CN106533893B - Message processing method and system - Google Patents

Message processing method and system Download PDF

Info

Publication number
CN106533893B
CN106533893B CN201510570515.XA CN201510570515A CN106533893B CN 106533893 B CN106533893 B CN 106533893B CN 201510570515 A CN201510570515 A CN 201510570515A CN 106533893 B CN106533893 B CN 106533893B
Authority
CN
China
Prior art keywords
target message
propagation
message
malicious
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510570515.XA
Other languages
Chinese (zh)
Other versions
CN106533893A (en
Inventor
高岳
颜国平
吴刚
湛长兰
曾凡
周一帆
阮华
姜瑾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201510570515.XA priority Critical patent/CN106533893B/en
Publication of CN106533893A publication Critical patent/CN106533893A/en
Application granted granted Critical
Publication of CN106533893B publication Critical patent/CN106533893B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The embodiment of the invention provides a message processing method and a system, wherein the method comprises the following steps: when a front-end server spreads a target message, identifying whether the target message is a malicious message, and if the target message is the malicious message, reporting the target message to an analysis server by the front-end server; the analysis server tracks the propagation attribute of the target message, generates a propagation relation chain of the target message according to the propagation attribute of the target message, and sends the propagation relation chain of the target message to a policy server; and the policy server generates a security policy aiming at the propagation relation chain of the target message, sends the security policy to the front-end server, and the front-end server executes security operation on the propagation relation chain of the target message according to the security policy. The invention can effectively improve the message processing efficiency and the message transmission safety.

Description

Message processing method and system
Technical Field
The invention relates to the technical field of internet, in particular to the technical field of internet message propagation security, and particularly relates to a message processing method and a message processing system.
Background
The Social platform includes Social network sites or Social applications such as instant messaging and SNS (Social Networking Services), and mainly helps users to establish connections of Social relationships and achieve communication between users. However, with the continued richness of social platform functionality, a large number of malicious messages flood the social platform, such as: advertisement promotion, rumor messages, counterfeit and shoddy commodity selling messages and the like, wherein the malicious messages are spread in the social platform to seriously affect normal interaction among users, and potential safety hazards such as fraud damage to user interests exist, so that striking treatment on the malicious messages is necessary to improve the safety of the social platform. At present, the processing process of malicious messages mainly depends on user reporting, and specifically includes: when finding the malicious message, the user can report the malicious message to the server and provide corresponding evidence, and an auditor at the server side audits the malicious message reported by the user and performs corresponding security policy processing (including number sealing, malicious message interception and the like) on the malicious user executing and spreading the malicious message. The existing scheme is used for processing the malicious messages manually, a processing object is used for a single propagation user of the malicious messages, the efficiency is low, and particularly, when massive report data is reported, the consumed labor cost and time cost are difficult to estimate.
Disclosure of Invention
Embodiments of the present invention provide a message processing method and system, which can perform automatic identification of a malicious message in a message transmission process, track a transmission relation chain of the malicious message, and execute a security policy based on the transmission relation chain, so that message processing efficiency can be effectively improved, and message transmission security can be improved.
A first aspect of an embodiment of the present invention provides a message processing method, which may include:
when a front-end server spreads a target message, identifying whether the target message is a malicious message, and if the target message is the malicious message, reporting the target message to an analysis server by the front-end server;
the analysis server tracks the propagation attribute of the target message, generates a propagation relation chain of the target message according to the propagation attribute of the target message, and sends the propagation relation chain of the target message to a policy server;
and the policy server generates a security policy aiming at the propagation relation chain of the target message, sends the security policy to the front-end server, and the front-end server executes security operation on the propagation relation chain of the target message according to the security policy.
Further, when the front-end server propagates the target message, identifying whether the target message is a malicious message, including:
a front-end server receives a message transmission request sent by a terminal, wherein the message transmission request comprises a sender user identifier, a receiver user identifier and a target message;
the front-end server identifies whether the target message contains at least one of malicious multimedia content, malicious text content and hidden identification, wherein the multimedia comprises images and/or audios and videos;
if so, the front-end server confirms that the target message is a malicious message.
Further, the analyzing server tracks the propagation attribute of the target message, including:
the analysis server determines the sender user identifier as a hidden identifier;
the analysis server carries out hidden encryption processing on the target message and adds the hidden identifier to the target message;
the analysis server returns the target message with the hidden identifier to the front-end server so that the front-end server transmits the target message with the hidden identifier to a receiver user;
and the analysis server tracks the propagation attribute of the target message according to the hidden identifier.
Further, the analyzing server tracks the propagation attribute of the target message, including:
the analysis server sends a tracking instruction to the front-end server, wherein the tracking instruction is used for indicating the front-end server to transmit the target message to a receiver user and feeding back the transmission attribute of the target message;
and the analysis server receives the propagation attribute of the target message fed back by the front-end server.
Further, the generating, by the analysis server, the propagation relation chain of the target message according to the propagation attribute of the target message includes:
the analysis server analyzes the target message to obtain at least one message characteristic;
the analysis server extracts the propagation time, the sender user identifier and the receiver user identifier of the propagation attribute record of the target message;
and the analysis server carries out clustering processing according to at least one message characteristic, the propagation time, the sender user identification and the receiver user identification of the target message to obtain a propagation relation chain of the target message, wherein the propagation relation chain of the target message is composed of at least one user identification for propagating the target message according to the sequence of the propagation time.
Further, the policy server generates a security policy for the chain of propagation relationships of the target message, including:
the policy server monitors the spread degree of the spread relation chain of the target message to the malicious message, wherein the spread degree comprises the following steps: the propagation frequency and/or the modification degree of the malicious message in the propagation process;
the policy server sets a security policy according to the propagation degree, wherein the security policy comprises: and performing number sealing processing on the user identifier in the propagation relation chain of the target message, intercepting or shielding malicious messages propagated by the propagation relation chain of the target message, or outputting a prompt to a terminal corresponding to the user identifier in the propagation relation chain of the target message.
A second aspect of the embodiments of the present invention provides a message processing system, which may include a front-end server, an analysis server, and a policy server;
the front-end server is used for identifying whether the target message is a malicious message or not when the target message is transmitted, and reporting the target message to an analysis server if the target message is the malicious message;
the analysis server is used for tracking the propagation attribute of the target message, generating a propagation relation chain of the target message according to the propagation attribute of the target message, and sending the propagation relation chain of the target message to the policy server;
and the policy server is used for generating a security policy aiming at the propagation relation chain of the target message, sending the security policy to the front-end server, and executing security operation on the propagation relation chain of the target message by the front-end server according to the security policy.
Further, the front-end server includes:
the identification unit is used for identifying whether the target message is a malicious message or not when the target message is spread;
a reporting unit, configured to report the target message to an analysis server if the target message is a malicious message;
and the execution unit is used for executing security operation on the propagation relation chain of the target message according to the security policy sent by the policy server.
Further, the identification unit includes:
the device comprises a request receiving unit, a message transmitting unit and a message transmitting unit, wherein the request receiving unit is used for receiving a message transmitting request sent by a terminal, and the message transmitting request comprises a sender user identifier, a receiver user identifier and a target message;
the malicious identification unit is used for identifying whether the target message contains at least one of malicious multimedia content, malicious text content and hidden identification, wherein the multimedia comprises images and/or audios and videos;
and if so, confirming that the target message is a malicious message.
Further, the analysis server includes:
the tracking unit is used for tracking the propagation attribute of the target message;
the relation chain generating unit is used for generating a propagation relation chain of the target message according to the propagation attribute of the target message;
and the sending unit is used for sending the propagation relation chain of the target message to the policy server.
Further, the tracking unit includes:
a hidden identifier determining unit, configured to determine the sender user identifier as a hidden identifier;
the encryption processing unit is used for carrying out hidden encryption processing on the target message and adding the hidden identifier to the target message;
the message returning unit is used for returning the target message with the hidden identifier to the front-end server so that the front-end server transmits the target message with the hidden identifier to a receiver user;
the propagation attribute tracking unit is used for tracking the propagation attribute of the target message according to the hidden identifier;
alternatively, the tracking unit includes:
the instruction unit is used for sending a tracking instruction to the front-end server, wherein the tracking instruction is used for instructing the front-end server to transmit the target message to a receiver user and feeding back the transmission attribute of the target message;
and the propagation attribute receiving unit is used for receiving the propagation attribute of the target message fed back by the front-end server.
Further, the relationship chain generating unit includes:
the message analysis unit is used for analyzing the target message to obtain at least one message characteristic;
the record extraction unit is used for extracting the propagation time, the sender user identifier and the receiver user identifier of the propagation attribute record of the target message;
and the clustering unit is used for carrying out clustering processing according to at least one message characteristic, the propagation time, the sender user identifier and the receiver user identifier of the target message to obtain a propagation relation chain of the target message, wherein the propagation relation chain of the target message is composed of at least one user identifier for propagating the target message according to the sequence of the propagation time.
Further, the policy server includes:
the strategy generating unit is used for generating a security strategy aiming at the propagation relation chain of the target message;
and the policy sending unit is used for sending the security policy to the front-end server.
Further, the policy generation unit includes:
a propagation monitoring unit, configured to monitor a degree of propagation of the target message on the malicious message according to a propagation relationship chain, where the degree of propagation includes: the propagation frequency and/or the modification degree of the malicious message in the propagation process;
a policy setting unit, configured to set a security policy according to the propagation degree, where the security policy includes: and performing number sealing processing on the user identifier in the propagation relation chain of the target message, intercepting or shielding malicious messages propagated by the propagation relation chain of the target message, or outputting a prompt to a terminal corresponding to the user identifier in the propagation relation chain of the target message.
The embodiment of the invention has the following beneficial effects:
in the embodiment of the invention, a front-end server carries out malicious identification on a target message when the target message is transmitted, and reports the target message to an analysis server when the target message is identified to be a malicious message, the analysis server generates a transmission relation chain by tracking the transmission attribute of the target message, a policy server generates a security policy for the transmission relation chain of the target message and executes the security policy, the whole process is realized by interaction of all servers, and the human resource consumption caused by manual participation is avoided; meanwhile, a security strategy is executed based on the propagation relation chain, so that the malicious attack strength is effectively improved, the message processing efficiency is improved, and the message propagation security is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a message processing system according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of another message processing system according to an embodiment of the present invention;
fig. 3 is a flowchart of a message processing method according to an embodiment of the present invention;
FIG. 4a is a schematic structural diagram of an embodiment of an identification unit in the front-end server shown in FIG. 2;
FIG. 4b is a schematic diagram of an embodiment of a tracking unit in the analysis server shown in FIG. 2;
FIG. 4c is a schematic diagram of another embodiment of the tracking unit in the analysis server shown in FIG. 2;
FIG. 4d is a schematic structural diagram of an embodiment of a relationship chain generating unit in the analysis server shown in FIG. 2;
FIG. 4e is a schematic structural diagram of an embodiment of a policy generating unit in the policy server shown in FIG. 2;
fig. 5 is a flowchart of another message processing method according to an embodiment of the present invention;
FIG. 6 is a diagram illustrating a hidden encryption process according to an embodiment of the present invention;
fig. 7 is another schematic diagram of a hidden encryption process provided by an embodiment of the present invention;
FIG. 8 is a diagram illustrating a message propagation process according to an embodiment of the present invention;
fig. 9 is a flowchart of another message processing method according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Please refer to fig. 1-2, which are schematic structural diagrams of a message processing system according to an embodiment of the present invention; the system 1 may comprise: a front-end server 10, an analysis server 20 and a policy server 30. The front-end server 10, the analysis server 20 and the policy server 30 may be connected to each other by optical fiber, cable, etc. Among them, the front-end server 10 may include: an identification unit 101, a reporting unit 102 and an execution unit 103. The analysis server 20 may include: a tracking unit 201, a relationship chain generation unit 202 and a transmission unit 203. Policy server 30 may include: a policy generation unit 301 and a policy transmission unit 302.
The front-end server 10 may establish a communication connection with at least one terminal, where the terminal may include but is not limited to: PC (Personal Computer), PAD (tablet), smart phone, smart wearable device, etc. The front-end server 10 may propose a communication connection with at least one terminal in a wired manner such as an optical fiber, a cable, or the like, or in a Wireless manner such as Wifi (Wireless-Fidelity), GPRS (General Packet Radio Service), or the like. The front-end server 10 is responsible for processing various requests of the user at the terminal side and providing corresponding services for the user at the terminal side, which may include but are not limited to: receiving an interactive request such as a friend chat request, a message forwarding request, a message propagation request, and the like from a terminal, and performing a transmission service of chat content, message content, and the like in response to the request of the terminal; or, an application operation request such as application registration, history inquiry, etc. from the terminal, a registration service, an inquiry service, etc. performed in response to the request of the terminal are received. The messages herein may include, but are not limited to: instant messaging messages, SNS messages, and the like. The embodiment of the present invention is mainly applied to a message processing flow executed by the front-end server 10 interacting with the analysis server 20 and the policy server 30 when the front-end server 10 processes an interaction request of a user at a terminal side to propagate a target message, and is intended to track a propagation relation chain of a malicious message and execute a security policy on the propagation relation chain to ensure the security of a message propagation process.
Fig. 3 is a flowchart of a message processing method according to an embodiment of the present invention. Fig. 3 illustrates in detail the message processing flow executed by the front-end server 10, the analysis server 20, and the policy server 30 in the message processing system 1 shown in fig. 1-2 through mutual interaction, which is specifically as follows:
steps S101-S102 occur in the front-end server 10, specifically: when propagating the target message in response to the terminal's interaction request, the identifying unit 101, for example: sending a chat message to a friend B in response to a chat request of a terminal user a, or sending a sharing message to a user C in response to a sharing request of the terminal user a, where the chat message or the sharing message to be transmitted by the front-end server 10 is a target message, the identifying unit 101 needs to identify whether the target message is a malicious message in a transmission process, where the malicious message may include but is not limited to an advertisement message, a rumor, a fake and shoddy goods promotion message, and the malicious message generally has malicious multimedia content and/or malicious text content, for example: including pictures of merchandise or promotional prices, or rumors disseminated audio-visual or textual content, etc. If the identification unit 101 determines that the target message is a malicious message, the target message is transmitted to the reporting unit 102, and the reporting unit 102 reports the target message to the analysis server 20.
Steps S103-S105 occur in the analysis server 20, specifically: the tracking unit 201 tracks the propagation attribute of the target message after receiving the target message reported by the reporting unit 102 in the front-end server 10. It should be noted that, a propagation attribute can be obtained every time a target message is propagated, where the propagation attribute may include target message content, propagation time, sender user identifier, and receiver user identifier; for example, the propagation attribute of a target message M includes the content of the target message M, XX day 10:00 in XX year, the sender user id is a, and the receiver user id is B, indicating that: the target message M was sent from user A to user B at 10:00 am on XX days. The relationship chain generating unit 202 may generate a propagation relationship chain of the target message by analyzing the propagation attribute of the target message, where the propagation relationship chain of the target message is composed of at least one user identifier for propagating the target message according to the sequence of propagation time; for example: if two propagation attributes of the target message M are tracked, wherein one propagation attribute is the example, the other propagation attribute comprises the content of the target message M, XX is 10:25 in XX year, the sender user identifier is B, and the receiver user identifier is C; then the chain of propagation relationships for target message M may be recorded as a- > B- > C. The relationship chain generation unit 202 transfers the generated propagation relationship chain of the target message to the transmission unit 203, and the transmission unit 203 transmits the propagation relationship chain of the target message to the policy server 30.
Steps S106-S107 occur in the policy server 30, specifically: the policy generating unit 301 may generate the security policy for the propagation relationship chain of the target message after receiving the propagation relationship chain of the target message sent by the sending unit 203 in the analysis server 20. The security policy may include: and performing number sealing processing on the user identifier in the propagation relation chain of the target message, intercepting or shielding malicious messages propagated by the propagation relation chain of the target message, or outputting a prompt to a terminal corresponding to the user identifier in the propagation relation chain of the target message. Further, the policy generation unit 301 passes the security policy to the policy transmission unit 302, and the policy transmission unit 302 transmits the security policy to the front-end server 10.
Step S108 occurs in the front-end server 10, specifically: the execution unit 103 executes a security operation on the propagation relation chain of the target message according to the security policy sent by the policy sending unit 302 in the policy server 30. The security operation herein uses the security policy as an operation guide, specifically, if the security policy is: performing number sealing processing on the user identification in the propagation relation chain of the target message; the executing unit 103 performs a number sealing process on part or all of the user identifiers in the propagation relation chain of the target message according to the indication of the security policy. If the security policy is: intercepting or shielding the malicious message propagated by the propagation relation chain of the target message; then, once the identifying unit 101 identifies that the message requesting propagation of any user identifier in the propagation relation chain of the target message is a malicious message, the executing unit 103 directly intercepts or screens the message requesting propagation, and does not send the message requesting propagation any more. If the security policy is: outputting a prompt to a terminal corresponding to the user identifier in the propagation relation chain of the target message; then, the execution unit 103 outputs a reminder to a terminal corresponding to part or all of the user identifiers in the propagation relationship chain of the target message to remind the user at the terminal that the propagated message belongs to a malicious message, which violates the system rule.
Please refer to fig. 4, which is a detailed structural diagram of each server in the message processing system shown in fig. 1-2; as shown in fig. 4a, the identifying unit 101 in the front-end server 10 may specifically include: a request receiving unit 1001, a malicious identification unit 1002, and a malicious confirmation unit 1003.
There may be two possible embodiments of the tracking unit 201 in the analysis server 20, wherein one possible embodiment is shown in fig. 4b, and the tracking unit 201 may include: a hidden identification determination unit 2001, an encryption processing unit 2002, a message return unit 2003, and a propagation attribute tracking unit 2004. As another possible implementation manner, as shown in fig. 4c, the tracking unit 201 may include: an instruction unit 2011 and a propagation attribute receiving unit 2012. As shown in fig. 4d, the relationship chain generating unit 202 in the analysis server 20 may include: message parsing section 2211, record extraction section 2212, and cluster processing section 2213.
As shown in fig. 4e, the policy generating unit 301 in the policy server 30 may include: a propagation monitoring unit 3001 and a policy setting unit 3002.
Please refer to fig. 5, which is a flowchart illustrating another message processing method according to an embodiment of the present invention; fig. 5 details a message processing flow executed by interaction among the units included in the front-end server 10, the analysis server 20, and the policy server 30 in the message processing system 1 shown in fig. 4.
Steps S201 to S204 occur in the front-end server 10, specifically:
in step S201, the request receiving unit 1001 receives a message transmission request sent by a terminal, where the message transmission request includes a sender user identifier, a receiver user identifier, and a target message. Here, the user identification may include, but is not limited to: an instant messaging number, an SNS number, an e-Mail (Electronic Mail) number, a cell phone number, a device identification number of the terminal, and the like. The target message may be an instant messaging message, an SNS message, an e-mail, etc. The message propagation request may include, but is not limited to: chat requests, message sharing requests, and the like for instant messaging or SNS communication, for example: a terminal side user a requests to perform SNS chat with a friend B, and the request receiving unit 1001 may receive a chat request sent by the terminal, where the chat message propagated to the user B is a target message; or, the terminal-side user a requests to share the instant messaging message with the user C, then the request receiving unit 1001 may receive a sharing request sent by the terminal, and the like, where the sharing message propagated to the user C is the target message.
In step S202, the malicious identification unit 1002 identifies whether the target message contains at least one of malicious multimedia content, malicious text content, and hidden identifier, where the multimedia includes images and/or audio/video. The malicious messages may include, but are not limited to, advertisement messages, rumors, fake and shoddy merchandising messages, and the like, and are typically provided with malicious multimedia content and/or malicious textual content, such as: including pictures of merchandise or promotional prices, or rumor disseminated audio-video or text content, etc.; in practical applications, the malicious identification unit 1002 may determine whether the target message includes malicious images with characteristics of fraud, and the like by using an image identification technology, determine whether the target message includes malicious text contents such as violence, advertisement, price, promotion, and the like by using a text identification technology, or determine whether the target message includes audio and video contents with characteristics of fraud, rumor, and the like by using an audio and video identification technology. Further, the hidden identifier refers to a mark used for tracking the propagation attribute of the malicious message and indicating the source of the message. The malicious identification unit 1002 may determine whether the target message includes a hidden identifier by performing a hidden decryption process on the target message, so as to determine whether the target message is a malicious message.
In step S203, if the malicious identification unit 1002 identifies that the target message contains at least one of malicious multimedia content, malicious text content, and hidden identifier, the malicious confirmation unit 1003 confirms that the target message is a malicious message.
In step S204, the malicious determination unit 1003 transmits the target message to the reporting unit 102, and the reporting unit 102 reports the target message to the analysis server 20.
Steps S205-S212 occur in the analysis server 20, specifically:
in step S205, in order to track the propagation attribute of the target message, the hidden identifier determining unit 2001 may determine the sender user identifier as a hidden identifier. Here, hidden identification refers to a mark used for tracing the propagation attribute of a malicious message, and can indicate the source of the message.
In step S206, the encryption processing unit 2002 may perform hidden encryption processing on the target message, and add the hidden identifier to the target message. It should be noted that the hidden identifier is transparent to the user, that is, the user cannot directly view the hidden identifier in the target message, and only needs to use a hidden decryption means to see the hidden identifier. The encryption processing unit 2002 may add a hidden identifier to any location of the target message, for example: if a certain target message contains a picture and a text, the hidden identifier can be added into the picture or the text; taking the example of adding to a picture, assuming that the picture is a JPG picture, please refer to fig. 6, which is a schematic diagram of the hidden encryption process provided by the embodiment of the present invention; the shaded portion in fig. 6 is the added hidden identification. Please refer to fig. 7, which is another schematic diagram of the hidden encryption process according to the embodiment of the present invention; the original picture shown in fig. 7 forms a new picture after the hidden encryption processing shown in fig. 6, the original picture and the new picture have the same presentation effect, but the hidden identifier in the new picture can be seen through the hidden decryption means.
In step S207, the message returning unit 2003 may return the target message with the hidden identifier to the front-end server 10, and the front-end server 10 propagates the target message with the hidden identifier to the recipient user.
In step S208, since the target message carries the hidden identifier, the propagation attribute tracking unit 2004 tracks the propagation attribute of the target message according to the hidden identifier. The propagation properties here may include: may include a propagation time, a sender user identification, and a receiver user identification.
Steps S205 to S208 describe a process of tracking the propagation attribute of the target message, and the propagation attribute of the target message can be obtained by adding the hidden identifier to the target message and tracking the hidden identifier in the target message.
In step S209, the message parsing unit 2211 parses the target message to obtain at least one message feature. Please refer to fig. 8, which is a schematic diagram of a message dissemination process according to an embodiment of the present invention; as shown in fig. 8, the target message undergoes a propagation process from an upstream user (sender user) to a downstream user (receiver user), during which the target message may be modified, which is illustrated as follows by way of specific example: the content of a target message is "weekend benefits, brand new no-removed XXX mask, weekend benefits price 109, and contains the assignment shown in fig. 7", and it is tracked that three propagation attributes include: (ii) sender user identification a, recipient user identification B, XX year XX day 10:11, target message "send benefits on weekend, brand new not removed XXX mask, weekend benefits price RMB (renminbi) 109, and contain the assignment shown in fig. 7". ② sender user identification B, receiver user identification C, XX year XX day 14:21, target message "brand-new undetached XXX mask, weekend welfare price RMB109, and contain the matching chart shown in FIG. 7". Third, sender user ID C, receiver user ID D, XX year XX day 17:05, target message "Brand New undetached XXX mask, weekend welfare price RMB109, and contain the matching chart shown in FIG. 7". From this example, the target message is modified at user B. In order to accurately obtain the propagation relation chain of the target message, the first condition is to determine whether the three propagation attributes belong to the same target message, that is, it needs to determine whether the three propagation attributes are the same target message, where the three propagation attributes are determined by the message characteristics, that is, if the three propagation attributes are the same, it can be determined as the same target message; otherwise, the message is a different target message. The message parsing unit 2211 may parse each propagated target message to obtain at least one message characteristic, where each target message in the above example may obtain a message characteristic, and the message characteristic includes: XXX mask, weekend welfare, RMB109, panel shown in fig. 7.
In step S210, the record extraction unit 2212 extracts the propagation time, the sender user identifier, and the receiver user identifier of the propagation attribute record of the target message.
In step S211, the clustering unit 2213 performs clustering processing on the at least one message feature, the propagation time, the sender user identifier, and the receiver user identifier of the target message to obtain a propagation relation chain of the target message, where the propagation relation chain of the target message is composed of at least one user identifier for propagating the target message according to a sequence of the propagation times.
The clustering unit 2213 mainly needs to perform clustering on at least one message feature of the target message, and aims to determine whether the propagated target message is the same target message. According to the example shown in step S209, since the messages propagated by the user a, the user B, and the user C all include the same message characteristics, the clustering process can analyze and confirm that the three messages are the same target message, and all the three tracked propagation attributes belong to the same target message. Further, the clustering processing unit 2213 may obtain the propagation relation chain of the target message a- > B- > C according to the propagation attribute of the target message and the propagation time sequence and the sender user id and the receiver user id.
Steps S209 to S211 describe a process of determining a propagation relation chain of the target message, and the propagation relation chain of the target message is obtained by cluster analysis in combination with the message characteristics of each propagated target message and the obtained propagation attributes of the target message.
In step S212, the clustering unit 2213 transfers the generated propagation relationship chain of the target message to the transmitting unit 203, and the transmitting unit 203 transmits the propagation relationship chain of the target message to the policy server 30.
Steps S213-S215 occur in the policy server 30, specifically:
in step S213, the propagation monitoring unit 3001 monitors the degree of propagation of the target message on the malicious message according to the propagation relationship chain, where the degree of propagation includes: the frequency of propagation and/or the degree of modification to the malicious message during propagation. The propagation frequency refers to the number of malicious messages propagated in a preset time period, and may be: how many malicious messages are propagated every day, or how many malicious messages are propagated every week, etc.; the higher the propagation frequency indicates that the propagation property of the propagation relation chain of the target message to the malicious message is more serious, and a stricter security policy needs to be implemented on the propagation relation chain of the target message. The modification to the malicious message may include: adding new content to the malicious message or deleting the existing content of the malicious message; the degree of modification to the malicious message may include, in light-weight order: existing content of the malicious message is not modified and deleted, and new content is added to the malicious message. The more the malicious message is modified, the more serious the propagation relation chain of the target message is to the malicious message, and a more strict security policy needs to be executed on the propagation relation chain of the target message.
In step S210, the policy setting unit 3002 sets a security policy according to the propagation degree, where the security policy includes: and performing number sealing processing on the user identifier in the propagation relation chain of the target message, intercepting or shielding malicious messages propagated by the propagation relation chain of the target message, or outputting a prompt to a terminal corresponding to the user identifier in the propagation relation chain of the target message. In a specific implementation, the policy setting unit 3002 may set a correspondence between the propagation degree and the security policy according to actual usage needs, for example: dividing the propagation degree levels, wherein one propagation degree level corresponds to one security policy; then, the degrees of propagation monitored in step S209 are classified into respective levels and set as corresponding security policies. In addition, the policy setting unit 3002 may also set a security policy in combination with actual audit needs, for example: the policy setting unit 3002 may output the monitored propagation degree, so that an auditor may check the output propagation degree and manually set the security policy.
Step S216 occurs in the front-end server 10, specifically: the execution unit 103 executes a security operation on the propagation relation chain of the target message according to the security policy sent by the policy sending unit 302 in the policy server 30. The security operation herein uses the security policy as an operation guide, specifically, if the security policy is: performing number sealing processing on the user identification in the propagation relation chain of the target message; the executing unit 103 performs a number sealing process on part or all of the user identifiers in the propagation relation chain of the target message according to the indication of the security policy. If the security policy is: intercepting or shielding the malicious message propagated by the propagation relation chain of the target message; then, once the identifying unit 101 identifies that the message requesting propagation of any user identifier in the propagation relation chain of the target message is a malicious message, the executing unit 103 directly intercepts or screens the message requesting propagation, and does not send the message requesting propagation any more. If the security policy is: outputting a prompt to a terminal corresponding to the user identifier in the propagation relation chain of the target message; then, the execution unit 103 outputs a reminder to a terminal corresponding to part or all of the user identifiers in the propagation relationship chain of the target message to remind the user at the terminal that the propagated message belongs to a malicious message, which violates the system rule.
Please refer to fig. 9, which is a flowchart illustrating another message processing method according to an embodiment of the present invention; fig. 9 details a message processing flow executed by interaction among the units included in the front-end server 10, the analysis server 20, and the policy server 30 in the message processing system 1 shown in fig. 4.
Steps S301 to S304 occur in the front-end server, which can be referred to specifically as steps S201 to S204 shown in fig. 5, which is not described herein again.
Steps S305-S310 occur in the analysis server, specifically:
in step S305, the instruction unit 2011 sends a trace instruction to the front-end server 10, where the trace instruction is used to instruct the front-end server 10 to propagate the target message to a recipient user, and feed back a propagation attribute of the target message. Since the front-end server 10 plays a role of propagating the target message, the front-end server 10 may store the propagation attribute of the target message after propagating the target message in the present embodiment.
In step S306, the propagation attribute receiving unit 2012 receives the propagation attribute of the target message fed back by the front-end server 10. The front-end server 10 feeds back the stored propagation attribute of the target message to the propagation attribute receiving unit 2012.
Steps S305 to S306 describe a process of tracking the propagation attribute of the target message, and the propagation attribute of the target message is stored and fed back by the front-end server 10 by using the propagation function of the front-end server 10 on the message.
Steps S307-S310 can be referred to steps S209-S211 shown in FIG. 5, which are not described herein.
Step S311 occurs in the front-end server 10, which can be referred to as step S216 shown in fig. 5, and is not described herein again.
Through the description of the embodiment, in the embodiment of the invention, the front-end server performs malicious identification on the target message when the target message is transmitted, and reports the target message to the analysis server when the target message is identified to be the malicious message, the analysis server generates the transmission relation chain by tracking the transmission attribute of the target message, the policy server generates the security policy for the transmission relation chain of the target message and executes the security policy, and the whole process is realized by interaction of the servers, so that the human resource consumption caused by manual participation is avoided; meanwhile, a security strategy is executed based on the propagation relation chain, so that the malicious attack strength is effectively improved, the message processing efficiency is improved, and the message propagation security is improved.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above disclosure is only for the purpose of illustrating the preferred embodiments of the present invention, and it is therefore to be understood that the invention is not limited by the scope of the appended claims.

Claims (14)

1. A message processing method is applied to the interaction of a front-end server and an analysis server and a policy server to execute message processing when a front-end server processes a message propagation request sent by a terminal side and propagates a target message, and comprises the following steps:
when the front-end server spreads the target message, identifying whether the target message is a malicious message, and if the target message is the malicious message, reporting the target message to the analysis server by the front-end server;
the analysis server tracks the propagation attribute of the target message, generates a propagation relation chain of the target message according to the propagation attribute of the target message, and sends the propagation relation chain of the target message to the policy server, wherein each target message propagated by the propagation relation chain contains the same message characteristics, one propagation attribute is obtained when the target message is propagated once, the propagation attributes comprise target message content, propagation time, sender user identification and receiver user identification, and the propagation relation chain of the target message is composed of at least one user identification for propagating the target message according to the sequence of the propagation time;
the policy server monitors the spread degree of the spread relation chain of the target message to the malicious message, wherein the spread degree comprises the following steps: the method comprises the steps of transmitting a frequency and/or a modification degree of the malicious messages in the transmission process, wherein the transmission frequency is the number of the malicious messages transmitted in a preset time period, the modification of the malicious messages comprises adding new contents to the malicious messages or deleting the existing contents of the malicious messages, and the modification degree of the malicious messages comprises not modifying, deleting the existing contents of the malicious messages and adding new contents to the malicious messages according to a light-weight sequence;
the policy server sets a security policy according to the propagation degree, sends the security policy to the front-end server, and the front-end server executes security operation on a propagation relation chain of the target message according to the security policy, wherein the security policy and the propagation degree are preset in a corresponding relation, the propagation degree comprises different levels, and one propagation degree level corresponds to one security policy.
2. The method of claim 1, wherein the front-end server, in propagating a target message, identifying whether the target message is a malicious message comprises:
a front-end server receives a message transmission request sent by a terminal, wherein the message transmission request comprises a sender user identifier, a receiver user identifier and a target message;
the front-end server identifies whether the target message contains at least one of malicious multimedia content, malicious text content and hidden identification, wherein the multimedia comprises images and/or audios and videos;
if so, the front-end server confirms that the target message is a malicious message.
3. The method of claim 2, wherein the analytics server tracks the propagation properties of the target message, comprising:
the analysis server determines the sender user identifier as a hidden identifier;
the analysis server carries out hidden encryption processing on the target message and adds the hidden identifier to the target message;
the analysis server returns the target message with the hidden identifier to the front-end server so that the front-end server transmits the target message with the hidden identifier to a receiver user;
and the analysis server tracks the propagation attribute of the target message according to the hidden identifier.
4. The method of claim 2, wherein the analytics server tracks the propagation properties of the target message, comprising:
the analysis server sends a tracking instruction to the front-end server, wherein the tracking instruction is used for indicating the front-end server to transmit the target message to a receiver user and feeding back the transmission attribute of the target message;
and the analysis server receives the propagation attribute of the target message fed back by the front-end server.
5. The method of claim 3 or 4, wherein the analysis server generating the chain of propagation relationships for the target message according to the propagation attributes of the target message comprises:
the analysis server analyzes the target message to obtain at least one message characteristic;
the analysis server extracts the propagation time, the sender user identifier and the receiver user identifier of the propagation attribute record of the target message;
and the analysis server carries out clustering processing according to at least one message characteristic, the propagation time, the sender user identification and the receiver user identification of the target message to obtain a propagation relation chain of the target message.
6. The method of claim 5, wherein the security policy comprises: and performing number sealing processing on the user identifier in the propagation relation chain of the target message, intercepting or shielding malicious messages propagated by the propagation relation chain of the target message, or outputting a prompt to a terminal corresponding to the user identifier in the propagation relation chain of the target message.
7. A message processing system is characterized by comprising a front-end server, an analysis server and a policy server;
the front-end server is used for identifying whether the target message is a malicious message or not when the target message is transmitted, and reporting the target message to an analysis server if the target message is the malicious message;
the analysis server is configured to track a propagation attribute of the target message, generate a propagation relation chain of the target message according to the propagation attribute of the target message, and send the propagation relation chain of the target message to the policy server, where each target message propagated by the propagation relation chain includes the same message feature, and each propagation of the target message obtains one propagation attribute, where the propagation attributes include a target message content, a propagation time, a sender user identifier, and a receiver user identifier, and the propagation relation chain of the target message is composed of at least one user identifier for propagating the target message according to a sequence of the propagation time;
the policy server is configured to generate a security policy for the propagation relationship chain of the target message, send the security policy to the front-end server, and execute a security operation on the propagation relationship chain of the target message by the front-end server according to the security policy;
the policy server includes a policy generation unit and a policy transmission unit,
the policy generating unit is configured to generate a security policy for the propagation relationship chain of the target message, and specifically includes:
a propagation monitoring unit, configured to monitor a degree of propagation of the target message on the malicious message according to a propagation relationship chain, where the degree of propagation includes: the method comprises the steps of transmitting a frequency and/or a modification degree of the malicious messages in the transmission process, wherein the transmission frequency is the number of the malicious messages transmitted in a preset time period, the modification of the malicious messages comprises adding new contents to the malicious messages or deleting the existing contents of the malicious messages, and the modification degree of the malicious messages comprises not modifying, deleting the existing contents of the malicious messages and adding new contents to the malicious messages according to a light-weight sequence;
a policy setting unit, configured to set a security policy according to the propagation degree, where the security policy and the propagation degree are preset in a corresponding relationship, where the propagation degree includes different levels, and one propagation degree level corresponds to one security policy;
the policy sending unit is used for sending the security policy to the front-end server.
8. The system of claim 7, wherein the front-end server comprises:
the identification unit is used for identifying whether the target message is a malicious message or not when the target message is spread;
a reporting unit, configured to report the target message to an analysis server if the target message is a malicious message;
and the execution unit is used for executing security operation on the propagation relation chain of the target message according to the security policy sent by the policy server.
9. The system of claim 8, wherein the identification unit comprises:
the device comprises a request receiving unit, a message transmitting unit and a message transmitting unit, wherein the request receiving unit is used for receiving a message transmitting request sent by a terminal, and the message transmitting request comprises a sender user identifier, a receiver user identifier and a target message;
the malicious identification unit is used for identifying whether the target message contains at least one of malicious multimedia content, malicious text content and hidden identification, wherein the multimedia comprises images and/or audios and videos;
and if so, confirming that the target message is a malicious message.
10. The system of claim 9, wherein the analysis server comprises:
the tracking unit is used for tracking the propagation attribute of the target message;
the relation chain generating unit is used for generating a propagation relation chain of the target message according to the propagation attribute of the target message;
and the sending unit is used for sending the propagation relation chain of the target message to the policy server.
11. The system of claim 10, wherein the tracking unit comprises:
a hidden identifier determining unit, configured to determine the sender user identifier as a hidden identifier;
the encryption processing unit is used for carrying out hidden encryption processing on the target message and adding the hidden identifier to the target message;
the message returning unit is used for returning the target message with the hidden identifier to the front-end server so that the front-end server transmits the target message with the hidden identifier to a receiver user;
the propagation attribute tracking unit is used for tracking the propagation attribute of the target message according to the hidden identifier;
alternatively, the tracking unit includes:
the instruction unit is used for sending a tracking instruction to the front-end server, wherein the tracking instruction is used for instructing the front-end server to transmit the target message to a receiver user and feeding back the transmission attribute of the target message;
and the propagation attribute receiving unit is used for receiving the propagation attribute of the target message fed back by the front-end server.
12. The system according to claim 10 or 11, wherein the relationship chain generating unit comprises:
the message analysis unit is used for analyzing the target message to obtain at least one message characteristic;
the record extraction unit is used for extracting the propagation time, the sender user identifier and the receiver user identifier of the propagation attribute record of the target message;
and the clustering unit is used for carrying out clustering processing according to at least one message characteristic, the propagation time, the sender user identifier and the receiver user identifier of the target message to obtain a propagation relation chain of the target message.
13. The system of claim 7, wherein the security policy comprises: and performing number sealing processing on the user identifier in the propagation relation chain of the target message, intercepting or shielding malicious messages propagated by the propagation relation chain of the target message, or outputting a prompt to a terminal corresponding to the user identifier in the propagation relation chain of the target message.
14. A computer-readable storage medium, in which one or more programs are stored, the programs being adapted to be called by a processor and to execute the message processing method according to any one of claims 1 to 6.
CN201510570515.XA 2015-09-09 2015-09-09 Message processing method and system Active CN106533893B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510570515.XA CN106533893B (en) 2015-09-09 2015-09-09 Message processing method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510570515.XA CN106533893B (en) 2015-09-09 2015-09-09 Message processing method and system

Publications (2)

Publication Number Publication Date
CN106533893A CN106533893A (en) 2017-03-22
CN106533893B true CN106533893B (en) 2020-11-27

Family

ID=58346894

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510570515.XA Active CN106533893B (en) 2015-09-09 2015-09-09 Message processing method and system

Country Status (1)

Country Link
CN (1) CN106533893B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107819750A (en) * 2017-10-27 2018-03-20 北京趣拿软件科技有限公司 Processing method, device, storage medium, processor and the system of request message
CN108737252B (en) * 2018-05-17 2021-02-26 立旃(上海)科技有限公司 Information pushing method and device based on block chain
CN109104456A (en) * 2018-06-07 2018-12-28 北京本邦科技股份有限公司 A kind of user tracking based on browser fingerprint and propagating statistics analysis method
CN111800354B (en) * 2019-04-08 2022-06-14 中移(苏州)软件技术有限公司 Message processing method and device, message processing equipment and storage medium
CN110705364B (en) * 2019-09-06 2021-04-30 武汉美格科技股份有限公司 Malicious advertisement eliminating method and system
CN111447137A (en) * 2020-02-29 2020-07-24 中国平安人寿保险股份有限公司 Browsing condition data analysis method and device, server and storage medium
CN111447081B (en) * 2020-02-29 2023-07-25 中国平安人寿保险股份有限公司 Data link generation method, device, server and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101106748A (en) * 2006-07-11 2008-01-16 华为技术有限公司 A content filtering system, device and method for mobile network
US20080250107A1 (en) * 2007-04-03 2008-10-09 Michael Holzer Instant message archive viewing
CN103136255A (en) * 2011-11-30 2013-06-05 腾讯科技(深圳)有限公司 Method and device for information management
CN103927398A (en) * 2014-05-07 2014-07-16 中国人民解放军信息工程大学 Microblog hype group discovering method based on maximum frequent item set mining
CN104182457A (en) * 2014-07-14 2014-12-03 上海交通大学 Poisson-process-model-based method for predicting event popularity in social network

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8396927B2 (en) * 2004-12-21 2013-03-12 Alcatel Lucent Detection of unwanted messages (spam)
CN100505902C (en) * 2007-04-30 2009-06-24 中兴通讯股份有限公司 System for counting short message transmission based on point-to-point short message and counting method
CN102387126A (en) * 2010-09-01 2012-03-21 腾讯科技(深圳)有限公司 Method, server, client and system for converging single microblog message
CN104239539B (en) * 2013-09-22 2017-11-07 中科嘉速(北京)并行软件有限公司 A kind of micro-blog information filter method merged based on much information
CN104092598A (en) * 2014-07-03 2014-10-08 厦门欣欣信息有限公司 Message propagation path extraction method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101106748A (en) * 2006-07-11 2008-01-16 华为技术有限公司 A content filtering system, device and method for mobile network
US20080250107A1 (en) * 2007-04-03 2008-10-09 Michael Holzer Instant message archive viewing
CN103136255A (en) * 2011-11-30 2013-06-05 腾讯科技(深圳)有限公司 Method and device for information management
CN103927398A (en) * 2014-05-07 2014-07-16 中国人民解放军信息工程大学 Microblog hype group discovering method based on maximum frequent item set mining
CN104182457A (en) * 2014-07-14 2014-12-03 上海交通大学 Poisson-process-model-based method for predicting event popularity in social network

Also Published As

Publication number Publication date
CN106533893A (en) 2017-03-22

Similar Documents

Publication Publication Date Title
CN106533893B (en) Message processing method and system
CN105391803B (en) Message pushing method, device, equipment and computer readable storage medium
US9763100B2 (en) Instant messaging message processing method and device and storage medium
US9210229B2 (en) System and method for generating personalized short links and monitoring activity
CN106470149B (en) Message sending method and device
US11093967B1 (en) Determining whether to maintain information describing a group of online system users specified by a third-party system based on revenue from content selection based on the group and objectives for presentation of selected content
AU2014393433B2 (en) Associating user interactions across multiple applications on a client device
US20090327084A1 (en) Graphical certifications of online advertisements intended to impact click-through rates
US10616160B2 (en) Electronic rumor cascade management in computer network communications
US20140280624A1 (en) System and method for providing actionable recomendations to improve electronic mail inbox placement and engagement
CN109831501B (en) Information distribution method and system based on block chain
US20210390181A1 (en) Generating Simulated Spear Phishing Messages and Customized Cybersecurity Training Modules Using Machine Learning
CN107528818B (en) Data processing method and device for media file
WO2017133329A1 (en) Information processing method, server, first terminal and computer storage medium
AU2014323498A1 (en) Targeting advertisements to customized groups of users of an online system
CN108989864B (en) Wheat connecting method, device, equipment and storage medium
CN113766256A (en) Live broadcast wind control method and device
KR20100137659A (en) System and method for providing contents use information
CN110955905A (en) Block chain based asset transfer method, device, equipment and readable storage medium
CN113326375A (en) Public opinion processing method, device, electronic equipment and storage medium
US20180005270A1 (en) Determining fraudulent indications of advertisement interaction based on identity
US10374929B2 (en) Measuring deletion of cookies included in browsers used by online system users
CN109831417B (en) Method, device, server and storage medium for processing account number for preventing harassment
US9715492B2 (en) Unspoken sentiment
US11146652B2 (en) Methods and systems for enriching data

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant