获得所述第一网页的截图内的文字文本。在一个实施例中,所述步骤S302还可以包括:根据OCR接口识别所述第一网页的截图,获得所述第一网页的截图内的文字文本。In one embodiment, the step S302 may include: identifying the screenshot of the first web page through optical character recognition (OCR, OpticalCharacter Recognition), and obtaining the text in the screenshot of the first web page. In one embodiment, the step S302 may further include: identifying the screenshot of the first web page according to the OCR interface, and obtaining the text in the screenshot of the first web page.

这里,通过监听截图控件获得第一网页的截图,并通过第一网页的截图识别获得截图内的文字文本,在恶意网站将威胁信息放在图片中时,也可以检测到威胁信息并进行预警,提高了网页检测的准确性和安全性。Here, the screenshot of the first web page is obtained by monitoring the screenshot control, and the text in the screenshot is obtained through the screenshot recognition of the first web page. When a malicious website puts threat information in the picture, the threat information can also be detected and an early warning can be issued. Improved the accuracy and security of web page detection.

如图4所示,在一些实施例中,所述当监听到作用于第一网页的第一类操作事件时,获取所述第一网页上目标区域对应的目标文本包括:As shown in Figure 4, in some embodiments, when monitoring the first type of operation event acting on the first web page, obtaining the target text corresponding to the target area on the first web page includes:

步骤S401:当监听到作用于所述第一网页的第一类操作事件时,获取所述第一网页目标区域对应的备选文本;Step S401: When monitoring the first type of operation event acting on the first web page, obtain the alternative text corresponding to the target area of the first web page;

步骤S402:使用预设正则匹配表达式对所述备选文本进行匹配,获得与所述预设正则匹配表达式匹配成功的所述目标文本。Step S402: Use a preset regular matching expression to match the candidate text, and obtain the target text that successfully matches the preset regular matching expression.

在一个实施例中,所述第一网页目标区域对应的备选文本可以包括:根据所述光标悬浮事件、光标选中事件和/或根据截图控件的操作事件获得的文本。In one embodiment, the alternative text corresponding to the first web page target area may include: text obtained according to the cursor hover event, cursor selection event, and/or according to the operation event of the screenshot control.

在一个实施例中,所述正则表达式描述了一种字符串匹配的模式,可以用于检查一个字符串是否含有某种子串、将匹配的子串替换或从某个字符串中取出符合某个条件的子串等。In one embodiment, the regular expression describes a string matching pattern, which can be used to check whether a string contains a certain substring, replace the matching substring, or extract a certain string from a certain string. Substrings of conditions, etc.

这里,使用预设正则匹配表达式匹配所述备选文本获得的目标文本,设置正则匹配表达式可以筛选备选文本中更适合威胁检测分析的目标文本,相较于人工挑选目标文本进行检测,可以提高检测威胁信息的效率,获得的风险评估信息更准确。Here, a preset regular matching expression is used to match the target text obtained by matching the alternative text. Setting the regular matching expression can filter the target text in the alternative text that is more suitable for threat detection analysis. Compared with manually selecting the target text for detection, It can improve the efficiency of detecting threat information and obtain more accurate risk assessment information.

在一些实施例中,所述预设正则匹配表达式包括:In some embodiments, the preset regular matching expression includes:

域名正则匹配表达式,用于从所述备选文本中提取域名;Domain name regular matching expression, used to extract domain names from the alternative text;

互联网协议地址正则匹配表达式,用于从所述备选文本中提取互联网协议地址;Internet protocol address regular matching expression for extracting Internet protocol addresses from the alternative text;

邮箱地址正则匹配表达式,用于从所述备选文本中提取电子邮箱地址;Email address regular matching expression used to extract email addresses from the alternative text;

通信标识正则表达式,用于从所述备选文本中提取通信标识;Communication identification regular expression, used to extract communication identification from the alternative text;

文件哈希正则表达式,用于从所述备选文本中提取文件的哈希值。File hash regular expression used to extract the hash value of a file from said alternative text.

在一个实施例中,所述预设正则匹配表达式可以包括:域名正则匹配表达式、互联网协议地址正则匹配表达式、邮箱地址正则匹配表达式、通信标识正则表达式和/或文件哈希正则表达式等。In one embodiment, the preset regular matching expression may include: domain name regular matching expression, Internet protocol address regular matching expression, email address regular matching expression, communication identification regular expression and/or file hash regular expression. Expressions etc.

