CN110502896B - Leakage monitoring method and system for website information and related device - Google Patents
Leakage monitoring method and system for website information and related device Download PDFInfo
- Publication number
- CN110502896B CN110502896B CN201910802872.2A CN201910802872A CN110502896B CN 110502896 B CN110502896 B CN 110502896B CN 201910802872 A CN201910802872 A CN 201910802872A CN 110502896 B CN110502896 B CN 110502896B
- Authority
- CN
- China
- Prior art keywords
- honeypot
- information
- account
- website
- login
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/556—Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application provides a website information leakage monitoring method, which comprises the following steps: registering a honeypot account in the detected website by using a preset mailbox; judging whether the honeypot account is in a login state or not according to the preset mailbox; if so, determining login information of the login user; sending alarm information to a service background corresponding to the honeypot account; wherein, the alarm information comprises the login information. According to the login state of the honeypot account registered by the detected website, the information leakage condition can be quickly found. Meanwhile, the detected website is not invasive, the detected website does not need to be changed, and the website information leakage can be monitored while the normal operation of the website is not influenced. The application also provides a system for monitoring the leakage of the website information, a computer readable storage medium and a terminal for monitoring the leakage of the website information, which have the beneficial effects.
Description
Technical Field
The present application relates to the field of information security, and in particular, to a method, a system, and a related device for monitoring website information leakage.
Background
In the 21 st century, with the continuous development of information technology, the information security problem is prominent. Due to the fact that the security construction of part of online information systems is incomplete, hackers can take advantage of the security construction, and can utilize the loophole of the system to invade the system and steal internal information of the system. The most harmful of the method is the stealing and leakage of the personal account information of the user, and besides the invasion of the personal privacy of the user, the method also seriously harms the economic property safety of the user. Especially, a large number of users tend to set the same user name and password for different websites, and once a certain service system is broken, the influence often occurs, and immeasurable threats and injuries are generated to the users.
Disclosure of Invention
The purpose of the application is to provide a website information leakage monitoring method and system, a computer readable storage medium and a website information leakage monitoring terminal, which can alarm website information leakage in time and reduce user loss.
In order to solve the technical problem, the application provides a method for monitoring website information leakage, which has the following specific technical scheme:
registering a honeypot account in the detected website by using a preset mailbox;
judging whether the honeypot account is in a login state or not according to the preset mailbox;
if so, determining login information of the login user;
sending alarm information to a service background corresponding to the honeypot account; wherein, the alarm information comprises the login information.
The method for registering the honey pot account number on the detected website by using the preset mailbox further comprises the following steps:
and filling in personal information corresponding to the honeypot account, and recording the honeypot account and the corresponding service background into a database.
The registration of the honeypot account number on the detected website by using the preset mailbox comprises the following steps:
and respectively registering the low-security honeypot account and the high-security honeypot account in the detected website by using a preset mailbox.
Wherein, judging whether the honeypot account is in a login state according to the preset mailbox comprises:
and sending the account list containing all honeypot accounts to a mailbox management server so that the mailbox management server detects whether the honeypot accounts are in a login state.
The present application further provides a website information leakage monitoring system, including:
the registration module is used for registering the honeypot account number in the detected website by using a preset mailbox;
the judging module is used for judging whether the honeypot account is in a login state or not according to the preset mailbox;
the information confirmation module is used for determining the login information of the login user if the judgment result of the judgment module is yes;
the warning module is used for sending warning information to a service background corresponding to the honeypot account; wherein, the alarm information comprises the login information.
Wherein, still include:
and the information input module is used for filling the personal information corresponding to the honeypot account and inputting the honeypot account and the corresponding service background into a database.
Wherein the registration module comprises:
and the registration unit is used for respectively registering the low-security honeypot account and the high-security honeypot account in the detected website by using a preset mailbox.
Wherein, the judging module comprises:
and sending the account list containing all honeypot accounts to a mailbox management server so that the mailbox management server detects whether the honeypot accounts are in a login state.
The present application further provides a computer-readable storage medium having stored thereon a computer program which, when being executed by a processor, carries out the steps of the leak monitoring method as described above.
The application also provides a website information leakage monitoring terminal which comprises a memory and a processor, wherein a computer program is stored in the memory, and the steps of the leakage monitoring method are realized when the processor calls the computer program in the memory.
The application provides a website information leakage monitoring method, which comprises the following steps: registering a honeypot account in the detected website by using a preset mailbox; judging whether the honeypot account is in a login state or not according to the preset mailbox; if so, determining login information of the login user; sending alarm information to a service background corresponding to the honeypot account; wherein, the alarm information comprises the login information.
According to the method and the device, the information leakage condition can be quickly found according to the login state of the honeypot account registered by the detected website. Meanwhile, the detected website is not invasive, the detected website does not need to be changed, and the website information leakage can be monitored while the normal operation of the website is not influenced. The application also provides a website information leakage monitoring system, a computer readable storage medium and a website information leakage monitoring terminal, which have the beneficial effects and are not repeated herein.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a method for monitoring leakage of website information according to an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of a leakage monitoring system for website information according to an embodiment of the present disclosure.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a flowchart of a method for monitoring leakage of website information according to an embodiment of the present application, where the method for monitoring leakage includes:
s101: registering a honeypot account in the detected website by using a preset mailbox;
this step aims at establishing the honeypot account. Honeypot accounts are only used for defense or monitoring against lawless persons or hackers. The method comprises the steps of utilizing a preset mailbox to register honeypot accounts, specifically, utilizing the preset mailbox to register low-security honeypot accounts and high-security honeypot accounts on a detected website, filling personal information corresponding to the honeypot accounts, and recording the honeypot accounts and corresponding business backgrounds into a database.
The honeypot account of the monitored website is automatically registered, generally, one website registers two accounts, one uses a low-strength password, namely a low-security honeypot account, and the other uses a high-strength password, namely a high-security honeypot account, namely, the security degree of the honeypot account is determined according to the password strength. The password strength is mainly determined by the type and the number of digits of the password, and generally, the password has various combinations such as two combinations of characters, numbers, letters and the like or any combination. If the low-strength account is broken and the high-strength password account is not broken, the hacker obtains the user information by brute force cracking with high probability; if the high-strength password is also compromised, the description may be dragged to the library, and the database may be a plaintext store. The mailbox address for each account is different for all monitored systems.
The establishing of the honeypot account specifically may include the following steps:
step a): generating a mailbox account;
step b): generating more real user information including full name, address, mobile phone number, birthday and the like so as to enable account information to be more credible;
step c): and recording the honeypot account and the corresponding monitored service system information into a database for later-stage inspection.
S102: judging whether the honeypot account is in a login state or not according to a preset mailbox; if yes, entering S103;
this step is intended to detect the login status of the honeypot account. If the honeypot account is logged in, the information corresponding to the account is revealed, because the user name and the password of each honeypot account are only known by the monitoring system, if others log in the account, the user name and the information of the account are known by others than the monitoring system.
Preferably, the step can be realized by the following steps: and sending the account list containing all honeypot accounts to a mailbox management server so that the mailbox management server detects whether the honeypot accounts are in a login state. In brief, monitoring is carried out by using a mailbox management server corresponding to a mailbox of a registered account
The method specifically comprises the following steps:
step a): providing the honeypot account list to a mailbox provider;
step b): and the mailbox provider detects that the account in the honeypot list is logged in, and automatically sends login information to the monitoring system through the interface.
S103: determining login information of a login user;
the step aims to determine login information of a login user according to the logged honeypot account. After cracking the user information, a hacker is easy to relax and vigilant, and logs in the stolen mailbox without disguising, so that the hacker can easily leave the real information of the hacker and find the corresponding hacker according to the IP.
S104: sending alarm information to a service background corresponding to the honeypot account; wherein, the alarm information comprises login information.
After the login information is determined, the identity and IP of a hacker are clarified, and at the moment, alarm information is sent to a service background of the honeypot account. The service background mainly refers to a background server of the detected website, that is, the website is indicated to be considered as an attack target by a hacker and information leakage exists. Meanwhile, the alarm information is accompanied by login information, and the background server can realize filtering processing according to the login information once, so that further website information leakage risks are avoided.
According to the method and the device, the information leakage condition can be quickly found according to the login state of the honeypot account registered by the detected website. Meanwhile, the detected website is not invasive, the detected website does not need to be changed, and the website information leakage can be monitored while the normal operation of the website is not influenced.
In the following, a leakage monitoring system for website information provided by an embodiment of the present application is introduced, and the leakage monitoring system described below and the leakage monitoring method described above may be referred to correspondingly.
Referring to fig. 2, fig. 2 is a schematic structural diagram of a website information leakage monitoring system according to an embodiment of the present application, and the present application further provides a website information leakage monitoring system, including:
the registration module 100 is used for registering a honeypot account in the detected website by using a preset mailbox;
the judging module 200 is used for judging whether the honeypot account is in a login state according to a preset mailbox;
the information confirmation module 300 is configured to determine login information of the login user if the judgment result of the judgment module is yes;
the warning module 400 is configured to send warning information to a service background corresponding to the honeypot account; wherein, the alarm information comprises login information.
Based on the above embodiment, as a preferred embodiment, the leakage monitoring system may further include:
and the information input module is used for filling the personal information corresponding to the honeypot account and inputting the honeypot account and the corresponding service background into the database.
Based on the above embodiment, as a preferred embodiment, the registration module 100 may include:
and the registration unit is used for respectively registering the low-security honeypot account and the high-security honeypot account in the detected website by using a preset mailbox.
Based on the above embodiment, as a preferred embodiment, the determining module 200 may include:
and sending the account list containing all honeypot accounts to a mailbox management server so that the mailbox management server detects whether the honeypot accounts are in a login state.
The present application further provides a computer-readable storage medium, on which a computer program is stored, where the computer program can implement the steps of the method for monitoring website information leakage provided by the foregoing embodiments when executed. The storage medium may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The application further provides a website information leakage monitoring terminal, which may include a memory and a processor, where the memory stores a computer program, and when the processor calls the computer program in the memory, the steps of the website information leakage monitoring method provided in the foregoing embodiment may be implemented. Certainly, the leakage monitoring terminal of the website information may further include various network interfaces, power supplies and other components.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the system provided by the embodiment, the description is relatively simple because the system corresponds to the method provided by the embodiment, and the relevant points can be referred to the method part for description.
The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (6)
1. A method for monitoring leakage of website information is characterized by comprising the following steps:
registering a honeypot account in the detected website by using a preset mailbox;
judging whether the honeypot account is in a login state or not according to the preset mailbox;
if so, determining login information of the login user;
sending alarm information to a service background corresponding to the honeypot account; wherein, the alarm information comprises the login information;
the registration of the honeypot account number on the detected website by using the preset mailbox comprises the following steps:
respectively registering a low-security honeypot account and a high-security honeypot account on a detected website by using a preset mailbox;
wherein, judging whether the honeypot account is in a login state according to the preset mailbox comprises:
and sending the account list containing all honeypot accounts to a mailbox management server so that the mailbox management server detects whether the honeypot accounts are in a login state.
2. The leakage monitoring method according to claim 1, wherein the registering the honeypot account at the detected website by using the preset mailbox further comprises:
and filling in personal information corresponding to the honeypot account, and recording the honeypot account and the corresponding service background into a database.
3. A system for monitoring leakage of website information, comprising:
the registration module is used for registering the honeypot account number in the detected website by using a preset mailbox;
the judging module is used for judging whether the honeypot account is in a login state or not according to the preset mailbox;
the information confirmation module is used for determining the login information of the login user if the judgment result of the judgment module is yes;
the warning module is used for sending warning information to a service background corresponding to the honeypot account; wherein, the alarm information comprises the login information;
wherein the registration module comprises:
the registration unit is used for respectively registering the low-security honeypot account and the high-security honeypot account on the detected website by using a preset mailbox;
the judging module comprises:
and sending the account list containing all honeypot accounts to a mailbox management server so that the mailbox management server detects whether the honeypot accounts are in a login state.
4. The leak monitoring system of claim 3, further comprising:
and the information input module is used for filling the personal information corresponding to the honeypot account and inputting the honeypot account and the corresponding service background into a database.
5. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the leak monitoring method according to any one of claims 1-2.
6. A website information leakage monitoring terminal, comprising a memory and a processor, wherein the memory stores a computer program, and the processor implements the steps of the leakage monitoring method according to any one of claims 1-2 when calling the computer program in the memory.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910802872.2A CN110502896B (en) | 2019-08-28 | 2019-08-28 | Leakage monitoring method and system for website information and related device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910802872.2A CN110502896B (en) | 2019-08-28 | 2019-08-28 | Leakage monitoring method and system for website information and related device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110502896A CN110502896A (en) | 2019-11-26 |
| CN110502896B true CN110502896B (en) | 2021-07-27 |
Family
ID=68589930
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910802872.2A Active CN110502896B (en) | 2019-08-28 | 2019-08-28 | Leakage monitoring method and system for website information and related device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110502896B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111143844B (en) * | 2019-12-25 | 2022-01-28 | 杭州安恒信息安全技术有限公司 | Safety detection method and system for Internet of things equipment and related device |
| CN113434871B (en) * | 2021-07-15 | 2023-03-14 | 支付宝(杭州)信息技术有限公司 | Information leakage detection method, device and equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102098285A (en) * | 2010-12-14 | 2011-06-15 | 成都市华为赛门铁克科技有限公司 | Method and device for preventing phishing attacks |
| CN103746956A (en) * | 2012-09-28 | 2014-04-23 | 瞻博网络公司 | Virtual honeypot |
| CN104980423A (en) * | 2014-11-26 | 2015-10-14 | 哈尔滨安天科技股份有限公司 | Advanced persistent threat trapping system and method |
| CN105376210A (en) * | 2014-12-08 | 2016-03-02 | 哈尔滨安天科技股份有限公司 | Account threat identification and defense method and system |
| CN107465642A (en) * | 2016-06-02 | 2017-12-12 | 百度在线网络技术(北京)有限公司 | A kind of method and device for judging account abnormal login |
| CN109067780A (en) * | 2018-09-17 | 2018-12-21 | 平安科技(深圳)有限公司 | Detection method, device, computer equipment and the storage medium of crawler user |
| CN109474510A (en) * | 2017-12-25 | 2019-03-15 | 北京安天网络安全技术有限公司 | A kind of E mail safety intersects auditing method, system and storage medium |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9379912B2 (en) * | 2010-12-08 | 2016-06-28 | At&T Intellectual Property I, L.P. | Mitigating email SPAM attacks |
| IL232528A0 (en) * | 2014-05-08 | 2014-08-31 | Rami Puzis | Social network honeypot |
| US10476908B2 (en) * | 2015-08-10 | 2019-11-12 | Allure Security Technology Inc. | Generating highly realistic decoy email and documents |
-
2019
- 2019-08-28 CN CN201910802872.2A patent/CN110502896B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102098285A (en) * | 2010-12-14 | 2011-06-15 | 成都市华为赛门铁克科技有限公司 | Method and device for preventing phishing attacks |
| CN103746956A (en) * | 2012-09-28 | 2014-04-23 | 瞻博网络公司 | Virtual honeypot |
| CN104980423A (en) * | 2014-11-26 | 2015-10-14 | 哈尔滨安天科技股份有限公司 | Advanced persistent threat trapping system and method |
| CN105376210A (en) * | 2014-12-08 | 2016-03-02 | 哈尔滨安天科技股份有限公司 | Account threat identification and defense method and system |
| CN107465642A (en) * | 2016-06-02 | 2017-12-12 | 百度在线网络技术(北京)有限公司 | A kind of method and device for judging account abnormal login |
| CN109474510A (en) * | 2017-12-25 | 2019-03-15 | 北京安天网络安全技术有限公司 | A kind of E mail safety intersects auditing method, system and storage medium |
| CN109067780A (en) * | 2018-09-17 | 2018-12-21 | 平安科技(深圳)有限公司 | Detection method, device, computer equipment and the storage medium of crawler user |
Non-Patent Citations (1)
| Title |
|---|
| 《基于蜜罐的主动防御应用研究》;杨德全等;《网络与信息安全学报》;20180131;第4卷(第1期);第57-63页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110502896A (en) | 2019-11-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10848505B2 (en) | Cyberattack behavior detection method and apparatus | |
| US9137257B2 (en) | Anti-phishing filter | |
| CN105939326B (en) | Method and device for processing message | |
| CN104917716B (en) | Page security management method and device | |
| CN105577608B (en) | Network attack behavior detection method and device | |
| CN109660556B (en) | User login method, device, equipment and storage medium based on information security | |
| US20070056022A1 (en) | Two-factor authentication employing a user's IP address | |
| CN107295116B (en) | Domain name resolution method, device and system | |
| KR100745044B1 (en) | Apparatus and method for protecting access of phishing site | |
| WO2019095856A1 (en) | Network identity authentication method and system, and user agent device used thereby | |
| US20170300453A1 (en) | System and method of providing notification of suspicious access attempts | |
| US8601574B2 (en) | Anti-phishing methods based on an aggregate characteristic of computer system logins | |
| CN104468611A (en) | Data security processing method and device based on dual-system switching | |
| KR20090019451A (en) | The method and apparatus for alarming phishing and pharming | |
| CN111726364B (en) | Host intrusion prevention method, system and related device | |
| CN106792704B (en) | Method and device for detecting phishing access point | |
| CN110581827A (en) | Detection method and device for brute force cracking | |
| CN108156270B (en) | Domain name request processing method and device | |
| US11770385B2 (en) | Systems and methods for malicious client detection through property analysis | |
| CN109802915B (en) | Telecommunication fraud detection processing method and device | |
| JP2015225500A (en) | Authentication information theft detection method, authentication information theft detection device, and program | |
| CN110502896B (en) | Leakage monitoring method and system for website information and related device | |
| US20120151578A1 (en) | Detecting a suspicious entity in a communication network | |
| CN106209907B (en) | Method and device for detecting malicious attack | |
| CN111274046A (en) | Service call validity detection method and device, computer equipment and computer storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |