[go: up one dir, main page]

CN111314291A - Website security detection method and device, storage medium - Google Patents

Website security detection method and device, storage medium Download PDF

Info

Publication number
CN111314291A
CN111314291A CN202010041463.8A CN202010041463A CN111314291A CN 111314291 A CN111314291 A CN 111314291A CN 202010041463 A CN202010041463 A CN 202010041463A CN 111314291 A CN111314291 A CN 111314291A
Authority
CN
China
Prior art keywords
detection result
security
result
website
target website
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010041463.8A
Other languages
Chinese (zh)
Inventor
顾泽宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xiaomi Mobile Software Co Ltd
Original Assignee
Beijing Xiaomi Mobile Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Xiaomi Mobile Software Co Ltd filed Critical Beijing Xiaomi Mobile Software Co Ltd
Priority to CN202010041463.8A priority Critical patent/CN111314291A/en
Publication of CN111314291A publication Critical patent/CN111314291A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)

Abstract

The disclosure relates to a website security detection method and device and a storage medium. The website security detection method may include: detecting a target website by using a positive sample model to obtain a first detection result; detecting the target website by using the negative sample model to obtain a second detection result; and determining the security detection result of the target website according to the first detection result and the second detection result. In the embodiment of the application, the target website is detected by simultaneously adopting the positive sample model and the negative sample model, and then the detection results of the two models are integrated to comprehensively determine the security of the target website. Compared with the detection result of detecting the target website by a single model, the method has the problems of poor detection accuracy and the like caused by unrepeated coverage scenes, and improves the detection accuracy of the target website.

Description

网址安全性检测方法及装置、存储介质Website security detection method and device, storage medium

技术领域technical field

本公开涉及信息技术领域,尤其涉及一种网址安全性检测方法及装置、存储介质。The present disclosure relates to the field of information technology, and in particular, to a method and device for detecting the security of a website, and a storage medium.

背景技术Background technique

针对日益严峻的网络安全形势,网络安全性的提高越来越急迫。在现有技术的会利用各种模型进行网址的安全性检测。但是有的时候,进行模型训练之前需要收集样数据集。但是现实网络环境中,攻击方式多样,样本数据集难以覆盖到所有的恶意网址。在现在存在一种攻击为零日攻击又叫零时差攻击,是指被发现后立即被恶意利用的安全漏洞。通俗地讲,即安全补丁与瑕疵曝光的同一日内,相关的恶意程序就出现。这种攻击往往具有很大的突发性与破坏性。这使得相关技术中网址检测安全性总是存在漏洞或者精确度差的现象。In view of the increasingly severe network security situation, the improvement of network security is more and more urgent. In the prior art, various models are used to perform web site security detection. But sometimes, a sample dataset needs to be collected before model training. However, in the real network environment, there are various attack methods, and it is difficult for the sample data set to cover all malicious URLs. At present, there is a zero-day attack, also known as a zero-day attack, which refers to a security vulnerability that is maliciously exploited immediately after being discovered. In layman's terms, that is, within the same day that security patches and flaws are exposed, related malicious programs appear. Such attacks are often very sudden and destructive. As a result, there are always loopholes or poor accuracy in URL detection security in the related art.

发明内容SUMMARY OF THE INVENTION

本公开提供一种一种网址安全性检测方法及装置、存储介质。The present disclosure provides a web site security detection method and device, and a storage medium.

本申请实施例第一方面提供一种网址安全性检测方法,包括:A first aspect of the embodiments of the present application provides a method for detecting website security, including:

利用正样本模型对目标网址进行检测,得到第一检测结果;Use the positive sample model to detect the target website to obtain the first detection result;

利用负样本模型对目标网址进行检测,得到第二检测结果;Use the negative sample model to detect the target website to obtain a second detection result;

根据所述第一检测结果和所述第二检测结果,确定所述目标网址的安全性检测结果。According to the first detection result and the second detection result, the security detection result of the target website is determined.

基于上述方案,所述根据所述第一检测结果和所述第二检测结果,确定所述目标网址的安全性检测结果,包括:Based on the above solution, determining the security detection result of the target website according to the first detection result and the second detection result includes:

根据悲观合并算法,合并所述第一检测结果和所述第二检测结果得到所述目标网址的安全性检测结果。According to the pessimistic merging algorithm, the first detection result and the second detection result are combined to obtain the security detection result of the target website.

基于上述方案,所述第一检测结果及所述第二检测结果包含N个指示值中任意一个;其中,不同的指示值指示的所述目标网址的安全性不同;所述N为等于或大于2的正整数;Based on the above solution, the first detection result and the second detection result include any one of N indication values; wherein, the security of the target website indicated by different indication values is different; the N is equal to or greater than a positive integer of 2;

所述根据悲观合并算法,合并所述第一检测结果和所述第二检测结果得到所述目标网址的安全性检测结果,包括:Described according to the pessimistic merging algorithm, merging the first detection result and the second detection result to obtain the security detection result of the target website, including:

当指示安全网址的所述指示值小于指示风险网址的指示值时,按照所述悲观合并算法,根据所述第一检测结果所包含指示值和所述第二检测结果所包含的指示值的最大值,确定为所述目标网址的安全性检测结果;When the indication value indicating the safe website is smaller than the indication value indicating the risk website, according to the pessimistic combining algorithm, according to the maximum value of the indication value included in the first detection result and the indication value included in the second detection result value, which is determined as the security detection result of the target URL;

或者,or,

当指示安全网址的所述指示值大于指示风险网址的指示值时,按照所述悲观合并算法,根据所述第一检测结果所包含指示值和所述第二检测结果所包含的指示值的最小值,确定为所述目标网址的安全性检测结果。When the indication value indicating the safe website is greater than the indication value indicating the risky website, according to the pessimistic combining algorithm, according to the minimum value of the indication value contained in the first detection result and the indication value contained in the second detection result value, which is determined as the security detection result of the target URL.

基于上述方案,所述根据悲观合并算法,合并所述第一检测结果和所述第二检测结果得到所述目标网址的安全性检测结果,包括以下至少之一:Based on the above scheme, according to the pessimistic merging algorithm, the first detection result and the second detection result are combined to obtain the security detection result of the target website, including at least one of the following:

根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中均为安全结果时,确定所述目标网址的所述安全性检测结果为安全结果;According to the pessimistic merging algorithm, when both the first detection result and the second detection result are security results, determine that the security detection result of the target website is a security result;

根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中至少一个为风险结果时,确定所述目标网址的所述安全性检测结果为风险结果;According to the pessimistic merging algorithm, when at least one of the first detection result and the second detection result is a risk result, determine that the security detection result of the target website is a risk result;

根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中一个为安全结果且另一个为未知结果时,确定所述目标网址的所述安全性检测结果为未知结果;According to the pessimistic merging algorithm, when one of the first detection result and the second detection result is a security result and the other is an unknown result, it is determined that the security detection result of the target website is an unknown result;

根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中一个为安全结果且另一个为疑似风险结果时,确定所述目标网址的所述安全性检测结果为疑似风险结果;According to the pessimistic merging algorithm, when one of the first detection result and the second detection result is a security result and the other is a suspected risk result, it is determined that the security detection result of the target website is a suspected risk result;

根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中一个为未知结果且另一个为疑似风险结果时,确定所述目标网址的所述安全性检测结果为疑似风险结果。According to the pessimistic merging algorithm, when one of the first detection result and the second detection result is an unknown result and the other is a suspected risk result, it is determined that the security detection result of the target website is a suspected risk result.

基于上述方案,所述正样本模型为逻辑回归模型;和/或,所述负样本模型为支持向量机SVM。Based on the above solution, the positive sample model is a logistic regression model; and/or the negative sample model is a support vector machine SVM.

本申请实施例第二方面提供一种网址安全性检测装置,包括:A second aspect of the embodiments of the present application provides a website security detection device, including:

第一检测模块,被配置为利用正样本模型对目标网址进行检测,得到第一检测结果;a first detection module, configured to use the positive sample model to detect the target website to obtain a first detection result;

第二检测模块,被配置为利用负样本模型对目标网址进行检测,得到第二检测结果;The second detection module is configured to use the negative sample model to detect the target website to obtain a second detection result;

确定模块,被配置为根据所述第一检测结果和所述第二检测结果,确定所述目标网址的安全性检测结果。A determination module configured to determine the security detection result of the target website according to the first detection result and the second detection result.

基于上述方案,所述确定模块,被配置为根据悲观合并算法,合并所述第一检测结果和所述第二检测结果得到所述目标网址的安全性检测结果。Based on the above solution, the determining module is configured to combine the first detection result and the second detection result according to a pessimistic combination algorithm to obtain a security detection result of the target website.

基于上述方案,所述第一检测结果及所述第二检测结果包含N个指示值中任意一个;其中,不同的指示值指示的所述目标网址的安全性不同;所述N为等于或大于2的正整数;Based on the above solution, the first detection result and the second detection result include any one of N indication values; wherein, the security of the target website indicated by different indication values is different; the N is equal to or greater than a positive integer of 2;

所述确定模块,被配置为当指示安全网址的所述指示值小于指示风险网址的指示值时,按照所述悲观合并算法,根据所述第一检测结果所包含指示值和所述第二检测结果所包含的指示值的最大值,确定为所述目标网址的安全性检测结果;或者,当指示安全网址的所述指示值大于指示风险网址的指示值时,按照所述悲观合并算法,根据所述第一检测结果所包含指示值和所述第二检测结果所包含的指示值的最小值,确定为所述目标网址的安全性检测结果。The determining module is configured to, according to the pessimistic merging algorithm, according to the pessimistic merging algorithm, according to the indication value contained in the first detection result and the second detection value when the indication value indicating the safe website is less than the indication value indicating the risk website The maximum value of the indicated value included in the result is determined as the security detection result of the target website; or, when the indicated value indicating the safe website is greater than the indicated value indicating the risky website, according to the pessimistic merging algorithm, according to The minimum value of the indication value included in the first detection result and the indication value included in the second detection result is determined as the security detection result of the target website.

基于上述方案,所述确定模块,用于执行以下至少之一:Based on the above solution, the determining module is configured to execute at least one of the following:

根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中均为安全结果时,确定所述目标网址的所述安全性检测结果为安全结果;According to the pessimistic merging algorithm, when both the first detection result and the second detection result are security results, determine that the security detection result of the target website is a security result;

根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中至少一个为风险结果时,确定所述目标网址的所述安全性检测结果为风险结果;According to the pessimistic merging algorithm, when at least one of the first detection result and the second detection result is a risk result, determine that the security detection result of the target website is a risk result;

根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中一个为安全结果且另一个为未知结果时,确定所述目标网址的所述安全性检测结果为未知结果;According to the pessimistic merging algorithm, when one of the first detection result and the second detection result is a security result and the other is an unknown result, it is determined that the security detection result of the target website is an unknown result;

根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中一个为安全结果且另一个为疑似风险结果时,确定所述目标网址的所述安全性检测结果为疑似风险结果;According to the pessimistic merging algorithm, when one of the first detection result and the second detection result is a security result and the other is a suspected risk result, it is determined that the security detection result of the target website is a suspected risk result;

根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中一个为未知结果且另一个为疑似风险结果时,确定所述目标网址的所述安全性检测结果为疑似风险结果。According to the pessimistic merging algorithm, when one of the first detection result and the second detection result is an unknown result and the other is a suspected risk result, it is determined that the security detection result of the target website is a suspected risk result.

基于上述方案,所述正样本模型为逻辑回归模型;和/或,所述负样本模型为支持向量机SVM。Based on the above solution, the positive sample model is a logistic regression model; and/or the negative sample model is a support vector machine SVM.

本申请实施例第三方面提供一种网址安全性检测装置,包括处理器、存储器及存储在存储器上并能够有所述处理器运行的可执行程序,所述处理器运行所述可执行程序时执行如前述第一方面任意技术方案提供的网址安全性检测方法的步骤。A third aspect of an embodiment of the present application provides an apparatus for detecting website security, including a processor, a memory, and an executable program stored on the memory and capable of being run by the processor, when the processor runs the executable program Perform the steps of the website security detection method provided by any technical solution of the foregoing first aspect.

本申请实施例第三方面提供一种存储介质,其上存储由可执行程序,所述可执行程序被处理器执行时实现如前述第一方面任意技术方案提供的网址安全性检测方法的步骤。A third aspect of the embodiments of the present application provides a storage medium on which an executable program is stored, and when the executable program is executed by a processor, implements the steps of the website security detection method provided by any technical solution of the foregoing first aspect.

本公开的实施例提供的技术方案可以包括以下有益效果:在本申请实施例中,会同时采用正样本模型和负样本模型对目标网址进行检测,然后综合两个模型的检测结果,综合确定目标网址的安全性。相对于单一模型检测目标网址的检测结果,存在这个覆盖场景不重复导致的检测准确度差等问题,提高了目标网址的检测精确性、且提升了检测速率。The technical solutions provided by the embodiments of the present disclosure may include the following beneficial effects: In the embodiments of the present application, the positive sample model and the negative sample model are used to detect the target website at the same time, and then the detection results of the two models are combined to comprehensively determine the target. URL security. Compared with the detection result of the target URL detected by a single model, there are problems such as poor detection accuracy caused by the non-repetition of the coverage scene, which improves the detection accuracy of the target URL and improves the detection rate.

应当理解的是,以上的一般描述和后文的细节描述仅是示例性和解释性的,并不能限制本公开。It is to be understood that the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the present disclosure.

附图说明Description of drawings

此处的附图被并入说明书中并构成本说明书的一部分,示出了符合本发明的实施例,并与说明书一起用于解释本发明的原理。The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description serve to explain the principles of the invention.

图1是根据一示例性实施例示出的一种网址安全性检测方法的流程图。Fig. 1 is a flow chart of a method for detecting web site security according to an exemplary embodiment.

图2是根据一示例性实施例示出的一种网址安全性检测方法的流程图。Fig. 2 is a flow chart of a method for detecting web site security according to an exemplary embodiment.

图3是根据一示例性实施例示出的一种网址安全性检测装置的结构框图。FIG. 3 is a structural block diagram of an apparatus for detecting website security according to an exemplary embodiment.

图4是根据一示例性实施例示出的一种网址安全性检测装置的结构框图。FIG. 4 is a structural block diagram of a website security detection apparatus according to an exemplary embodiment.

具体实施方式Detailed ways

这里将详细地对示例性实施例进行说明,其示例表示在附图中。下面的描述涉及附图时,除非另有表示,不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本发明相一致的所有实施方式。相反,它们仅是与如所附权利要求书中所详述的、本发明的一些方面相一致的装置和方法的例子。Exemplary embodiments will be described in detail herein, examples of which are illustrated in the accompanying drawings. Where the following description refers to the drawings, the same numerals in different drawings refer to the same or similar elements unless otherwise indicated. The implementations described in the illustrative examples below are not intended to represent all implementations consistent with the present invention. Rather, they are merely examples of apparatus and methods consistent with some aspects of the invention as recited in the appended claims.

如图1所示,本实施例提供一种网址安全性检测方法,包括:As shown in FIG. 1 , this embodiment provides a method for detecting website security, including:

S11:利用正样本模型对目标网址进行检测,得到第一检测结果;S11: use the positive sample model to detect the target website to obtain a first detection result;

S12:利用负样本模型对目标网址进行检测,得到第二检测结果;S12: Use the negative sample model to detect the target website to obtain a second detection result;

S13:根据所述第一检测结果和所述第二检测结果,确定所述目标网址的安全性检测结果。S13: Determine the security detection result of the target website according to the first detection result and the second detection result.

该网址安全性检测方法可以应用于终端中或者服务器中。例如,终端在发送一个携带有目标网址的访问请求之前,可以利用该方法进行网址的安全性检测。也可以,将该网址发送给服务器,供服务器进行该网址的安全性检测。The website security detection method can be applied to a terminal or a server. For example, before sending an access request carrying a target website, the terminal can use this method to perform security detection on the website. Alternatively, the web address may be sent to the server for the server to perform security detection of the web address.

在本申请实施例中,在进行目标网址的安全性检测时,同时利用两个模型分别对目标网址进行检测。此处的目标网址可包括:各种类型的统一资源地址(Uniform ResourceLocator,URL)。In the embodiment of the present application, when the security detection of the target website is performed, two models are simultaneously used to detect the target website respectively. The target web address here may include: various types of uniform resource addresses (Uniform ResourceLocator, URL).

正样本模型和负样本模型是相互对立的两个模型,例如,正样本模型和负样本模型为相互独立的机器学习模型或深度学习模型。The positive sample model and the negative sample model are two models that are opposed to each other. For example, the positive sample model and the negative sample model are independent machine learning models or deep learning models.

正样本模型为使用安全网址训练得到的模型。负样本模型为使用不安全的网址训练得到的模型。Positive sample models are models trained using secure URLs. Negative sample models are models trained using unsafe URLs.

在本申请实施例,所述正样本模型和所述负样本模型可具有相同或不同的模型结构。In this embodiment of the present application, the positive sample model and the negative sample model may have the same or different model structures.

在一些实施例中,所述正样本模型和负样本模型采用不同的模型结构,从而利用不同模型结果分别凸显正样本的特点和负样本的特点,确保正样本模型和负样本模型各自对目标网址是否是安全网址的检测结果判断的精确性。例如,正样本模型可为逻辑回归模型,而负样本模型可为(Support Vector Machine,SVM)。当然所述正样本模型和负样本模型还可以为包含卷积层数或者卷积层内所包含节点数不同对了卷积神经网络等。具体实现时,所述正样本模型和负样本模型不局限于上述举例的模型结构。In some embodiments, the positive sample model and the negative sample model adopt different model structures, so that the characteristics of the positive sample and the characteristics of the negative sample are respectively highlighted by using the results of the different models, so as to ensure that the positive sample model and the negative sample model are respectively responsible for the target website. Whether it is the accuracy of the detection result of the safe website. For example, the positive sample model can be a logistic regression model, and the negative sample model can be (Support Vector Machine, SVM). Of course, the positive sample model and the negative sample model may also be a convolutional neural network including the number of convolution layers or the number of nodes included in the convolution layers are different. During specific implementation, the positive sample model and the negative sample model are not limited to the model structures exemplified above.

在一些实施例中,正样本模型可以根据安全网址与目标网址之间的相似性,确定出目标网址是否是安全网址,或者,为安全网址的概率等。为安全网址的概率性越低,则为风险网址的概率越高。此处的风险网址可为各种恶意网址。此处的风险网址包括但不限于以下至少之一:In some embodiments, the positive sample model can determine whether the target website is a safe website, or the probability of being a safe website, according to the similarity between the safe website and the target website. The lower the probability of being a safe URL, the higher the probability of being a risky URL. Risky URLs here can be of various malicious URLs. Risky URLs here include, but are not limited to, at least one of the following:

涉嫌社工欺诈的网址;URLs suspected of social worker fraud;

涉嫌信息诈骗的网址;Websites suspected of information fraud;

涉嫌虚假销售的网址;Websites suspected of false sales;

包含有恶意文件的网址;URLs containing malicious files;

非法博彩网站的网址;URLs of illegal gambling sites;

色情网站的网址。URL of porn site.

在另一些实施例中,正样本模型可以根据风险网址与目标网址之间的相似性,确定出目标网址是否是风险网址,或者,为风险网址的概率等。In other embodiments, the positive sample model can determine whether the target website is a risky website, or the probability of being a risky website, according to the similarity between the risky website and the target website.

在一些实施例中,正样本模型对安全网址的灵敏度可比负样本模型的灵敏度高一些,而负样本模型对不安全网址(风险网址)的灵敏度比正样本模型的灵敏度高一些。In some embodiments, the sensitivity of the positive sample model to safe websites may be higher than the sensitivity of the negative sample model, and the sensitivity of the negative sample model to unsafe websites (risky websites) is higher than the sensitivity of the positive sample model.

在一些实施例中,所述S11和所述S12可以同步执行。在有些实施例中,可以先执行S11,然后再执行S12。若在S11中得到的目标网址为安全网址的第一检测结果,才进行S12,如此,可以减少S12的执行,降低不必要的计算,提升目标网址的安全性检测的输出速率。此时,可以单独根据S11的第一检测结果确定目标网址最终的安全性检测结果。当然,也可以先执行S12,再执行S11,例如,在S12得到判定出目标网址为安全网址的第二检测结果之后,再进行S11,如此,可以减少S11的不必要执行。此时,可以单独根据S12的第二检测结果确定目标网址最终的安全性检测结果。In some embodiments, the S11 and the S12 may be performed synchronously. In some embodiments, S11 may be performed first, and then S12 may be performed. If the target website obtained in S11 is the first detection result of the security website, then S12 is performed. In this way, the execution of S12 can be reduced, unnecessary computations can be reduced, and the output rate of security detection of the target website can be improved. At this time, the final security detection result of the target website may be determined according to the first detection result of S11 alone. Of course, S12 may also be performed first, and then S11 may be performed. For example, after S12 obtains the second detection result that determines that the target website is a safe website, S11 may be performed. In this way, unnecessary execution of S11 may be reduced. At this time, the final security detection result of the target website may be determined according to the second detection result of S12 alone.

在一些实施例中,如图2所示,所述方法还包括:In some embodiments, as shown in Figure 2, the method further includes:

S14:当安全性检测结果表明所述目标网址为风险网址时,执行预定安全过滤操作。S14: When the security detection result indicates that the target website is a risky website, perform a predetermined security filtering operation.

在一些实施例中,所述S14可包括:In some embodiments, the S14 may include:

根据所述目标网址的安全性检测结果确定出所述目标网址为风险网址时,输出风险提示,例如,通过弹窗提示目标网址访问有风险;When it is determined that the target website is a risky website according to the security detection result of the target website, a risk prompt is output, for example, a pop-up window is used to remind that the target website is risky;

和/或,and / or,

拦截携带有风险网址的网络访问请求,并给出告知拦截原因。Intercept network access requests that carry risky URLs, and inform you of the reason for the interception.

和/或,and / or,

记录风险网址的拦截记录,后续根据拦截记录,采用测试终端访问风险网址,确定风险网址的风险性。确定出风险性的网址,可以用于在线优化所述正样本模型和/或负样本模型的训练。Record the interception record of the risky website, and then use the test terminal to access the risky website according to the interception record to determine the risk of the risky website. The identified risky website can be used to optimize the training of the positive sample model and/or the negative sample model online.

所述S13可包括:根据悲观合并算法,合并所述第一检测结果和所述第二检测结果得到所述目标网址的安全性检测结果。The S13 may include: combining the first detection result and the second detection result to obtain a security detection result of the target website according to a pessimistic combination algorithm.

在本申请实施例中,所述悲观合并算法进行第一检测结果和第二检测结果合并时,会将第一检测结果和第二检测结果中较为悲观的结果作为所述目标网址最终的安全性检测结果。此处较为悲观的结果为:判断目标网址为不安全网址的结果。In the embodiment of the present application, when the pessimistic merging algorithm merges the first detection result and the second detection result, the more pessimistic result of the first detection result and the second detection result is used as the final security of the target website Test results. The more pessimistic result here is the result of judging the destination URL as an unsafe URL.

悲观结果算法的含义是选择结果偏悲观即为指示目标网址的为风险网址的概率性更高的结果作为目标网址的最终安全性检测结果。The meaning of the pessimistic result algorithm is to select a pessimistic result, that is, a result with a higher probability indicating that the target website is a risky website as the final security detection result of the target website.

如此,采用悲观合并算法,进行第一检测结果和第二检测结果的合并,会使得目标网址的检测结果偏于悲观或保守。相当于在所述第一检测结果和所述第二检测结果都表示目标网址安全时,才确定所述目标网址,否则认定所述目标网址不安全,确保减少目标网址为风险网站时的错判,减少访问风险网址导致的信息安全性、终端使用安全性及终端所涉及的财产安全性等。In this way, using the pessimistic merging algorithm to merge the first detection result and the second detection result will make the detection result of the target website more pessimistic or conservative. It is equivalent to determining the target website when both the first detection result and the second detection result indicate that the target website is safe; otherwise, the target website is determined to be unsafe, so as to reduce misjudgments when the target website is a risky website. , to reduce the information security, terminal use security and property security involved in the terminal caused by accessing risky websites.

当然在另一些实施例中,基于第一检测结果和第二检测结果,确定目标网址最终的安全性检测结果时,不局限于采用悲观合并算法。例如,在一些情况下,第一检测结果可为表征所述目标网址为安全网址的概率值,所述第二检测结果可为表征所述目标网址为风险网址的概率值。在S13中,可以结合第一概率值和第二概率值,带入安全值计算公式进行计算得到表征目标网址最终的安全性检测结果的概率值,最后根据该概率值确定所述目标网址是否为安全网址。例如,第一概率值与第一权值得到第一乘积,第二概率值与第二权值得到第二乘积,计算第一乘积和第二乘积之差,得到指示所述目标网址最终安全性结果的概率值。将该概率值与概率阈值比较,可以用于判断目标网址的安全性。当然此处,仅是对S13的一种举例,具体实现方式不局限于此。Of course, in some other embodiments, when determining the final security detection result of the target website based on the first detection result and the second detection result, it is not limited to adopt the pessimistic merging algorithm. For example, in some cases, the first detection result may be a probability value indicating that the target website is a safe website, and the second detection result may be a probability value indicating that the target website is a risky website. In S13, the first probability value and the second probability value can be combined, and the security value calculation formula can be brought into the calculation to obtain the probability value representing the final security detection result of the target website, and finally, according to the probability value, it is determined whether the target website is a Safe URL. For example, a first product is obtained between the first probability value and the first weight, a second product is obtained between the second probability value and the second weight, and the difference between the first product and the second product is calculated to obtain an indication of the final security of the target website. The probability value of the outcome. Comparing the probability value with the probability threshold can be used to judge the security of the destination URL. Of course, this is just an example of S13, and the specific implementation is not limited to this.

在一些实施例中,所述第一检测结果及所述第二检测结果包含N个指示值中任意一个;其中,不同的指示值指示的所述目标网址的安全性不同;所述N为等于或大于2的正整数。In some embodiments, the first detection result and the second detection result include any one of N indication values; wherein, the security of the target website indicated by different indication values is different; the N is equal to or a positive integer greater than 2.

例如,检测结果可为任意指示值中的一个。不同指示值指示的安全性高低不同。在一些实施例中,安全性越高,指示值的取值越小。在另一些实施例中,安全性越高,指示值的取值越大。例如,N为3,分别指示安全、未知和有风险这三种安全状态。再例如,N可45,分别指示安全、未知、可能有风险、有风险这4中安全状态。For example, the detection result can be one of any indication value. Different indication values indicate different levels of security. In some embodiments, the higher the security, the smaller the value of the indication value. In other embodiments, the higher the security, the larger the value of the indication value. For example, N is 3, indicating the three security states of safe, unknown, and risky, respectively. For another example, N may be 45, which respectively indicate four security states of safe, unknown, possibly at risk, and at risk.

在一些实施例中,所述S13可包括:In some embodiments, the S13 may include:

当指示安全网址的所述指示值小于指示风险网址的指示值时,按照所述悲观合并算法,根据所述第一检测结果所包含指示值和所述第二检测结果所包含的指示值的最大值,确定为所述目标网址的安全性检测结果。此时,指示值越大说明目标网址的安全性越低,按照所述悲观合并算法,则在进行计算时,对第一检测结果和第二检测结果取max,根据max得到的最大值所对应的安全性,作为所述目标网址最终的安全性检测结果。When the indication value indicating the safe website is smaller than the indication value indicating the risk website, according to the pessimistic combining algorithm, according to the maximum value of the indication value included in the first detection result and the indication value included in the second detection result value, which is determined as the security detection result of the target URL. At this time, the larger the indication value, the lower the security of the target website. According to the pessimistic merging algorithm, when performing the calculation, the first detection result and the second detection result are taken as max, and the maximum value obtained according to the max corresponds to security, as the final security detection result of the target website.

在另一些实施例中,所述S13可包括:In other embodiments, the S13 may include:

当指示安全网址的所述指示值大于指示风险网址的指示值时,按照所述悲观合并算法,根据所述第一检测结果所包含指示值和所述第二检测结果所包含的指示值的最小值,确定为所述目标网址的安全性检测结果。此时,指示值越小说明目标网址的安全性越低,按照所述悲观合并算法,则在进行计算时,对第一检测结果和第二检测结果取min,根据min得到的最大值所对应的安全性,作为所述目标网址最终的安全性检测结果。When the indication value indicating the safe website is greater than the indication value indicating the risky website, according to the pessimistic combining algorithm, according to the minimum value of the indication value contained in the first detection result and the indication value contained in the second detection result value, which is determined as the security detection result of the target URL. At this time, the smaller the indication value, the lower the security of the target website. According to the pessimistic merging algorithm, when performing the calculation, the first detection result and the second detection result are taken as min, and the maximum value obtained according to min corresponds to security, as the final security detection result of the target website.

在一些实施例中,所述根S13可包括以下至少之一:In some embodiments, the root S13 may include at least one of the following:

根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中均为安全结果时,确定所述目标网址的所述安全性检测结果为安全结果;According to the pessimistic merging algorithm, when both the first detection result and the second detection result are security results, determine that the security detection result of the target website is a security result;

根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中至少一个为风险结果时,确定所述目标网址的所述安全性检测结果为风险结果;According to the pessimistic merging algorithm, when at least one of the first detection result and the second detection result is a risk result, determine that the security detection result of the target website is a risk result;

根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中一个为安全结果且另一个为未知结果时,确定所述目标网址的所述安全性检测结果为未知结果;According to the pessimistic merging algorithm, when one of the first detection result and the second detection result is a security result and the other is an unknown result, it is determined that the security detection result of the target website is an unknown result;

根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中一个为安全结果且另一个为疑似风险结果时,确定所述目标网址的所述安全性检测结果为疑似风险结果;According to the pessimistic merging algorithm, when one of the first detection result and the second detection result is a security result and the other is a suspected risk result, it is determined that the security detection result of the target website is a suspected risk result;

根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中一个为未知结果且另一个为疑似风险结果时,确定所述目标网址的所述安全性检测结果为疑似风险结果。According to the pessimistic merging algorithm, when one of the first detection result and the second detection result is an unknown result and the other is a suspected risk result, it is determined that the security detection result of the target website is a suspected risk result.

具体可如表1所示:The details can be shown in Table 1:

Figure BDA0002367908590000071
Figure BDA0002367908590000071

Figure BDA0002367908590000081
Figure BDA0002367908590000081

表1Table 1

从上表可知,当第一检测结果和第二检测结果对应的可能的检测结果包括“安全”、“未知”、“可能有风险”、“风险”。这4个结果。悲观结果算法的含义是选择结果偏悲观即为指示目标网址的为风险网址的概率性更高的结果作为目标网址的最终安全性检测结果。如此,若第一检测结果和第二检测结果有一个指示目标网址为有风险,则目标网扎的最终检测结果必然为有风险。仅有在第一检测结果和第二检测结果均表明目标网址为安全网址,目标网址最终的安全性检测结果才是安全的。As can be seen from the above table, when the possible detection results corresponding to the first detection result and the second detection result include "safe", "unknown", "possibly risky", and "risk". these 4 results. The meaning of the pessimistic result algorithm is to select a pessimistic result, that is, a result with a higher probability indicating that the target website is a risky website as the final security detection result of the target website. In this way, if one of the first detection result and the second detection result indicates that the target website is at risk, the final detection result of the target network must be at risk. Only when both the first detection result and the second detection result indicate that the target website is a safe website, the final security detection result of the target website is safe.

此处的检测结果为未知表示的是:正样本模型或负样本模型无法判断当前网址是否为安全网址或有风险的网址。The detection result of unknown here means that the positive sample model or the negative sample model cannot determine whether the current URL is a safe URL or a risky URL.

此处的检测结果为可能有风险是:正样本模块或负样本模型认为该网址不是安全网址,也不是完全无法判断,可能会有风险。The detection result here is that there may be risks: the positive sample module or the negative sample model thinks that the URL is not a safe URL, nor is it completely impossible to judge, and there may be risks.

而有风险的网址即为确定无误是恶意网址一种。The risky URL is a type of malicious URL that is determined to be correct.

所述利用正样本模型可为逻辑回归模型。所述S11可包括:The model using positive samples may be a logistic regression model. The S11 may include:

利用线性logistic回归模型对所述目标网址进行分类得到第一分类值;Use a linear logistic regression model to classify the target website to obtain a first classification value;

将提取所述第一分类从第一空间映射到第二空间,得到第二分类,其中,所述第一空间的取值范围大于第二空间的取值范围;其中,所述第二分类为所述目标网址为安全网址的概率值;根据所述第二特征值,得到所述第一检测结果。Mapping the extracted first classification from the first space to the second space to obtain a second classification, wherein the value range of the first space is greater than the value range of the second space; wherein, the second classification is The target website is a probability value of a safe website; according to the second characteristic value, the first detection result is obtained.

例如,所述第一空间的取值范围可为正无穷大到负无穷大;所述第二空间的取值范围可为0到1。For example, the value range of the first space may be positive infinity to negative infinity; the value range of the second space may be 0 to 1.

如图3所示,本实施例提供一种网址安全性检测装置,包括:As shown in FIG. 3 , this embodiment provides a website security detection device, including:

第一检测模块31,被配置为利用正样本模型对目标网址进行检测,得到第一检测结果;The first detection module 31 is configured to use the positive sample model to detect the target website to obtain a first detection result;

第二检测模块32,被配置为利用负样本模型对目标网址进行检测,得到第二检测结果;The second detection module 32 is configured to use the negative sample model to detect the target website to obtain a second detection result;

确定模块33,被配置为根据所述第一检测结果和所述第二检测结果,确定所述目标网址的安全性检测结果。The determining module 33 is configured to determine the security detection result of the target website according to the first detection result and the second detection result.

在一些实施例中,所述第一检测模块31、第二检测模块32及确定模块33,可均为程序模块;所述程序模块被处理器执行后,能够执行上述第一检测结果、第二检测结果及安全性检测结果。In some embodiments, the first detection module 31 , the second detection module 32 and the determination module 33 may all be program modules; after the program modules are executed by the processor, they can Test results and safety test results.

在另一些实施例中,所述第一检测模块31、第二检测模块32及确定模块33,可均为软硬结合模块;所述软硬结合模块;所述软硬结合模块可包括:各种可编程阵列;所述可编程阵列包括但不限于:复杂可编程阵列或现场可编程阵列。In other embodiments, the first detection module 31, the second detection module 32, and the determination module 33 may all be software-hardware combination modules; the software-hardware combination module; the software-hardware combination module may include: each A programmable array; the programmable array includes but is not limited to: complex programmable array or field programmable array.

在还有一些实施例中,所述第一检测模块31、第二检测模块32及确定模块33,可均为软硬结合模块;所述纯硬件模块;所述纯硬件模块可包括:专用集成电路。In still other embodiments, the first detection module 31 , the second detection module 32 and the determination module 33 may all be a combination of software and hardware; the pure hardware module; the pure hardware module may include: dedicated integration circuit.

在一些实施例中,所述确定模块33,被配置为根据悲观合并算法,合并所述第一检测结果和所述第二检测结果得到所述目标网址的安全性检测结果。In some embodiments, the determining module 33 is configured to combine the first detection result and the second detection result according to a pessimistic combination algorithm to obtain the security detection result of the target website.

在一些实施例中,所述第一检测结果及所述第二检测结果包含N个指示值中任意一个;其中,不同的指示值指示的所述目标网址的安全性不同;所述N为等于或大于2的正整数;In some embodiments, the first detection result and the second detection result include any one of N indication values; wherein, the security of the target website indicated by different indication values is different; the N is equal to or a positive integer greater than 2;

所述确定模块33,被配置为当指示安全网址的所述指示值小于指示风险网址的指示值时,按照所述悲观合并算法,根据所述第一检测结果所包含指示值和所述第二检测结果所包含的指示值的最大值,确定为所述目标网址的安全性检测结果;当指示安全网址的所述指示值大于指示风险网址的指示值时,按照所述悲观合并算法,根据所述第一检测结果所包含指示值和所述第二检测结果所包含的指示值的最小值,确定为所述目标网址的安全性检测结果。The determining module 33 is configured to, according to the pessimistic merging algorithm, according to the pessimistic merging algorithm, according to the indication value contained in the first detection result and the second when the indication value indicating the safe website is less than the indication value indicating the risk website. The maximum value of the indication value included in the detection result is determined as the security detection result of the target website; when the indication value indicating the safe website is greater than the indication value indicating the risky website, according to the pessimistic merging algorithm, according to the The minimum value of the indication value included in the first detection result and the indication value included in the second detection result is determined as the security detection result of the target website.

在一些实施例中,所述确定模块33,用于执行以下至少之一:In some embodiments, the determining module 33 is configured to perform at least one of the following:

根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中均为安全结果时,确定所述目标网址的所述安全性检测结果为安全结果;According to the pessimistic merging algorithm, when both the first detection result and the second detection result are security results, determine that the security detection result of the target website is a security result;

根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中至少一个为风险结果时,确定所述目标网址的所述安全性检测结果为风险结果;According to the pessimistic merging algorithm, when at least one of the first detection result and the second detection result is a risk result, determine that the security detection result of the target website is a risk result;

根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中一个为安全结果且另一个为未知结果时,确定所述目标网址的所述安全性检测结果为未知结果;According to the pessimistic merging algorithm, when one of the first detection result and the second detection result is a security result and the other is an unknown result, it is determined that the security detection result of the target website is an unknown result;

根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中一个为安全结果且另一个为疑似风险结果时,确定所述目标网址的所述安全性检测结果为疑似风险结果;According to the pessimistic merging algorithm, when one of the first detection result and the second detection result is a security result and the other is a suspected risk result, it is determined that the security detection result of the target website is a suspected risk result;

根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中一个为未知结果且另一个为疑似风险结果时,确定所述目标网址的所述安全性检测结果为疑似风险结果。According to the pessimistic merging algorithm, when one of the first detection result and the second detection result is an unknown result and the other is a suspected risk result, it is determined that the security detection result of the target website is a suspected risk result.

在一些实施例中,所述利用正样本模型对目标网址进行检测,得到第一检测结果,包括:In some embodiments, the use of the positive sample model to detect the target website to obtain a first detection result includes:

利用逻辑logistic回归模型对所述目标网址进行检测,得到第一检测值;Detect the target website by using a logistic regression model to obtain a first detection value;

将提取所述第一检测值从第一空间映射到第二空间,得到第二检测值,其中,所述第一空间的取值范围大于第二空间的取值范围;其中,所述第二检测值为所述目标网址为安全网址的概率值;The extracted first detection value is mapped from the first space to the second space to obtain a second detection value, wherein the value range of the first space is greater than the value range of the second space; wherein the second The detection value is the probability value that the target URL is a safe URL;

根据所述第二检测值,得到所述第一检测结果。According to the second detection value, the first detection result is obtained.

在一些实施例中,所述正样本模型为逻辑回归模型;和/或,所述负样本模型为支持向量机SVM。In some embodiments, the positive sample model is a logistic regression model; and/or the negative sample model is a support vector machine (SVM).

以下结合上述任意实施例提供一个具体示例:A specific example is provided below in conjunction with any of the above-mentioned embodiments:

基于负样本的模型训练方式,存在负样本覆盖场景不充分,以及样本量级不足导致的检测模型准确性问题。The model training method based on negative samples has problems with the accuracy of detection models caused by insufficient coverage of negative samples and insufficient sample size.

本方案基于正样本和负样本分别训练模型,在检测过程中基于这2个训练模型依次判断结果,这样解决了样本量级不足导致的问题;同时,正样本数据量较大,训练出的模型能够覆盖大部分正常网址的特征,所以可以从反面解决负样本覆盖场景不充分的问题。This scheme trains models based on positive samples and negative samples respectively, and judges the results in turn based on these two training models during the detection process, which solves the problem caused by insufficient sample size; at the same time, the amount of positive sample data is large, and the trained model It can cover most of the characteristics of normal URLs, so it can solve the problem of insufficient coverage of negative samples from the opposite side.

1)正样本模型训练:在正样本训练集基础上,选择逻辑(Logistic)回归做URL分类。Logistic回归通过样本集学习出一个0或1分类模型,将样本集中的特征的线性组合作为自变量,由于自变量的取值范围是负无穷到正无穷。使用logistic函数将自变量映射到(0,1)上,映射后的值被认为是属于y=1的概率。Logistic回归属于广义线性回归,模型的适用条件二分类问题,所以使用该方式来训练模型。1) Positive sample model training: On the basis of the positive sample training set, Logistic regression is selected for URL classification. Logistic regression learns a 0 or 1 classification model through the sample set, and uses the linear combination of the features in the sample set as the independent variable, because the value range of the independent variable is negative infinity to positive infinity. The independent variable is mapped to (0,1) using the logistic function, and the mapped value is considered to be the probability of belonging to y=1. Logistic regression belongs to generalized linear regression, and the applicable conditions of the model are two-classification problems, so this method is used to train the model.

2)负样本模型训练:在负样本训练集基础上,选择SVM做URL分类。SVM是一种监督式的模型训练方法,将实例表示为空间中的点,通过这种方式保证不同类别的实例被一条间隔线分开。当生成了新的实例之后,只要映射到同一空间中的点,就能基于它们落在间隔的哪一侧来预测所属类别。通过这种方式训练模型来区分URL所属的类别。2) Negative sample model training: On the basis of the negative sample training set, SVM is selected for URL classification. SVM is a supervised model training method that represents instances as points in space, in such a way that instances of different classes are guaranteed to be separated by a separation line. When new instances are generated, as long as they map to points in the same space, the class can be predicted based on which side of the interval they fall on. The model is trained in this way to distinguish which category the URL belongs to.

3)针对每一个待检测的URL,先使用正样本模型得出判定结果,然后使用负样本模型做二次验证,最后采用悲观合并算法得出最终的判断结果。悲观合并算法的详细计算规则前述表1。3) For each URL to be detected, first use the positive sample model to obtain the judgment result, then use the negative sample model for secondary verification, and finally use the pessimistic merge algorithm to obtain the final judgment result. The detailed calculation rules of the pessimistic merge algorithm are described in Table 1 above.

若:设定安全=0,未知=1,可能有风险=2,风险=3If: set safe=0, unknown=1, possible risk=2, risk=3

则:result=Max{${val1},${val2}}。其中:val1,val2分别为正样本模型、负样本模型的反馈结果。Then: result=Max{${val1},${val2}}. Among them: val1, val2 are the feedback results of the positive sample model and the negative sample model, respectively.

通过该方案,解决了样本量级不足导致的模型检测准确率问题,同时,利用从正样本训练数据,可以从反面解决负样本训练的模型覆盖场景不充分的问题。同时,该方案具备以下特点:1)检测类型多样:能够检测出的网址类别涵盖社工欺诈、信息诈骗、虚假销售、恶意文件、博彩网站、色情网站等;2)高吞吐率:可以支撑每天2500万次的网址检测请求;3)低延迟:服务平均响应时间在100ms以内;4)检测精度高:针对百万量级标注样本的检测准确率在97%以上。Through this solution, the problem of model detection accuracy caused by insufficient sample size is solved. At the same time, by using training data from positive samples, the problem of insufficient scene coverage of models trained with negative samples can be solved negatively. At the same time, the solution has the following characteristics: 1) Various types of detection: The types of URLs that can be detected include social work fraud, information fraud, false sales, malicious files, gambling websites, pornographic websites, etc.; 2) High throughput rate: It can support 2,500 per day 3) Low latency: The average service response time is within 100ms; 4) High detection accuracy: The detection accuracy for millions of labeled samples is above 97%.

本申请实施提供一种网址安全性检测装置,包括处理器、存储器及存储在存储器上并能够有所述处理器运行的可执行程序,所述处理器运行所述可执行程序时执行如前述任意技术方案提供的网址安全性检测方法,例如,如图1和/或图2所示的方法。An implementation of the present application provides a website security detection device, which includes a processor, a memory, and an executable program stored in the memory and capable of being run by the processor. When the processor runs the executable program, the processor executes any of the foregoing The website security detection method provided by the technical solution is, for example, the method shown in FIG. 1 and/or FIG. 2 .

图4是根据一示例性实施例示出的一种网址安全性检测装置800的框图。例如,装置800可以是移动电话,计算机,数字广播终端,消息收发设备,游戏控制台,平板设备,医疗设备,健身设备,个人数字助理等。FIG. 4 is a block diagram of a website security detection apparatus 800 according to an exemplary embodiment. For example, apparatus 800 may be a mobile phone, computer, digital broadcast terminal, messaging device, game console, tablet device, medical device, fitness device, personal digital assistant, and the like.

参照图4,装置800可以包括以下一个或多个组件:处理组件802,存储器804,电力组件806,多媒体组件808,音频组件810,输入/输出(I/O)的接口812,传感器组件814,以及通信组件816。4, the apparatus 800 may include one or more of the following components: a processing component 802, a memory 804, a power component 806, a multimedia component 808, an audio component 810, an input/output (I/O) interface 812, a sensor component 814, and communication component 816.

处理组件802通常控制装置800的整体操作,诸如与显示,电话呼叫,数据通信,相机操作和记录操作相关联的操作。处理组件802可以包括一个或多个处理器820来执行指令,以完成上述的方法的全部或部分步骤。此外,处理组件802可以包括一个或多个模块,便于处理组件802和其他组件之间的交互。例如,处理组件802可以包括多媒体模块,以方便多媒体组件808和处理组件802之间的交互。The processing component 802 generally controls the overall operation of the device 800, such as operations associated with display, phone calls, data communications, camera operations, and recording operations. The processing component 802 can include one or more processors 820 to execute instructions to perform all or some of the steps of the methods described above. Additionally, processing component 802 may include one or more modules that facilitate interaction between processing component 802 and other components. For example, processing component 802 may include a multimedia module to facilitate interaction between multimedia component 808 and processing component 802.

存储器804被配置为存储各种类型的数据以支持在设备800的操作。这些数据的示例包括用于在装置800上操作的任何应用程序或方法的指令,联系人数据,电话簿数据,消息,图片,视频等。存储器804可以由任何类型的易失性或非易失性存储设备或者它们的组合实现,如静态随机存取存储器(SRAM),电可擦除可编程只读存储器(EEPROM),可擦除可编程只读存储器(EPROM),可编程只读存储器(PROM),只读存储器(ROM),磁存储器,快闪存储器,磁盘或光盘。Memory 804 is configured to store various types of data to support operation at device 800 . Examples of such data include instructions for any application or method operating on device 800, contact data, phonebook data, messages, pictures, videos, and the like. Memory 804 may be implemented by any type of volatile or nonvolatile storage device or combination thereof, such as static random access memory (SRAM), electrically erasable programmable read only memory (EEPROM), erasable Programmable Read Only Memory (EPROM), Programmable Read Only Memory (PROM), Read Only Memory (ROM), Magnetic Memory, Flash Memory, Magnetic or Optical Disk.

电力组件806为装置800的各种组件提供电力。电力组件806可以包括电源管理系统,一个或多个电源,及其他与为装置800生成、管理和分配电力相关联的组件。Power component 806 provides power to various components of device 800 . Power components 806 may include a power management system, one or more power sources, and other components associated with generating, managing, and distributing power to device 800 .

多媒体组件808包括在所述装置800和用户之间的提供一个输出接口的屏幕。在一些实施例中,屏幕可以包括液晶显示器(LCD)和触摸面板(TP)。如果屏幕包括触摸面板,屏幕可以被实现为触摸屏,以接收来自用户的输入信号。触摸面板包括一个或多个触摸传感器以感测触摸、滑动和触摸面板上的手势。所述触摸传感器可以不仅感测触摸或滑动动作的边界,而且还检测与所述触摸或滑动操作相关的持续时间和压力。在一些实施例中,多媒体组件808包括一个前置摄像头和/或后置摄像头。当设备800处于操作模式,如拍摄模式或视频模式时,前置摄像头和/或后置摄像头可以接收外部的多媒体数据。每个前置摄像头和后置摄像头可以是一个固定的光学透镜系统或具有焦距和光学变焦能力。Multimedia component 808 includes a screen that provides an output interface between the device 800 and the user. In some embodiments, the screen may include a liquid crystal display (LCD) and a touch panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive input signals from a user. The touch panel includes one or more touch sensors to sense touch, swipe, and gestures on the touch panel. The touch sensor may not only sense the boundaries of a touch or swipe action, but also detect the duration and pressure associated with the touch or swipe action. In some embodiments, the multimedia component 808 includes a front-facing camera and/or a rear-facing camera. When the device 800 is in an operation mode, such as a shooting mode or a video mode, the front camera and/or the rear camera may receive external multimedia data. Each of the front and rear cameras can be a fixed optical lens system or have focal length and optical zoom capability.

音频组件810被配置为输出和/或输入音频信号。例如,音频组件810包括一个麦克风(MIC),当装置800处于操作模式,如呼叫模式、记录模式和语音识别模式时,麦克风被配置为接收外部音频信号。所接收的音频信号可以被进一步存储在存储器804或经由通信组件816发送。在一些实施例中,音频组件810还包括一个扬声器,用于输出音频信号。Audio component 810 is configured to output and/or input audio signals. For example, audio component 810 includes a microphone (MIC) that is configured to receive external audio signals when device 800 is in operating modes, such as call mode, recording mode, and voice recognition mode. The received audio signal may be further stored in memory 804 or transmitted via communication component 816 . In some embodiments, audio component 810 also includes a speaker for outputting audio signals.

I/O接口812为处理组件802和外围接口模块之间提供接口,上述外围接口模块可以是键盘,点击轮,按钮等。这些按钮可包括但不限于:主页按钮、音量按钮、启动按钮和锁定按钮。The I/O interface 812 provides an interface between the processing component 802 and a peripheral interface module, which may be a keyboard, a click wheel, a button, or the like. These buttons may include, but are not limited to: home button, volume buttons, start button, and lock button.

传感器组件814包括一个或多个传感器,用于为装置800提供各个方面的状态评估。例如,传感器组件814可以检测到设备800的打开/关闭状态,组件的相对定位,例如所述组件为装置800的显示器和小键盘,传感器组件814还可以检测装置800或装置800一个组件的位置改变,用户与装置800接触的存在或不存在,装置800方位或加速/减速和装置800的温度变化。传感器组件814可以包括接近传感器,被配置用来在没有任何的物理接触时检测附近物体的存在。传感器组件814还可以包括光传感器,如CMOS或CCD图像传感器,用于在成像应用中使用。在一些实施例中,该传感器组件814还可以包括加速度传感器,陀螺仪传感器,磁传感器,压力传感器或温度传感器。Sensor assembly 814 includes one or more sensors for providing status assessment of various aspects of device 800 . For example, the sensor assembly 814 can detect the open/closed state of the device 800, the relative positioning of components, such as the display and keypad of the device 800, and the sensor assembly 814 can also detect a change in the position of the device 800 or a component of the device 800 , the presence or absence of user contact with the device 800 , the orientation or acceleration/deceleration of the device 800 and the temperature change of the device 800 . Sensor assembly 814 may include a proximity sensor configured to detect the presence of nearby objects in the absence of any physical contact. Sensor assembly 814 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 814 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.

通信组件816被配置为便于装置800和其他设备之间有线或无线方式的通信。装置800可以接入基于通信标准的无线网络,如WiFi,2G或3G,或它们的组合。在一个示例性实施例中,通信组件816经由广播信道接收来自外部广播管理系统的广播信号或广播相关信息。在一个示例性实施例中,所述通信组件816还包括近场通信(NFC)模块,以促进短程通信。例如,在NFC模块可基于射频识别(RFID)技术,红外数据协会(IrDA)技术,超宽带(UWB)技术,蓝牙(BT)技术和其他技术来实现。Communication component 816 is configured to facilitate wired or wireless communication between apparatus 800 and other devices. Device 800 may access wireless networks based on communication standards, such as WiFi, 2G or 3G, or a combination thereof. In one exemplary embodiment, the communication component 816 receives broadcast signals or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 816 also includes a near field communication (NFC) module to facilitate short-range communication. For example, the NFC module may be implemented based on radio frequency identification (RFID) technology, infrared data association (IrDA) technology, ultra-wideband (UWB) technology, Bluetooth (BT) technology and other technologies.

在示例性实施例中,装置800可以被一个或多个应用专用集成电路(ASIC)、数字信号处理器(DSP)、数字信号处理设备(DSPD)、可编程逻辑器件(PLD)、现场可编程门阵列(FPGA)、控制器、微控制器、微处理器或其他电子元件实现,用于执行上述方法。In an exemplary embodiment, apparatus 800 may be implemented by one or more application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable A gate array (FPGA), controller, microcontroller, microprocessor or other electronic component implementation is used to perform the above method.

在示例性实施例中,还提供了一种包括指令的非临时性计算机可读存储介质,例如包括指令的存储器804,上述指令可由装置800的处理器820执行以完成上述方法。例如,所述非临时性计算机可读存储介质可以是ROM、随机存取存储器(RAM)、CD-ROM、磁带、软盘和光数据存储设备等。In an exemplary embodiment, there is also provided a non-transitory computer-readable storage medium including instructions, such as a memory 804 including instructions, executable by the processor 820 of the apparatus 800 to perform the method described above. For example, the non-transitory computer-readable storage medium may be ROM, random access memory (RAM), CD-ROM, magnetic tape, floppy disk, optical data storage device, and the like.

本申请实施例还提供一种非临时性计算机可读存储介质,该非临时性计算机可读存储介质可以简称为存储介质。当所述存储介质中存储的计算机可执行指令由处理器执行时,使得移动终端能够执行一种网址安全检测方法。所述网址安全性检测方法可包括:利用正样本模型对目标网址进行检测,得到第一检测结果;利用负样本模型对目标网址进行检测,得到第二检测结果;根据所述第一检测结果和所述第二检测结果,确定所述目标网址的安全性检测结果。Embodiments of the present application further provide a non-transitory computer-readable storage medium, where the non-transitory computer-readable storage medium may be referred to as a storage medium for short. When the computer-executable instructions stored in the storage medium are executed by the processor, the mobile terminal can execute a website security detection method. The website security detection method may include: using a positive sample model to detect a target website to obtain a first detection result; using a negative sample model to detect the target website to obtain a second detection result; according to the first detection result and The second detection result determines the security detection result of the target website.

在一些实施例中,所述根据所述第一检测结果和所述第二检测结果,确定所述目标网址的安全性检测结果,包括:根据悲观合并算法,合并所述第一检测结果和所述第二检测结果得到所述目标网址的安全性检测结果。In some embodiments, the determining the security detection result of the target website according to the first detection result and the second detection result includes: merging the first detection result and all the security detection results according to a pessimistic combination algorithm. The second detection result is used to obtain the security detection result of the target website.

在一些实施例中,所述第一检测结果及所述第二检测结果包含N个指示值中任意一个;其中,不同的指示值指示的所述目标网址的安全性不同;所述N为等于或大于2的正整数;所述根据悲观合并算法,合并所述第一检测结果和所述第二检测结果得到所述目标网址的安全性检测结果,包括:In some embodiments, the first detection result and the second detection result include any one of N indication values; wherein, the security of the target website indicated by different indication values is different; the N is equal to or a positive integer greater than 2; the first detection result and the second detection result are combined according to the pessimistic merging algorithm to obtain the security detection result of the target website, including:

当指示安全网址的所述指示值小于指示风险网址的指示值时,按照所述悲观合并算法,根据所述第一检测结果所包含指示值和所述第二检测结果所包含的指示值的最大值,确定为所述目标网址的安全性检测结果;或者,当指示安全网址的所述指示值大于指示风险网址的指示值时,按照所述悲观合并算法,根据所述第一检测结果所包含指示值和所述第二检测结果所包含的指示值的最小值,确定为所述目标网址的安全性检测结果。When the indication value indicating the safe website is smaller than the indication value indicating the risk website, according to the pessimistic combining algorithm, according to the maximum value of the indication value included in the first detection result and the indication value included in the second detection result value is determined as the security detection result of the target website; or, when the indication value indicating a safe website is greater than the indication value indicating a risky website, according to the pessimistic merging algorithm, according to the first detection result contains The minimum value of the indication value and the indication value included in the second detection result is determined as the security detection result of the target website.

在一些实施例中,所述根据悲观合并算法,合并所述第一检测结果和所述第二检测结果得到所述目标网址的安全性检测结果,包括以下至少之一:In some embodiments, according to the pessimistic merging algorithm, the first detection result and the second detection result are combined to obtain the security detection result of the target website, including at least one of the following:

根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中均为安全结果时,确定所述目标网址的所述安全性检测结果为安全结果;According to the pessimistic merging algorithm, when both the first detection result and the second detection result are security results, determine that the security detection result of the target website is a security result;

根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中至少一个为风险结果时,确定所述目标网址的所述安全性检测结果为风险结果;According to the pessimistic merging algorithm, when at least one of the first detection result and the second detection result is a risk result, determine that the security detection result of the target website is a risk result;

根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中一个为安全结果且另一个为未知结果时,确定所述目标网址的所述安全性检测结果为未知结果;According to the pessimistic merging algorithm, when one of the first detection result and the second detection result is a security result and the other is an unknown result, it is determined that the security detection result of the target website is an unknown result;

根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中一个为安全结果且另一个为疑似风险结果时,确定所述目标网址的所述安全性检测结果为疑似风险结果;According to the pessimistic merging algorithm, when one of the first detection result and the second detection result is a security result and the other is a suspected risk result, it is determined that the security detection result of the target website is a suspected risk result;

根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中一个为未知结果且另一个为疑似风险结果时,确定所述目标网址的所述安全性检测结果为疑似风险结果。According to the pessimistic merging algorithm, when one of the first detection result and the second detection result is an unknown result and the other is a suspected risk result, it is determined that the security detection result of the target website is a suspected risk result.

在一些实施例中,所述利用正样本模型对目标网址进行检测,得到第一检测结果,包括:In some embodiments, the use of the positive sample model to detect the target website to obtain a first detection result includes:

利用逻辑logistic回归模型对所述目标网址进行检测,得到第一检测值;Detect the target website by using a logistic regression model to obtain a first detection value;

将提取所述第一检测值从第一空间映射到第二空间,得到第二检测值,其中,所述第一空间的取值范围大于第二空间的取值范围;其中,所述第二检测值为所述目标网址为安全网址的概率值;The extracted first detection value is mapped from the first space to the second space to obtain a second detection value, wherein the value range of the first space is greater than the value range of the second space; wherein the second The detection value is the probability value that the target URL is a safe URL;

根据所述第二检测值,得到所述第一检测结果。According to the second detection value, the first detection result is obtained.

在一些实施例中,所述第二模型为SVM。In some embodiments, the second model is an SVM.

本领域技术人员在考虑说明书及实践这里公开的发明后,将容易想到本发明的其它实施方案。本申请旨在涵盖本发明的任何变型、用途或者适应性变化,这些变型、用途或者适应性变化遵循本发明的一般性原理并包括本公开未公开的本技术领域中的公知常识或惯用技术手段。说明书和实施例仅被视为示例性的,本发明的真正范围和精神由下面的权利要求指出。Other embodiments of the invention will readily occur to those skilled in the art upon consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention that follow the general principles of the invention and include common knowledge or conventional techniques in the art not disclosed by this disclosure . The specification and examples are to be regarded as exemplary only, with the true scope and spirit of the invention being indicated by the following claims.

应当理解的是,本发明并不局限于上面已经描述并在附图中示出的精确结构,并且可以在不脱离其范围进行各种修改和改变。本发明的范围仅由所附的权利要求来限制。It should be understood that the present invention is not limited to the precise structures described above and illustrated in the accompanying drawings, and that various modifications and changes may be made without departing from its scope. The scope of the present invention is limited only by the appended claims.

Claims (12)

1.一种网址安全性检测方法,其特征在于,包括:1. a website security detection method, is characterized in that, comprises: 利用正样本模型对目标网址进行检测,得到第一检测结果;Use the positive sample model to detect the target website to obtain the first detection result; 利用负样本模型对目标网址进行检测,得到第二检测结果;Use the negative sample model to detect the target website to obtain a second detection result; 根据所述第一检测结果和所述第二检测结果,确定所述目标网址的安全性检测结果。According to the first detection result and the second detection result, the security detection result of the target website is determined. 2.根据权利要求1所述的方法,其特征在于,所述根据所述第一检测结果和所述第二检测结果,确定所述目标网址的安全性检测结果,包括:2. The method according to claim 1, wherein, determining the security detection result of the target website according to the first detection result and the second detection result, comprising: 根据悲观合并算法,合并所述第一检测结果和所述第二检测结果得到所述目标网址的安全性检测结果。According to the pessimistic merging algorithm, the first detection result and the second detection result are combined to obtain the security detection result of the target website. 3.根据权利要求2所述的方法,其特征在于,所述第一检测结果及所述第二检测结果包含N个指示值中任意一个;其中,不同的指示值指示的所述目标网址的安全性不同;所述N为等于或大于2的正整数;3. The method according to claim 2, wherein the first detection result and the second detection result comprise any one of N indication values; wherein, the target URL indicated by different indication values Different security; the N is a positive integer equal to or greater than 2; 所述根据悲观合并算法,合并所述第一检测结果和所述第二检测结果得到所述目标网址的安全性检测结果,包括:Described according to the pessimistic merging algorithm, merging the first detection result and the second detection result to obtain the security detection result of the target website, including: 当指示安全网址的所述指示值小于指示风险网址的指示值时,按照所述悲观合并算法,根据所述第一检测结果所包含指示值和所述第二检测结果所包含的指示值的最大值,确定为所述目标网址的安全性检测结果;When the indication value indicating the safe website is smaller than the indication value indicating the risk website, according to the pessimistic combining algorithm, according to the maximum value of the indication value included in the first detection result and the indication value included in the second detection result value, which is determined as the security detection result of the target URL; 或者,or, 当指示安全网址的所述指示值大于指示风险网址的指示值时,按照所述悲观合并算法,根据所述第一检测结果所包含指示值和所述第二检测结果所包含的指示值的最小值,确定为所述目标网址的安全性检测结果。When the indication value indicating the safe website is greater than the indication value indicating the risky website, according to the pessimistic combining algorithm, according to the minimum value of the indication value contained in the first detection result and the indication value contained in the second detection result value, which is determined as the security detection result of the target URL. 4.根据权利要求2所述的方法,其特征在于,所述根据悲观合并算法,合并所述第一检测结果和所述第二检测结果得到所述目标网址的安全性检测结果,包括以下至少之一:4. The method according to claim 2, wherein, according to a pessimistic merging algorithm, the first detection result and the second detection result are merged to obtain the security detection result of the target website, including at least the following: one: 根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中均为安全结果时,确定所述目标网址的所述安全性检测结果为安全结果;According to the pessimistic merging algorithm, when both the first detection result and the second detection result are security results, determine that the security detection result of the target website is a security result; 根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中至少一个为风险结果时,确定所述目标网址的所述安全性检测结果为风险结果;According to the pessimistic merging algorithm, when at least one of the first detection result and the second detection result is a risk result, determine that the security detection result of the target website is a risk result; 根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中一个为安全结果且另一个为未知结果时,确定所述目标网址的所述安全性检测结果为未知结果;According to the pessimistic merging algorithm, when one of the first detection result and the second detection result is a security result and the other is an unknown result, it is determined that the security detection result of the target website is an unknown result; 根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中一个为安全结果且另一个为疑似风险结果时,确定所述目标网址的所述安全性检测结果为疑似风险结果;According to the pessimistic merging algorithm, when one of the first detection result and the second detection result is a security result and the other is a suspected risk result, it is determined that the security detection result of the target website is a suspected risk result; 根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中一个为未知结果且另一个为疑似风险结果时,确定所述目标网址的所述安全性检测结果为疑似风险结果。According to the pessimistic merging algorithm, when one of the first detection result and the second detection result is an unknown result and the other is a suspected risk result, it is determined that the security detection result of the target website is a suspected risk result. 5.根据权利要求1所述的方法,其特征在于,所述正样本模型为逻辑回归模型;和/或,所述负样本模型为支持向量机SVM。5. The method according to claim 1, wherein the positive sample model is a logistic regression model; and/or the negative sample model is a support vector machine (SVM). 6.一种网址安全性检测装置,其特征在于,包括:6. A website security detection device, characterized in that, comprising: 第一检测模块,被配置为利用正样本模型对目标网址进行检测,得到第一检测结果;a first detection module, configured to use the positive sample model to detect the target website to obtain a first detection result; 第二检测模块,被配置为利用负样本模型对目标网址进行检测,得到第二检测结果;The second detection module is configured to use the negative sample model to detect the target website to obtain a second detection result; 确定模块,被配置为根据所述第一检测结果和所述第二检测结果,确定所述目标网址的安全性检测结果。A determination module configured to determine the security detection result of the target website according to the first detection result and the second detection result. 7.根据权利要求6所述的装置,其特征在于,所述确定模块,被配置为根据悲观合并算法,合并所述第一检测结果和所述第二检测结果得到所述目标网址的安全性检测结果。7. The apparatus according to claim 6, wherein the determining module is configured to combine the first detection result and the second detection result to obtain the security of the target website according to a pessimistic combination algorithm Test results. 8.根据权利要求7所述的装置,其特征在于,所述第一检测结果及所述第二检测结果包含N个指示值中任意一个;其中,不同的指示值指示的所述目标网址的安全性不同;所述N为等于或大于2的正整数;8 . The device according to claim 7 , wherein the first detection result and the second detection result comprise any one of N indication values; wherein, the target URL indicated by different indication values Different security; the N is a positive integer equal to or greater than 2; 所述确定模块,被配置为当指示安全网址的所述指示值小于指示风险网址的指示值时,按照所述悲观合并算法,根据所述第一检测结果所包含指示值和所述第二检测结果所包含的指示值的最大值,确定为所述目标网址的安全性检测结果;或者,当指示安全网址的所述指示值大于指示风险网址的指示值时,按照所述悲观合并算法,根据所述第一检测结果所包含指示值和所述第二检测结果所包含的指示值的最小值,确定为所述目标网址的安全性检测结果。The determining module is configured to, according to the pessimistic merging algorithm, according to the pessimistic merging algorithm, according to the indication value contained in the first detection result and the second detection value when the indication value indicating the safe website is less than the indication value indicating the risk website The maximum value of the indicated value included in the result is determined as the security detection result of the target website; or, when the indicated value indicating the safe website is greater than the indicated value indicating the risky website, according to the pessimistic merging algorithm, according to The minimum value of the indication value included in the first detection result and the indication value included in the second detection result is determined as the security detection result of the target website. 9.根据权利要求7所述的装置,其特征在于,所述确定模块,用于执行以下至少之一:9. The apparatus according to claim 7, wherein the determining module is configured to perform at least one of the following: 根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中均为安全结果时,确定所述目标网址的所述安全性检测结果为安全结果;According to the pessimistic merging algorithm, when both the first detection result and the second detection result are security results, determine that the security detection result of the target website is a security result; 根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中至少一个为风险结果时,确定所述目标网址的所述安全性检测结果为风险结果;According to the pessimistic merging algorithm, when at least one of the first detection result and the second detection result is a risk result, determine that the security detection result of the target website is a risk result; 根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中一个为安全结果且另一个为未知结果时,确定所述目标网址的所述安全性检测结果为未知结果;According to the pessimistic merging algorithm, when one of the first detection result and the second detection result is a security result and the other is an unknown result, it is determined that the security detection result of the target website is an unknown result; 根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中一个为安全结果且另一个为疑似风险结果时,确定所述目标网址的所述安全性检测结果为疑似风险结果;According to the pessimistic merging algorithm, when one of the first detection result and the second detection result is a security result and the other is a suspected risk result, it is determined that the security detection result of the target website is a suspected risk result; 根据所述悲观合并算法,在所述第一检测结果和所述第二检测结果中一个为未知结果且另一个为疑似风险结果时,确定所述目标网址的所述安全性检测结果为疑似风险结果。According to the pessimistic merging algorithm, when one of the first detection result and the second detection result is an unknown result and the other is a suspected risk result, it is determined that the security detection result of the target website is a suspected risk result. 10.根据权利要求7所述的装置,其特征在于,所述正样本模型为逻辑回归模型;和/或,所述负样本模型为支持向量机SVM。The apparatus according to claim 7, wherein the positive sample model is a logistic regression model; and/or the negative sample model is a support vector machine (SVM). 11.一种网址安全性检测装置,包括处理器、存储器及存储在存储器上并能够有所述处理器运行的可执行程序,其特征在于,所述处理器运行所述可执行程序时执行如权利要求1至5任一项所述网址安全性检测方法的步骤。11. A device for detecting website security, comprising a processor, a memory, and an executable program stored on the memory and capable of being run by the processor, characterized in that, when the processor runs the executable program, the processor executes the following steps: The steps of the web site security detection method according to any one of claims 1 to 5. 12.一种存储介质,其上存储由可执行程序,其特征在于,所述可执行程序被处理器执行时实现如权利要求1至5任一项所述网址安全性检测方法的步骤。12. A storage medium on which an executable program is stored, wherein when the executable program is executed by a processor, the steps of the web site security detection method according to any one of claims 1 to 5 are implemented.
CN202010041463.8A 2020-01-15 2020-01-15 Website security detection method and device, storage medium Pending CN111314291A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010041463.8A CN111314291A (en) 2020-01-15 2020-01-15 Website security detection method and device, storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010041463.8A CN111314291A (en) 2020-01-15 2020-01-15 Website security detection method and device, storage medium

Publications (1)

Publication Number Publication Date
CN111314291A true CN111314291A (en) 2020-06-19

Family

ID=71161420

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010041463.8A Pending CN111314291A (en) 2020-01-15 2020-01-15 Website security detection method and device, storage medium

Country Status (1)

Country Link
CN (1) CN111314291A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114924746A (en) * 2022-05-25 2022-08-19 杭州锘崴信息科技有限公司 Application compliance analysis method and device, electronic equipment and storage medium
CN114996130A (en) * 2022-05-25 2022-09-02 杭州锘崴信息科技有限公司 Application compliance analysis method and device, electronic equipment and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120158626A1 (en) * 2010-12-15 2012-06-21 Microsoft Corporation Detection and categorization of malicious urls
CN107577945A (en) * 2017-09-28 2018-01-12 阿里巴巴集团控股有限公司 URL attack detection methods, device and electronic equipment
CN107770132A (en) * 2016-08-18 2018-03-06 中兴通讯股份有限公司 A kind of method and device detected to algorithm generation domain name
CN108111489A (en) * 2017-12-07 2018-06-01 阿里巴巴集团控股有限公司 URL attack detection methods, device and electronic equipment
CN109325193A (en) * 2018-10-16 2019-02-12 杭州安恒信息技术股份有限公司 WAF normal traffic modeling method and device based on machine learning
CN109886290A (en) * 2019-01-08 2019-06-14 平安科技(深圳)有限公司 Detection method, device, computer equipment and the storage medium of user's request
CN109936561A (en) * 2019-01-08 2019-06-25 平安科技(深圳)有限公司 User request detection method and device, computer equipment and storage medium
CN109951500A (en) * 2019-04-29 2019-06-28 宜人恒业科技发展(北京)有限公司 Network attack detecting method and device

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120158626A1 (en) * 2010-12-15 2012-06-21 Microsoft Corporation Detection and categorization of malicious urls
CN107770132A (en) * 2016-08-18 2018-03-06 中兴通讯股份有限公司 A kind of method and device detected to algorithm generation domain name
CN107577945A (en) * 2017-09-28 2018-01-12 阿里巴巴集团控股有限公司 URL attack detection methods, device and electronic equipment
CN108111489A (en) * 2017-12-07 2018-06-01 阿里巴巴集团控股有限公司 URL attack detection methods, device and electronic equipment
CN109325193A (en) * 2018-10-16 2019-02-12 杭州安恒信息技术股份有限公司 WAF normal traffic modeling method and device based on machine learning
CN109886290A (en) * 2019-01-08 2019-06-14 平安科技(深圳)有限公司 Detection method, device, computer equipment and the storage medium of user's request
CN109936561A (en) * 2019-01-08 2019-06-25 平安科技(深圳)有限公司 User request detection method and device, computer equipment and storage medium
CN109951500A (en) * 2019-04-29 2019-06-28 宜人恒业科技发展(北京)有限公司 Network attack detecting method and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114924746A (en) * 2022-05-25 2022-08-19 杭州锘崴信息科技有限公司 Application compliance analysis method and device, electronic equipment and storage medium
CN114996130A (en) * 2022-05-25 2022-09-02 杭州锘崴信息科技有限公司 Application compliance analysis method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
US10116689B2 (en) Neutralizing propagation of malicious information
CN107209818B (en) Method and system for detecting false user interactions with a mobile device for improved malware protection
CN108632081B (en) Network situation assessment method, device and storage medium
CN107567628B (en) Method and system for identifying and responding to non-benign behavior using causal analysis for enhanced decision stumps
RU2674311C1 (en) Method and device for access to smart camera
WO2015058616A1 (en) Recognition method and device for malicious website
CN110191085B (en) Intrusion detection method and device based on multiple classifications and storage medium
CN105656948A (en) Account login method and device
WO2016011741A1 (en) Method and device for automatically connecting wireless local area network
CN107527053A (en) Object detection method and device
CN106228054A (en) Auth method and device
WO2017035997A1 (en) Connection state indication method and device
CN107659717B (en) State detection method, device and storage medium
WO2020062803A1 (en) Abnormal traffic analysis method and apparatus based on model tree algorithm, and electronic device and non-volatile readable storage medium
WO2022160616A1 (en) Passage detection method and apparatus, electronic device, and computer readable storage medium
CN105791325A (en) Image sending method and device
WO2016201889A1 (en) Website hijack detection method and device
CN108052822B (en) Terminal control method, device and system
CN110222706A (en) Ensemble classifier method, apparatus and storage medium based on feature reduction
WO2023173660A1 (en) User recognition method and apparatus, storage medium, electronic device, computer program product and computer program
CN115238787A (en) Abnormal data detection method, device, equipment and storage medium
CN111314291A (en) Website security detection method and device, storage medium
CN110928425A (en) Information monitoring method and device
CN112525224B (en) Magnetic field calibration method, magnetic field calibration device and storage medium
CN111611470A (en) A data processing method, device and electronic device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200619