在一个实施例中,所述备选文本中的域名可以包括:第一网页的域名和/或第一网页文本中包含的域名。In one embodiment, the domain name in the alternative text may include: the domain name of the first web page and/or the domain name contained in the text of the first web page.

所述备选文本中的互联网协议地址(Internet Protocol Address)可以包括:第一网页的互联网协议地址或第一网页文本中包含的互联网协议地址。The Internet Protocol Address (Internet Protocol Address) in the alternative text may include: the Internet Protocol address of the first web page or the Internet Protocol address contained in the text of the first web page.

所述通信标识可以包括:标识用户通信信息的号码,如电话号码等。其中,所述电话号码可以包括:手机号码、固定电话号码、卫星电话号码和/或虚拟电话号码等。The communication identification may include: a number that identifies the user's communication information, such as a phone number, etc. The phone number may include: a mobile phone number, a fixed phone number, a satellite phone number and/or a virtual phone number, etc.

所述文件哈希可以包括:将文件根据哈希算法计算获得的哈希值,根据所述文件的哈希值可以加密文件或校验文件的完整性。The file hash may include: a hash value obtained by calculating the file according to a hash algorithm, and the file may be encrypted or the integrity of the file may be verified based on the hash value of the file.

在一些实施例中,所述方法还包括:In some embodiments, the method further includes:

确定所述预设插件是否登录过所述服务器;Determine whether the preset plug-in has logged in to the server;

在所述预设插件登录过所述服务器时,获取所述预设插件登录所述服务器后返回的认证令牌;When the preset plug-in logs in to the server, obtain the authentication token returned by the preset plug-in after logging in to the server;

所述通过所述预设插件将所述目标文本发送给服务器,包括:The sending the target text to the server through the preset plug-in includes:

根据所述认证令牌,通过所述预设插件将所述目标文本发送给所述服务器。According to the authentication token, the target text is sent to the server through the preset plug-in.

在一个实施例中,所述服务器可以包括威胁情报平台的服务器,在客户端通过所述威胁情报平台访问所述服务器。In one embodiment, the server may include a server of a threat intelligence platform, and the client accesses the server through the threat intelligence platform.

在一个实施例中,所述预设插件登录所述服务器后返回的认证令牌(token),所述认证令牌可以用于计算机登录系统临时身份认证。In one embodiment, the authentication token (token) returned by the preset plug-in after logging into the server can be used for temporary identity authentication of the computer login system.

在一个实施例中,所述根据所述认证令牌,通过所述预设插件将所述目标文本发送给服务器,可以包括:所述预设插件向服务器发送请求,请求中携带所述认证令牌与所述目标文本。其中,所述认证令牌可以携带在请求的请求头(header)中或请求的统一资源定位符(URL,Universal Resource Locator)的后面。In one embodiment, sending the target text to the server through the preset plug-in according to the authentication token may include: the preset plug-in sends a request to the server, and the request carries the authentication token. Card with the target text. The authentication token may be carried in a request header (header) of the request or behind a Universal Resource Locator (URL) of the request.

在一些实施例中,所述方法还包括:In some embodiments, the method further includes:

在所述预设插件未登录过所述服务器时,向所述服务器发送登录请求;When the preset plug-in has not logged into the server, send a login request to the server;

接收并存储所述服务器基于所述登录请求返回的所述认证令牌。Receive and store the authentication token returned by the server based on the login request.

在一个实施例中,在所述预设插件未登录过所述服务器时,向所述服务器发送登录请求,其中,登录请求可以包括用户登录身份信息;服务器根据所述用户登录身份信息生成认证令牌并返回所述认证令牌;所述预设插件接收并存储所述服务器基于所述登录请求返回的所述认证令牌。In one embodiment, when the preset plug-in has not logged into the server, a login request is sent to the server, where the login request may include user login identity information; the server generates an authentication token based on the user login identity information. and returns the authentication token; the preset plug-in receives and stores the authentication token returned by the server based on the login request.

在一个实施例中,所述网页客户端存储所述认证令牌可以包括:存储所述认证令牌在储存在用户本地终端上的数据(cookie)中或本地存储(localStorage)中。在一个实施例中,可以将所述认证令牌存储在域名对应的本地存储(localStorage)中。In one embodiment, the web client storing the authentication token may include: storing the authentication token in data (cookie) stored on the user's local terminal or in local storage (localStorage). In one embodiment, the authentication token can be stored in a local storage (localStorage) corresponding to the domain name.

在一个实施例中,所述预设插件和所述威胁情报平台之间可以设置单点登录。所述单点登录(SSO,Single Sign On)为在多个应用系统中,用户只要登录一次就可以访问所有相互信任的应用系统。在一个实施例中,预设插件与威胁情报平台之间单点登录的示意图如图7所示。In one embodiment, a single sign-on can be set up between the preset plug-in and the threat intelligence platform. The single sign-on (SSO, Single Sign On) means that in multiple application systems, users only need to log in once to access all mutually trusted application systems. In one embodiment, a schematic diagram of single sign-on between the preset plug-in and the threat intelligence platform is shown in Figure 7.

在一个实施例中,所述预设插件登录所述服务器的方法,还包括:在网页客户端的威胁情报平台向所述服务器发送登录请求;网页客户端接收并存储所述服务器基于所述登录请求返回的所述认证令牌;在所述预设插件未登录过所述服务器时,获取网页客户端存储的所述威胁情报平台登录所述服务器后返回的认证令牌;根据所述威胁情报平台登录所述服务器返回的认证令牌,通过所述预设插件将所述目标文本发送给所述服务器。In one embodiment, the method for the preset plug-in to log in to the server further includes: sending a login request to the server on the threat intelligence platform of the web client; and the web client receiving and storing the login request based on the server's request. The returned authentication token; when the preset plug-in has not logged into the server, obtain the authentication token returned by the threat intelligence platform stored in the web client after logging into the server; according to the threat intelligence platform Log in the authentication token returned by the server, and send the target text to the server through the preset plug-in.

这样,在威胁情报平台登录过所述服务器,所述预设插件未登录过所述服务器时,所述预设插件根据所述单点登录无需再次登录即可根据威胁情报平台登录服务器返回的认证令牌与所述服务器通信,提高了预设插件与服务器之间的通信效率,可以提高了预设插件获得风险评估信息的效率。In this way, when the threat intelligence platform has logged into the server but the preset plug-in has not logged into the server, the preset plug-in can log in to the server according to the authentication returned by the threat intelligence platform without logging in again according to the single sign-on. The token communicates with the server, which improves the communication efficiency between the preset plug-in and the server, and can improve the efficiency of the preset plug-in in obtaining risk assessment information.

在一个实施例中,在所述预设插件登录过所述服务器,所述威胁情报平台没有登录过所述服务器时,所述威胁情报平台可以根据存储的预设插件登录所述服务器返回的所述认证令牌。In one embodiment, when the preset plug-in has logged into the server and the threat intelligence platform has not logged into the server, the threat intelligence platform can log in all the information returned by the server according to the stored preset plug-in. Authentication token.

在一个实施例中,所述网页客户端可以包括:安装所述预设插件。在一个实施例中,所述网页客户端可以向服务器发送获取所述预设插件的请求,接收服务器返回的所述预设插件,安装所述服务器返回的预设插件。In one embodiment, the web client may include: installing the preset plug-in. In one embodiment, the web page client can send a request to obtain the default plug-in to the server, receive the default plug-in returned by the server, and install the default plug-in returned by the server.

如图5所示,本公开实施例提供一种信息安全检测方法,由服务器执行,所述方法包括:As shown in Figure 5, an embodiment of the present disclosure provides an information security detection method, which is executed by a server. The method includes:

步骤S501:接收网页客户端预设插件发送的目标文本;Step S501: Receive the target text sent by the default plug-in of the web client;

步骤S502:对所述目标文本进行威胁分析,获得风险评估信息;其中,所述风险评估信息用于:所述网页客户端的预设插件根据所述风险评估信息,输出风险提示信息;Step S502: Perform threat analysis on the target text to obtain risk assessment information; wherein the risk assessment information is used for: the default plug-in of the web client to output risk prompt information based on the risk assessment information;

步骤S503:将所述风险评估信息发送至客户端。Step S503: Send the risk assessment information to the client.

在一个实施例中,所述服务器可以包括用于威胁分析的服务器,所述服务器可以提供用户在客户端访问的威胁情报平台的页面。In one embodiment, the server may include a server for threat analysis, and the server may provide a page of the threat intelligence platform that the user accesses on the client.

在一个实施例中,所述服务器可以接收网页客户端预设插件发送的请求,所述请求中包括所述目标文本。In one embodiment, the server may receive a request sent by a preset plug-in of a web client, and the request includes the target text.

在一个实施例中,所述服务器可以包括威胁情报数据库。其中,所述威胁情报数据库用于存储威胁情报信息,所述威胁情报可以包括但不限于:威胁的标识信息,可以包括:恶意的IP地址、域名、电子邮箱、文件哈希值、程序运行路径和/或注册表项等;或,数据泄露、数据篡改、安全攻击、未授权的活动和/或恶意软件的安装运行等威胁活动的信息。In one embodiment, the server may include a threat intelligence database. Wherein, the threat intelligence database is used to store threat intelligence information. The threat intelligence may include but is not limited to: threat identification information, which may include: malicious IP address, domain name, email address, file hash value, and program running path. and/or registry keys, etc.; or, information on threatening activities such as data leakage, data tampering, security attacks, unauthorized activities and/or the installation and operation of malware.

在一个实施例中,所述步骤S502可以包括:服务器可以根据所述目标文本在威胁情报数据库中进行查询,确定所述目标文本中是否存在威胁情报信息;若所述目标文本中存在威胁情报信息,确定所述存在的威胁情报可能导致的风险类型与风险的等级;根据所述目标文本是否威胁信息、威胁信息文本、风险类型和/或风险等级生成风险评估信息。In one embodiment, step S502 may include: the server may query the threat intelligence database according to the target text to determine whether threat intelligence information exists in the target text; if threat intelligence information exists in the target text , determine the risk type and risk level that may be caused by the existing threat intelligence; generate risk assessment information according to whether the target text is threat information, threat information text, risk type and/or risk level.

在一个实施例中,所述方法还包括:接收客户端预设插件或威胁情报平台发送的登录请求;根据所述登录请求中用户登录身份信息,生成认证令牌;其中,所述认证令牌用于客户端登录中临时认证身份;将所述认证令牌返回客户端。In one embodiment, the method further includes: receiving a login request sent by a client preset plug-in or a threat intelligence platform; generating an authentication token based on the user login identity information in the login request; wherein the authentication token Used to temporarily authenticate identity in client login; return the authentication token to the client.

在一个实施例中,所述方法还包括:接收客户端预设插件发送的携带认证令牌与目标文本的请求;校验所述认证令牌;若所述认证令牌校验通过,对所述目标文本进行威胁分析,获得风险评估信息,并发送携带所述风险评估信息的响应至客户端;若所述认证令牌校验不通过,向客户端发送拒绝服务响应。In one embodiment, the method further includes: receiving a request carrying an authentication token and target text sent by the client's preset plug-in; verifying the authentication token; if the authentication token passes the verification, Perform threat analysis on the target text, obtain risk assessment information, and send a response carrying the risk assessment information to the client; if the authentication token fails to pass the verification, send a denial of service response to the client.

在一个实施例中,一种信息安全检测的流程可以如图8所示,所述步骤可以包括:In one embodiment, an information security detection process can be shown in Figure 8, and the steps can include:

步骤a、网页客户端的浏览器插件根据监听器监听用户作用于第一网页的第一类操作事件;其中所述步骤a可以包括:步骤a1、根据悬浮监听器监听光标悬浮事件;步骤a2、根据光标选中监听器监听光标选中事件;步骤a3、根据截图监听器监听截图控件的操作事件;Step a. The browser plug-in of the web client monitors the first type of operation event that the user acts on the first web page according to the listener; wherein said step a may include: step a1, monitoring the cursor hover event according to the hover listener; step a2. The cursor selection listener monitors the cursor selection event; step a3, monitor the operation event of the screenshot control according to the screenshot listener;

步骤b、当所述浏览器插件监听到作用于第一网页的第一类操作事件时,获取所述第一网页上目标区域对应的目标文本;其中,所述步骤b可以包括:Step b. When the browser plug-in monitors the first type of operation event acting on the first web page, obtain the target text corresponding to the target area on the first web page; wherein, the step b may include:

步骤b1、当监听到作用于第一网页的光标悬浮事件时,获取所述第一网页的光标悬浮对应的网页标签所包含的文本;Step b1: When a cursor hover event acting on the first web page is monitored, obtain the text contained in the web page tag corresponding to the cursor hover of the first web page;

步骤b2、当监听到作用于所述第一网页的光标选中事件时,获取所述光标选中的文本;Step b2: When the cursor selection event acting on the first web page is monitored, obtain the text selected by the cursor;

步骤b31、当监听到作用于所述第一网页上截图控件的操作事件时,获得所述第一网页的截图;Step b31: When an operation event acting on the screenshot control on the first web page is monitored, obtain a screenshot of the first web page;

步骤b32、根据所述第一网页的截图,通过光学字符识别OCR获得所述第一网页截图内的文本。Step b32: According to the screenshot of the first web page, obtain the text in the screenshot of the first web page through optical character recognition OCR.

步骤c、对所述获得的文本进行正则匹配,获得目标文本;其中,所述目标文本包括:域名、IP地址、邮箱地址、通信标识和文件哈希等;Step c. Perform regular matching on the obtained text to obtain the target text; wherein the target text includes: domain name, IP address, email address, communication identifier, file hash, etc.;

步骤d、浏览器插件将所述目标文本发送至服务器;Step d. The browser plug-in sends the target text to the server;

步骤e、服务器接收所述目标文本;Step e. The server receives the target text;

步骤f、服务器根据所述目标文本通过威胁情报库进行查询分析,获得风险评估信息,并将所述风险评估信息发送至浏览器插件;Step f. The server performs query and analysis through the threat intelligence database according to the target text, obtains risk assessment information, and sends the risk assessment information to the browser plug-in;

步骤g、浏览器插件接收所述风险评估信息,并根据所述风险评估信息输出风险提示信息。Step g. The browser plug-in receives the risk assessment information and outputs risk prompt information based on the risk assessment information.

如图9所示,本公开实施例提供一种信息安全检测装置,所述装置包括:As shown in Figure 9, an embodiment of the present disclosure provides an information security detection device, which includes:

获取模块10,用于:当监听作用于第一网页的第一类操作事件时,获取所述第一网页上目标区域对应的目标文本;其中,所述目标区域为所述第一类操作事件作用于所述第一网页的网页区域;The acquisition module 10 is configured to: when monitoring the first type of operation event acting on the first web page, obtain the target text corresponding to the target area on the first web page; wherein the target area is the first type of operation event. Acting on the web page area of the first web page;

发送模块20,用于:用于通过预设插件将所述目标文本发送给服务器;Sending module 20, configured to: send the target text to the server through a preset plug-in;

接收模块30,用于接收所述服务器返回的风险评估信息;The receiving module 30 is used to receive the risk assessment information returned by the server;

输出模块40,用于:根据所述风险评估信息,在基于作用于所述目标区域的第二类操作跳转到第二网页之前,输出风险提示信息。The output module 40 is configured to: according to the risk assessment information, before jumping to the second web page based on the second type of operation acting on the target area, output risk prompt information.

在一个实施例中,所述装置还包括:确定模块50和获得模块60;所述确定模块50,用于:当监听作用于第一网页的第一类操作事件时,根据所述第一类操作事件的事件信息,确定获取所述目标文本的目标方式;所述获得模块60,用于:根据所述目标方式,获得所述目标文本。In one embodiment, the device further includes: a determining module 50 and an obtaining module 60; the determining module 50 is configured to: when listening for a first type of operation event acting on the first web page, according to the first type The event information of the operation event is used to determine the target mode for obtaining the target text; the obtaining module 60 is used to: obtain the target text according to the target mode.

在一个实施例中,所述装置还包括:提取模块70;所述提取模块70,用于:当监听到作用于所述第一网页的光标悬浮事件或光标选中事件时,提取所述第一网页的光标悬浮对应的网页标签所包含的文本或所述光标选中的文本。In one embodiment, the device further includes: an extraction module 70; the extraction module 70 is configured to: when a cursor hover event or a cursor selection event acting on the first web page is monitored, extract the first The text contained in the web page tag corresponding to the cursor hovering on the web page or the text selected by the cursor.

在一个实施例中,所述获取模块10还用于:当监听到作用于所述第一网页上截图控件的操作事件时,获取所述第一网页的截图;所述获得模块60,还用于:根据所述第一网页的截图,识别获得所述第一网页的截图内的文本。In one embodiment, the acquisition module 10 is also configured to: acquire a screenshot of the first web page when an operation event acting on the screenshot control on the first web page is monitored; the acquisition module 60 is also configured to: Yu: according to the screenshot of the first web page, identify and obtain the text in the screenshot of the first web page.

在一个实施例中,所述获取模块10还用于:当监听到作用于所述第一网页的第一类操作事件时,获取所述第一网页目标区域对应的备选文本;所述获得模块60,还用于:使用预设正则匹配表达式对所述备选文本进行匹配,获得与所述预设正则匹配表达式匹配成功的所述目标文本。In one embodiment, the acquisition module 10 is further configured to: when monitoring a first type of operation event acting on the first web page, acquire the alternative text corresponding to the target area of the first web page; the obtaining Module 60 is further configured to: use a preset regular matching expression to match the candidate text, and obtain the target text that successfully matches the preset regular matching expression.

在一个实施例中,所述确定模块50,还用于:确定所述预设插件是否登录过所述服务器;所述获取模块10,还用于:在所述预设插件登录过所述服务器时,获取所述预设插件登录所述服务器后返回认证令牌;所述发送模块20,还用于:根据所述认证令牌,通过所述预设插件将所述目标文本发送给所述服务器。In one embodiment, the determination module 50 is also used to determine whether the preset plug-in has logged into the server; the acquisition module 10 is also used to determine whether the preset plug-in has logged into the server. When, obtain the preset plug-in and log in to the server and return an authentication token; the sending module 20 is also used to: send the target text to the preset plug-in according to the authentication token. server.

在一个实施例中,所述发送模块20,还用于在所述预设插件未登录过所述服务器时,向所述服务器发送所述登录请求;所述接收模块30,还用于接收并存储所述服务器基于所述登录请求返回的所述认证令牌。In one embodiment, the sending module 20 is also configured to send the login request to the server when the preset plug-in has not logged in to the server; the receiving module 30 is also configured to receive and Store the authentication token returned by the server based on the login request.

如图10所示,本公开实施例提供一种信息安全检测装置,所述装置包括:As shown in Figure 10, an embodiment of the present disclosure provides an information security detection device, which includes:

接收模块110,用于接收网页客户端预设插件发送的目标文本;The receiving module 110 is used to receive the target text sent by the default plug-in of the web client;

获得模块120,用于:对所述目标文本进行威胁分析,获得风险评估信息;其中,所述风险评估信息用于:所述网页客户端的预设插件根据所述风险评估信息,输出风险提示信息;Obtain module 120, configured to perform threat analysis on the target text and obtain risk assessment information; wherein the risk assessment information is used for: the default plug-in of the web client to output risk prompt information based on the risk assessment information. ;

发送模块130,用于将所述风险评估信息发送至客户端。The sending module 130 is used to send the risk assessment information to the client.

需要说明的是,本领域内技术人员可以理解,本公开实施例提供的方法,可以被单独执行,也可以与本公开实施例中一些方法或相关技术中的一些方法一起被执行。It should be noted that those skilled in the art can understand that the methods provided in the embodiments of the present disclosure can be executed alone or together with some methods in the embodiments of the present disclosure or some methods in related technologies.

本公开实施例还提供一种电子设备,所述电子设备包括:处理器和用于存储能够在处理器上运行的计算机程序的存储器,处理器运行所述计算机程序时,执行前述一个或多个技术方案所述方法的步骤。An embodiment of the present disclosure also provides an electronic device. The electronic device includes: a processor and a memory for storing a computer program that can be run on the processor. When the processor runs the computer program, it executes one or more of the foregoing The steps of the method described in the technical solution.

本公开实施例还提供一种计算机可读存储介质,所述计算机可读存储介质存储有计算机可执行指令,计算机可执行指令被处理器执行后,能够实现前述一个或多个技术方案所述方法。Embodiments of the present disclosure also provide a computer-readable storage medium that stores computer-executable instructions. After the computer-executable instructions are executed by the processor, the method described in one or more of the foregoing technical solutions can be implemented. .

本实施例提供的计算机存储介质可为非瞬间存储介质。在本申请所提供的几个实施例中,应该理解到,所揭露的设备和方法,可以通过其它的方式实现。以上所描述的设备实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,如:多个单元或组件可以结合,或可以集成到另一个系统,或一些特征可以忽略,或不执行。另外,所显示或讨论的各组成部分相互之间的耦合、或直接耦合、或通信连接可以是通过一些接口,设备或单元的间接耦合或通信连接,可以是电性的、机械的或其它形式的。The computer storage medium provided in this embodiment may be a non-transient storage medium. In the several embodiments provided in this application, it should be understood that the disclosed devices and methods can be implemented in other ways. The device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods, such as: multiple units or components may be combined, or can be integrated into another system, or some features can be ignored, or not implemented. In addition, the coupling, direct coupling, or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection of the devices or units may be electrical, mechanical, or other forms. of.

上述作为分离部件说明的单元可以是、或也可以不是物理上分开的,作为单元显示的部件可以是、或也可以不是物理单元,即可以位于一个地方,也可以分布到多个网络单元上;可以根据实际的需要选择其中的部分或全部单元来实现本实施例方案的目的。The units described above as separate components may or may not be physically separated. The components shown as units may or may not be physical units, that is, they may be located in one place or distributed to multiple network units; Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

另外,在本公开各实施例中的各功能单元可以全部集成在一个处理模块中,也可以是各单元分别单独作为一个单元,也可以两个或两个以上单元集成在一个单元中;上述集成的单元既可以采用硬件的形式实现,也可以采用硬件加软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present disclosure can be all integrated into one processing module, or each unit can be separately used as a unit, or two or more units can be integrated into one unit; the above-mentioned integration The unit can be implemented in the form of hardware or in the form of hardware plus software functional units.

在一些情况下,上述任一两个技术特征不冲突的情况下,可以组合成新的方法技术方案。In some cases, if any two of the above technical features do not conflict, they can be combined into a new method and technical solution.

在一些情况下,上述任一两个技术特征不冲突的情况下,可以组合成新的设备技术方案。In some cases, if any two of the above technical features do not conflict, they can be combined into a new equipment technical solution.

本领域普通技术人员可以理解:实现上述方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成,前述的程序可以存储于一计算机可读取存储介质中,该程序在执行时,执行包括上述方法实施例的步骤;而前述的存储介质包括:移动存储设备、只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。Those of ordinary skill in the art can understand that all or part of the steps to implement the above method embodiments can be completed by hardware related to program instructions. The aforementioned program can be stored in a computer-readable storage medium. When the program is executed, It includes the steps of the above method embodiment; and the aforementioned storage media includes: mobile storage devices, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disks or optical disks, etc. A medium on which program code can be stored.

以上所述,仅为本公开的具体实施方式,但本公开的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本公开揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本公开的保护范围之内。因此,本公开的保护范围应以所述权利要求的保护范围为准。The above are only specific embodiments of the present disclosure, but the protection scope of the present disclosure is not limited thereto. Any person familiar with the technical field can easily think of changes or substitutions within the technical scope disclosed in the present disclosure. should be covered by the protection scope of this disclosure. Therefore, the protection scope of the present disclosure should be subject to the protection scope of the claims.

Claims (12)

1. An information security detection method, which is executed by a web client including a preset plugin, the method comprising:
when monitoring a first type of operation event acting on a first webpage, acquiring a target text corresponding to a target area on the first webpage; the target area is a webpage area of the first webpage acted by the first type of operation event;
the target text is sent to a server through the preset plug-in;
receiving risk assessment information returned by the server;
and according to the risk assessment information, outputting risk prompt information before skipping to a second webpage based on a second type of operation acting on the target area.
2. The method of claim 1, wherein the obtaining the target text corresponding to the target area on the first web page when monitoring the first type of operation event acting on the first web page comprises:
When monitoring a first type of operation event acting on a first webpage, determining a target mode for acquiring the target text according to event information of the first type of operation event;
and obtaining the target text according to the target mode.
3. The method according to claim 2, wherein determining, when monitoring a first type of operation event acting on a first web page, a target manner of acquiring the target text according to event information of the first type of operation event includes:
when a cursor suspension event or a cursor selection event acting on the first webpage is monitored, extracting a text or a cursor selected text contained in a webpage label corresponding to the cursor suspension of the first webpage.
4. The method according to claim 2, wherein determining, when monitoring a first type of operation event acting on a first web page, a target manner of acquiring the target text according to event information of the first type of operation event includes:
when an operation event acting on a screenshot control on the first webpage is monitored, acquiring a screenshot of the first webpage;
and identifying and obtaining texts in the screenshot of the first webpage according to the screenshot of the first webpage.
5. The method of claim 1, wherein when a first type of operation event acting on a first web page is monitored, the obtaining target text corresponding to a target area on the first web page comprises:
when a first type of operation event acting on the first webpage is monitored, acquiring an alternative text corresponding to a target area of the first webpage;
and matching the candidate text by using a preset regular matching expression to obtain the target text successfully matched with the preset regular matching expression.
6. The method of claim 5, wherein the pre-set regular matching expression comprises:
the regular matching expression of the domain name is used for extracting the domain name from the candidate text;
an internet protocol address regular matching expression for extracting an internet protocol address from the candidate text;
the mailbox address regular matching expression is used for extracting an email address from the alternative text;
the communication identification regular expression is used for extracting a communication identification from the candidate text;
and the file hash regular expression is used for extracting hash values of the files from the candidate texts.
7. The method according to claim 1, wherein the method further comprises:
Determining whether the preset plug-in is logged in the server;
when the preset plugin logs in the server, acquiring an authentication token returned after the preset plugin logs in the server;
the sending the target text to a server through the preset plug-in comprises the following steps:
and according to the authentication token, the target text is sent to the server through the preset plug-in.
8. A method of message security detection performed by a server, the method comprising:
receiving a target text sent by a preset plug-in of a webpage client;
threat analysis is carried out on the target text, and risk assessment information is obtained; wherein the risk assessment information is for: the preset plug-in of the webpage client outputs risk prompt information according to the risk assessment information;
and sending the risk assessment information to a client.
9. An information security detection device, the device comprising:
the acquisition module is used for acquiring a target text corresponding to a target area on a first webpage when monitoring a first type of operation event acted on the first webpage; the target area is a webpage area where the first type of operation event acts on the first webpage;
The sending module is used for sending the target text to a server through a preset plug-in;
the receiving module is used for receiving the risk assessment information returned by the server;
and the output module is used for outputting risk prompt information before jumping to a second webpage based on the second type of operation acting on the target area according to the risk assessment information.
10. An information security detection device, the device comprising:
the receiving module is used for receiving a target text sent by a webpage client preset plug-in;
the obtaining module is used for carrying out threat analysis on the target text to obtain risk assessment information; wherein the risk assessment information is for: the preset plug-in of the webpage client outputs risk prompt information according to the risk assessment information;
and the sending module is used for sending the risk assessment information to the client.
11. An electronic device, the electronic device comprising: a processor and a memory for storing a computer program capable of running on the processor, wherein the processor, when running the computer program, performs the steps of the information security detection method of any of claims 1 to 8.
12. A computer-readable storage medium, wherein the computer-readable storage medium stores computer-executable instructions; the computer executable instructions, when executed by a processor, enable the information security detection method of any one of claims 1 to 8.
CN202211397872.7A 2022-11-09 2022-11-09 Information security detection methods, devices, electronic equipment and storage media Pending CN116910751A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211397872.7A CN116910751A (en) 2022-11-09 2022-11-09 Information security detection methods, devices, electronic equipment and storage media

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211397872.7A CN116910751A (en) 2022-11-09 2022-11-09 Information security detection methods, devices, electronic equipment and storage media

Publications (1)

Publication Number Publication Date
CN116910751A true CN116910751A (en) 2023-10-20

Family

ID=88363439

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211397872.7A Pending CN116910751A (en) 2022-11-09 2022-11-09 Information security detection methods, devices, electronic equipment and storage media

Country Status (1)

Country Link
CN (1) CN116910751A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119921970A (en) * 2023-10-31 2025-05-02 微兹公司 Techniques and methods to detect and display cybersecurity risk context in cloud environments

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119921970A (en) * 2023-10-31 2025-05-02 微兹公司 Techniques and methods to detect and display cybersecurity risk context in cloud environments

Similar Documents

Publication Publication Date Title
JP7528166B2 (en) System and method for direct in-browser markup of elements in internet content - Patents.com
RU2637477C1 (en) System and method for detecting phishing web pages
CN107918733B (en) System and method for detecting malicious elements of web page
CN102254111B (en) Malicious site detection method and device
CN109768992B (en) Webpage malicious scanning processing method and device, terminal device and readable storage medium
CN111401416A (en) Abnormal website identification method and device and abnormal countermeasure identification method
CN112703496B (en) Notification about content-based policy targeting of app users by malicious browser plug-ins
CN113014549B (en) HTTP-based malicious traffic classification method and related equipment
CN102984121A (en) Access monitoring method and information processing apparatus
CN110417718B (en) Method, device, equipment and storage medium for processing risk data in website
CN110888838A (en) Object storage based request processing method, device, equipment and storage medium
CN107370719B (en) Abnormal login identification method, device and system
US20210344661A1 (en) System and method for detecting unauthorized activity at an electronic device
CN108270754B (en) Method and device for detecting phishing website
CN103647767A (en) Website information display method and apparatus
CN113469866A (en) Data processing method and device and server
CN113992390A (en) Method and device for detecting phishing website, and storage medium
CN119921970A (en) Techniques and methods to detect and display cybersecurity risk context in cloud environments
CN105404816A (en) Content-based vulnerability detection method and device
Qu Research on password detection technology of iot equipment based on wide area network
US8418058B2 (en) Graphical indication of signed content
RU2762241C2 (en) System and method for detecting fraudulent activities during user interaction with banking services
CN112528286A (en) Terminal device security detection method, associated device and computer program product
CN116910751A (en) Information security detection methods, devices, electronic equipment and storage media
JP2022007278A (en) Signature generation device, detection device, signature generation program, and detection program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination