CN102129528A - WEB page tampering identification method and system - Google Patents
WEB page tampering identification method and system Download PDFInfo
- Publication number
- CN102129528A CN102129528A CN2010100342725A CN201010034272A CN102129528A CN 102129528 A CN102129528 A CN 102129528A CN 2010100342725 A CN2010100342725 A CN 2010100342725A CN 201010034272 A CN201010034272 A CN 201010034272A CN 102129528 A CN102129528 A CN 102129528A
- Authority
- CN
- China
- Prior art keywords
- web page
- page
- module
- mode
- web
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a WEB page tampering identification method and a WEB page tampering identification system, which aim to identify the tempering of a WEB page. The system comprises a web page acquisition module, a mode extraction module, a base line database and a tempering identification module, wherein the web page acquisition module is used for acquiring a WEB page; the mode extraction module is connected with the web page acquisition module, and is used for performing mode extraction on the WEB page and generating a page mode of the WEB page; the base line database is used for storing WEB page comparison base lines; and the tempering identification module is connected with the mode extraction module and the base line database, and is used for performing tempering identification on the page mode of a target WEB page as an identification target according to the WEB page comparison base lines to obtain an identification result. Compared with the prior art, the technical scheme provided by the invention performs WEB page tempering detection outside a web page server so as to improve the detection efficiency and realize the tempering identification of the WEB page.
Description
Technical field
The present invention relates to network safety filed, relate in particular to recognition methods of a kind of WEB webpage tamper and system.
Background technology
Along with the continuous development of internet, applications technology, people's life has been goed deep in the website, is bringing into play more and more important effect.
External website is exposed on the Internet by public access because of needs, becomes hacker's target of attack easily.Though safety precaution means such as existing at present fire wall, intrusion detections, the complicacy of modern operating system and diversity cause system vulnerability to emerge in an endless stream, and be hard to guard against.The incident that the hacker attacks and the WEB page are distorted happens occasionally.
The WEB pattern of distorting mainly contains two kinds of principal modes at present: the WEB page is distorted (being replaced by new file fully) fully and the WEB page is partly distorted (WEB page most contents is not modified, and wherein part picture, word content or hyperlink are modified).
Attack for above two types webpage tamper, find that through statistics first kind of situation accounts for the overwhelming majority, and the latter is less relatively.And from keeper's angle, distorting of worrying most is first kind, because this influence surface maximum of distorting.
Present general WEB webpage tamper-resistance techniques scheme, the reliable WEB server of more employing core is embedded, and it is distorted testing process and runs on WEB server inside, with WEB server seamless combination.When the WEB webpage is normally issued, for it calculates unique encrypted watermark.When each webpage is viewed, all webpage is carried out the watermark comparison, guarantee the authenticity of each webpage in real time.This technical scheme produces a watermark to each web page files and is kept on the server, and when each public browsed this webpage, whether server just carried out watermark detection, distorted to judge webpage.
But, the analysis found that this WEB page tamper-resistance techniques scheme of present more employing has following deficiency:
(1) will preserve the watermark of all webpages on the server, and each public browses and will carry out watermark detection, the operation of server is brought bigger burden.
(2) if the hacker together distorts webpage and watermark thereof, then can not detect effectively.
(3) present technical scheme is also fairly simple, and disposes the webpage tamper resistant systems or product needed changes existing Single-Server pattern, increases extra server, and the framework of change server.
Summary of the invention
Technical matters to be solved by this invention, being to provide recognition methods of a kind of WEB webpage tamper and system, to realize the identification of distorting to the WEB page.
In order to solve the problems of the technologies described above, the invention provides a kind of WEB webpage tamper recognition system, comprising:
The webpage acquisition module is used to obtain the WEB page;
The pattern extraction module links to each other with described webpage acquisition module, is used for that the described WEB page is carried out pattern and extracts, and generates the page-mode of the described WEB page;
Baseline database is used to preserve WEB page comparison base;
Distort identification module, link to each other, be used for the page-mode as the target WEB page of recognition objective being distorted identification, obtain recognition result according to described WEB page comparison base with described pattern extraction module and baseline database.
Preferably, this system further comprises:
Baseline is set up module, links to each other with described pattern extraction module and baseline database, is used for generating described WEB page comparison base and being saved in described baseline database according to the page-mode without the WEB page of distorting.
Preferably, described webpage acquisition module comprises:
The address receives submodule, is used to receive the page address of the described WEB page;
The page request submodule receives submodule with described address and links to each other, and is used for sending page request according to described page address to the WEB server, to obtain the described WEB page;
The response analysis submodule is used for extracting described WEB webpage from the page response that described WEB server returns.
Preferably, described pattern extraction module comprises:
Analyzing sub-module links to each other with described webpage acquisition module, is used for extracting document object model tree from the described WEB page;
Deciduous tree generates submodule, links to each other with described analyzing sub-module, is used for that described document object model tree is deleted leaf and handles, and generates the DOM Document Object Model deciduous tree;
The serializing submodule generates submodule with described deciduous tree and links to each other, and is used for described DOM Document Object Model deciduous tree is carried out serializing, generates the deciduous tree sequence node;
The pattern output sub-module links to each other with described serializing submodule, is used for described deciduous tree sequence node is exported as the page-mode of the described WEB page.
In order to solve the problems of the technologies described above, the present invention also provides the recognition methods of a kind of WEB webpage tamper, comprising:
Obtain the WEB page;
The described WEB page is carried out pattern extract, generate the page-mode of the described WEB page;
According to the WEB page comparison base that prestores the page-mode as the target WEB page of recognition objective is distorted identification, obtain recognition result.
Preferably, this method further comprises:
According to page-mode, generate described WEB page comparison base and preservation without the WEB page of distorting.
Preferably, obtain the step of the described WEB page, comprising:
Receive the page address of the described WEB page;
According to described page address, send page request to the WEB server, to obtain this WEB page;
From the page response that described WEB server returns, extract described WEB webpage.
Preferably, the page address of the described WEB page comprises the IP address or the domain name of the described WEB page.
Preferably, the described WEB page is carried out pattern extracts, generate the step of described page-mode, comprising:
From the described WEB page, extract document object model tree;
Described document object model tree is deleted leaf handle, generate the DOM Document Object Model deciduous tree;
Described DOM Document Object Model deciduous tree is carried out serializing, generate the deciduous tree sequence node;
With the page-mode of described deciduous tree sequence node as the described WEB page.
Compared with prior art, technical solution of the present invention is carried out the WEB webpage tamper and is detected in the outside of web page server, overcome the technological deficiency of prior art by server oneself generation and the watermark of the checking page, reduced load of server, improved detection efficiency, and can not produce any influence to page server, realized the identification of distorting of the WEB page.And technology Network Based, technical solution of the present invention have realized the remote detection that the WEB page is distorted, and any software need be installed on client web site, also can not send harmful detection packet to client web site.
Other features and advantages of the present invention will be set forth in the following description, and, partly from instructions, become apparent, perhaps understand by implementing the present invention.Purpose of the present invention and other advantages can realize and obtain by specifically noted structure in instructions, claims and accompanying drawing.
Description of drawings
Accompanying drawing is used to provide further understanding of the present invention, and constitutes the part of instructions, is used from explanation the present invention with embodiments of the invention one, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the structural representation of WEB webpage tamper recognition system embodiment of the present invention;
Fig. 2 is the composition synoptic diagram of middle webpage acquisition module embodiment illustrated in fig. 1;
Fig. 3 is the composition synoptic diagram of middle pattern extraction module embodiment illustrated in fig. 1;
Fig. 4 is the schematic flow sheet of WEB webpage tamper recognition methods embodiment of the present invention;
Fig. 5 is the schematic flow sheet of step S410 among the method embodiment shown in Figure 4;
Fig. 6 is the schematic flow sheet of step S420 among the method embodiment shown in Figure 4;
Fig. 7 is a kind of dom tree synoptic diagram;
Fig. 8 is the DOM deciduous tree synoptic diagram corresponding to dom tree shown in Figure 7.
Embodiment
Describe embodiments of the present invention in detail below with reference to drawings and Examples, how the application technology means solve technical matters to the present invention whereby, and the implementation procedure of reaching technique effect can fully understand and implements according to this.
Need to prove that if do not conflict, each feature among the embodiment of the invention and the embodiment can mutually combine, all within protection scope of the present invention.In addition, can in computer system, carry out in the step shown in the process flow diagram of accompanying drawing such as a set of computer-executable instructions, and, though there is shown logical order in flow process, but in some cases, can carry out step shown or that describe with the order that is different from herein.
Fig. 1 is the structural representation of WEB webpage tamper recognition system embodiment of the present invention.As shown in Figure 1, this system embodiment comprises that mainly webpage acquisition module 110, pattern extraction module 120, baseline set up module 130, baseline database 140 and distort identification module 150, wherein:
Pattern extraction module 120 links to each other with this webpage acquisition module 110, is used for that the WEB page that this webpage acquisition module 110 obtains is carried out pattern and extracts, and generates the page-mode of this WEB page;
Baseline is set up module 130, links to each other with this pattern extraction module 120, without the WEB page of distorting, is used for the normal page-mode without the WEB page of distorting according to 120 generations of this pattern extraction module for normal, generates WEB page comparison base;
Distort identification module 150, link to each other with this pattern extraction module 120 and baseline database 140, be used in when identification of distorting of carrying out the WEB page, the WEB page comparison base of preserving according to baseline database 140 is distorted identification to the page-mode as the target WEB page of recognition objective, obtains recognition result.
Wherein, this system embodiment needs elder generation according to setting up this baseline database 140 without the WEB page of distorting normally when also distorting identification, in the time of just being used to distort identification then the target WEB page is distorted identification.Also promptly should after finishing, these baseline database 140 foundation just can carry out the identification of distorting of the follow-up target WEB page.Certainly, if this baseline database 140 stores WEB page comparison base in advance, then can directly distort identification, and not need to regenerate again WEB page comparison base the target WEB page.
Above-mentioned normal without the WEB page of distorting, can be before the WEB server be externally issued the WEB page, in the mode of WEB client,, obtain from the WEB server by uniform resource locator (URL) based on safety (as encrypting etc.) transmission technology.So, the active that can also distinguish WEB page publisher is revised and the tampering of the outer bound pair WEB page.
The above-mentioned identification module 150 of distorting is when distorting identification, have the WEB page comparison base identical if in baseline database 140, retrieve with the page-mode of the target WEB page, then think this target WEB page without distorting, otherwise think that this target WEB page is distorted.
Fig. 2 is the composition synoptic diagram of middle webpage acquisition module 110 embodiment illustrated in fig. 1.As shown in Figure 2, this webpage acquisition module 110 comprises that mainly the address receives submodule 210, page request submodule 220, response analysis submodule 230 and webpage output sub-module 240, wherein:
The address receives submodule 210, is used to receive the page address of the outside WEB page of importing, and this page address can be the IP address of the WEB page, also can be the domain name of the WEB page;
Webpage output sub-module 240 links to each other with this response analysis submodule 230 and pattern extraction module 120, is used for the WEB page that response analysis submodule 230 extracts is sent to pattern extraction module 120.
Fig. 3 is the composition synoptic diagram of middle pattern extraction module 120 embodiment illustrated in fig. 1.As shown in Figure 3, this pattern extraction module 120 comprises that mainly analyzing sub-module 310, deciduous tree generate submodule 320, serializing submodule 330 and pattern output sub-module 340, wherein:
Analyzing sub-module 310 links to each other with this webpage acquisition module 110, is used for the WEB page of html format is carried out DOM Document Object Model (DOM) parsing, extracts dom tree from the WEB page of html format; A kind of concrete extracting mode is to use the html parser of increasing income (as HTMLXX) to realize;
Deciduous tree generates submodule 320, links to each other with this analyzing sub-module 310, is used for that dom tree is deleted leaf and handles, and deletes the leaf node in the dom tree that this analyzing sub-module 310 extracts, generation DOM deciduous tree;
Serializing submodule 330 generates submodule 320 with this deciduous tree and links to each other, and is used for this DOM deciduous tree is carried out serializing, and the DOM deciduous tree that this deciduous tree is generated submodule 320 generations changes into the deciduous tree sequence node;
Pattern output sub-module 340 links to each other with this serializing submodule 330, is used for that serializing submodule 330 is transformed the deciduous tree sequence node that obtains and exports as the page-mode of this WEB page.
Fig. 4 is the schematic flow sheet of WEB webpage tamper recognition methods embodiment of the present invention.To system embodiment shown in Figure 3, this method embodiment shown in Figure 4 mainly comprises the steps: in conjunction with Fig. 1
Step S410 obtains the WEB page;
Step S420 carries out pattern to the WEB page that obtains and extracts, and generates the page-mode of this WEB page;
Step S430 without the page-mode of the WEB page of distorting, generates WEB page comparison base and preservation according to normally;
Step S440 according to the WEB page comparison base of preserving, distorts identification to the page-mode as the target WEB page of recognition objective, obtains recognition result.
Wherein, this method embodiment is in when identification of distorting of also not carrying out the WEB page, needs earlier according to preserving WEB page comparison base without the WEB page of distorting normally, and then carries out the identification of distorting to the target WEB page.Certainly, if before distorting identification, just preserve WEB page comparison base in advance, then can directly distort identification, and not need to regenerate again WEB page comparison base the target WEB page.
Above-mentioned distorting in the identifying has the WEB page comparison base identical with the page-mode of the target WEB page if retrieve, and then thinks this target WEB page without distorting, otherwise thinks that this target WEB page is distorted.
Fig. 5 is the schematic flow sheet of step S410 among the method embodiment shown in Figure 4.To system embodiment shown in Figure 3, the flow process of this step S410 mainly comprises the steps: in conjunction with Fig. 1
Step S510, the page address of the WEB page of the outside input of reception; This page address can be the IP address of the WEB page, also can be the domain name of the WEB page;
Step S520 according to this page address that receives, sends page request to the WEB server, and to obtain this WEB page, the form of this request can be identical to the page request form that server sends with browser;
Step S530 receives the page response of returning from the WEB server, and extracts the WEB webpage of html format from this page response; This response message can be the response message of a normal server to browse request.
Fig. 6 is the schematic flow sheet of step S420 among the method embodiment shown in Figure 4.To system embodiment shown in Figure 3, the flow process of this step S420 mainly comprises the steps: in conjunction with Fig. 1
Step S610 carries out DOM to the WEB page of html format and resolves, and extracts dom tree from the WEB page of html format; A kind of concrete extracting mode is to use the html parser of increasing income (as HTMLXX) to realize;
Such as theing contents are as follows of, some page documents:
<HTML>
<head>
<title>DOM?Example</title>
</head>
<body>
<h1>DOM?Example?One</h1>
<p>This?Page?is?a?Example?of?DOM!</p>
</body>
</HTML>
The dom tree that extracts from this page documents as shown in Figure 7;
Step S620 deletes leaf to dom tree and handles, and the leaf node in the dom tree that deletion is extracted generates the DOM deciduous tree;
Such as, the dom tree that generates is carried out preorder traversal, if find that a node is a leaf node, then with its deletion; Dom tree shown in Figure 7, its corresponding DOM deciduous tree is as shown in Figure 8;
Step S630 carries out serializing to this DOM deciduous tree, and this DOM deciduous tree is changed into the deciduous tree sequence node, with the page-mode of this deciduous tree node as this WEB page;
Such as, a kind of method of serializing be, dom tree is carried out preorder traversal, can obtain the sequence node of this tree then; For ease of comparing, in sequence node, each node represents that with a tlv triple (nodename, node type, nodal value) page-mode that obtains like this is exactly a tlv triple sequence; Such as DOM deciduous tree shown in Figure 8, its nodename and value are sky, and the deciduous tree sequence node that obtains after the serializing is: (,<HTML 〉) (and,<head 〉) (,<title 〉) (,<body 〉) (,<h1 〉) (,<p 〉).
Corresponding to DOM deciduous tree shown in Figure 8, the page-mode (tlv triple sequence) that above-mentioned steps S440 recognizes the target WEB page is identical with WEB page comparison base (tlv triple sequence), then think this target WEB page without distorting, otherwise think that this target WEB page is distorted.
Need to prove, can in computer system, carry out in the step shown in the process flow diagram of accompanying drawing such as a set of computer-executable instructions, and, though there is shown logical order in flow process, but in some cases, can carry out step shown or that describe with the order that is different from herein.In addition, those skilled in the art should be understood that, above-mentioned each module of the present invention or each step can realize with the general calculation device, they can concentrate on the single calculation element, perhaps be distributed on the network that a plurality of calculation element forms, alternatively, they can be realized with the executable program code of calculation element, thereby, they can be stored in the memory storage and carry out by calculation element, perhaps they are made into each integrated circuit modules respectively, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize.Like this, the present invention is not restricted to any specific hardware and software combination.
Though the disclosed embodiment of the present invention as above, the embodiment that described content just adopts for the ease of understanding the present invention is not in order to limit the present invention.Technician in any the technical field of the invention; under the prerequisite that does not break away from the disclosed spirit and scope of the present invention; can do any modification and variation what implement in form and on the details; but scope of patent protection of the present invention still must be as the criterion with the scope that appending claims was defined.
Claims (9)
1. a WEB webpage tamper recognition system is characterized in that, comprising:
The webpage acquisition module is used to obtain the WEB page;
The pattern extraction module links to each other with described webpage acquisition module, is used for that the described WEB page is carried out pattern and extracts, and generates the page-mode of the described WEB page;
Baseline database is used to preserve WEB page comparison base;
Distort identification module, link to each other, be used for the page-mode as the target WEB page of recognition objective being distorted identification, obtain recognition result according to described WEB page comparison base with described pattern extraction module and baseline database.
2. the system as claimed in claim 1 is characterized in that, this system further comprises:
Baseline is set up module, links to each other with described pattern extraction module and baseline database, is used for generating described WEB page comparison base and being saved in described baseline database according to the page-mode without the WEB page of distorting.
3. system as claimed in claim 1 or 2 is characterized in that, described webpage acquisition module comprises:
The address receives submodule, is used to receive the page address of the described WEB page;
The page request submodule receives submodule with described address and links to each other, and is used for sending page request according to described page address to the WEB server, to obtain the described WEB page;
The response analysis submodule is used for extracting described WEB webpage from the page response that described WEB server returns.
4. system as claimed in claim 1 or 2 is characterized in that, described pattern extraction module comprises:
Analyzing sub-module links to each other with described webpage acquisition module, is used for extracting document object model tree from the described WEB page;
Deciduous tree generates submodule, links to each other with described analyzing sub-module, is used for that described document object model tree is deleted leaf and handles, and generates the DOM Document Object Model deciduous tree;
The serializing submodule generates submodule with described deciduous tree and links to each other, and is used for described DOM Document Object Model deciduous tree is carried out serializing, generates the deciduous tree sequence node;
The pattern output sub-module links to each other with described serializing submodule, is used for described deciduous tree sequence node is exported as the page-mode of the described WEB page.
5. WEB webpage tamper recognition methods is characterized in that, comprising:
Obtain the WEB page;
The described WEB page is carried out pattern extract, generate the page-mode of the described WEB page;
According to the WEB page comparison base that prestores the page-mode as the target WEB page of recognition objective is distorted identification, obtain recognition result.
6. method as claimed in claim 5 is characterized in that, this method further comprises:
According to page-mode, generate described WEB page comparison base and preservation without the WEB page of distorting.
7. as claim 5 or 6 described methods, it is characterized in that, obtain the step of the described WEB page, comprising:
Receive the page address of the described WEB page;
According to described page address, send page request to the WEB server, to obtain this WEB page;
From the page response that described WEB server returns, extract described WEB webpage.
8. method as claimed in claim 7 is characterized in that:
The page address of the described WEB page comprises the IP address or the domain name of the described WEB page.
9. as claim 5 or 6 described methods, it is characterized in that, the described WEB page carried out pattern extract, generate the step of described page-mode, comprising:
From the described WEB page, extract document object model tree;
Described document object model tree is deleted leaf handle, generate the DOM Document Object Model deciduous tree;
Described DOM Document Object Model deciduous tree is carried out serializing, generate the deciduous tree sequence node;
With the page-mode of described deciduous tree sequence node as the described WEB page.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010100342725A CN102129528B (en) | 2010-01-19 | 2010-01-19 | WEB page tampering identification method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010100342725A CN102129528B (en) | 2010-01-19 | 2010-01-19 | WEB page tampering identification method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102129528A true CN102129528A (en) | 2011-07-20 |
| CN102129528B CN102129528B (en) | 2013-05-15 |
Family
ID=44267611
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010100342725A Expired - Fee Related CN102129528B (en) | 2010-01-19 | 2010-01-19 | WEB page tampering identification method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102129528B (en) |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102436564A (en) * | 2011-12-30 | 2012-05-02 | 奇智软件(北京)有限公司 | Method and device for identifying falsified webpage |
| CN102446255A (en) * | 2011-12-30 | 2012-05-09 | 奇智软件(北京)有限公司 | Method and device for detecting page tamper |
| CN102521536A (en) * | 2011-12-06 | 2012-06-27 | 杭州安恒信息技术有限公司 | Method and system for detecting inner core object invasion of database |
| CN102624713A (en) * | 2012-02-29 | 2012-08-01 | 深信服网络科技(深圳)有限公司 | Website tampering identification method and website tampering identification device |
| CN102710652A (en) * | 2012-06-12 | 2012-10-03 | 北京星网锐捷网络技术有限公司 | Web application intrusion prevention method and device as well as network equipment and network system |
| CN103577526A (en) * | 2013-08-01 | 2014-02-12 | 星云融创(北京)信息技术有限公司 | Method and system as well as browser for verifying page modification |
| CN103809941A (en) * | 2012-11-07 | 2014-05-21 | 江苏仕德伟网络科技股份有限公司 | Method for judging whether webpage is doorway page or not |
| CN104008131A (en) * | 2014-04-30 | 2014-08-27 | 广州市动景计算机科技有限公司 | Processing method and device for web page data |
| CN104063491A (en) * | 2011-12-30 | 2014-09-24 | 北京奇虎科技有限公司 | Method and device for detecting page distortion |
| WO2016082678A1 (en) * | 2014-11-24 | 2016-06-02 | 阿里巴巴集团控股有限公司 | Method and device for monitoring display hijack |
| CN105678166A (en) * | 2015-12-18 | 2016-06-15 | 北京神州绿盟信息安全科技股份有限公司 | Tamper engine testing method and apparatus |
| CN106960058A (en) * | 2017-04-05 | 2017-07-18 | 金电联行(北京)信息技术有限公司 | A kind of structure of web page alteration detection method and system |
| CN107301355A (en) * | 2017-06-20 | 2017-10-27 | 深信服科技股份有限公司 | A kind of webpage tamper monitoring method and device |
| CN107612908A (en) * | 2017-09-15 | 2018-01-19 | 杭州安恒信息技术有限公司 | webpage tamper monitoring method and device |
| CN108073828A (en) * | 2016-11-16 | 2018-05-25 | 阿里巴巴集团控股有限公司 | A kind of webpage integrity assurance, apparatus and system |
| CN108520185A (en) * | 2018-04-16 | 2018-09-11 | 深信服科技股份有限公司 | Detect method, apparatus, equipment and the computer readable storage medium of webpage tamper |
| CN108650250A (en) * | 2018-04-27 | 2018-10-12 | 北京奇安信科技有限公司 | Illegal page detection method, system, computer system and readable storage medium storing program for executing |
| CN110909320A (en) * | 2019-10-18 | 2020-03-24 | 北京字节跳动网络技术有限公司 | Webpage watermark tamper-proofing method, device, medium and electronic equipment |
| CN111026986A (en) * | 2018-10-10 | 2020-04-17 | 阿里巴巴集团控股有限公司 | Webpage watermark rendering method and device |
| CN111262842A (en) * | 2020-01-10 | 2020-06-09 | 恒安嘉新(北京)科技股份公司 | Webpage tamper-proofing method and device, electronic equipment and storage medium |
| CN112100551A (en) * | 2019-06-18 | 2020-12-18 | 腾讯科技(深圳)有限公司 | Watermark processing method, device, storage medium and computer program product |
| CN114444127A (en) * | 2021-10-28 | 2022-05-06 | 中国南方电网有限责任公司超高压输电公司 | WEB page tampering detection method and system |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101089856A (en) * | 2007-07-20 | 2007-12-19 | 李沫南 | Method for abstracting network data and web reptile system |
| CN101464863A (en) * | 2007-12-21 | 2009-06-24 | 英业达股份有限公司 | Master-slave mode structured system and method for reading database to generate web pages |
| CN101471818B (en) * | 2007-12-24 | 2011-05-04 | 北京启明星辰信息技术股份有限公司 | Detection method and system for malevolence injection script web page |
-
2010
- 2010-01-19 CN CN2010100342725A patent/CN102129528B/en not_active Expired - Fee Related
Cited By (32)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102521536A (en) * | 2011-12-06 | 2012-06-27 | 杭州安恒信息技术有限公司 | Method and system for detecting inner core object invasion of database |
| CN102521536B (en) * | 2011-12-06 | 2014-08-27 | 杭州安恒信息技术有限公司 | Method and system for detecting inner core object invasion of database |
| CN102446255A (en) * | 2011-12-30 | 2012-05-09 | 奇智软件(北京)有限公司 | Method and device for detecting page tamper |
| CN104063491B (en) * | 2011-12-30 | 2018-07-24 | 北京奇虎科技有限公司 | A kind of method and device that the detection page is distorted |
| CN102446255B (en) * | 2011-12-30 | 2014-06-25 | 奇智软件(北京)有限公司 | Method and device for detecting page tamper |
| CN102436564A (en) * | 2011-12-30 | 2012-05-02 | 奇智软件(北京)有限公司 | Method and device for identifying falsified webpage |
| CN104063491A (en) * | 2011-12-30 | 2014-09-24 | 北京奇虎科技有限公司 | Method and device for detecting page distortion |
| CN102624713B (en) * | 2012-02-29 | 2016-01-06 | 深信服网络科技(深圳)有限公司 | The method of website tamper Detection and device |
| CN102624713A (en) * | 2012-02-29 | 2012-08-01 | 深信服网络科技(深圳)有限公司 | Website tampering identification method and website tampering identification device |
| CN102710652A (en) * | 2012-06-12 | 2012-10-03 | 北京星网锐捷网络技术有限公司 | Web application intrusion prevention method and device as well as network equipment and network system |
| CN103809941A (en) * | 2012-11-07 | 2014-05-21 | 江苏仕德伟网络科技股份有限公司 | Method for judging whether webpage is doorway page or not |
| CN103577526A (en) * | 2013-08-01 | 2014-02-12 | 星云融创(北京)信息技术有限公司 | Method and system as well as browser for verifying page modification |
| CN103577526B (en) * | 2013-08-01 | 2017-06-06 | 星云融创(北京)科技有限公司 | It is a kind of to verify method, system and browser that whether the page is changed |
| CN104008131A (en) * | 2014-04-30 | 2014-08-27 | 广州市动景计算机科技有限公司 | Processing method and device for web page data |
| WO2016082678A1 (en) * | 2014-11-24 | 2016-06-02 | 阿里巴巴集团控股有限公司 | Method and device for monitoring display hijack |
| CN105678166A (en) * | 2015-12-18 | 2016-06-15 | 北京神州绿盟信息安全科技股份有限公司 | Tamper engine testing method and apparatus |
| CN105678166B (en) * | 2015-12-18 | 2018-05-25 | 北京神州绿盟信息安全科技股份有限公司 | One kind distorts engine test method and device |
| CN108073828A (en) * | 2016-11-16 | 2018-05-25 | 阿里巴巴集团控股有限公司 | A kind of webpage integrity assurance, apparatus and system |
| CN106960058A (en) * | 2017-04-05 | 2017-07-18 | 金电联行(北京)信息技术有限公司 | A kind of structure of web page alteration detection method and system |
| CN106960058B (en) * | 2017-04-05 | 2021-01-12 | 金电联行(北京)信息技术有限公司 | Webpage structure change detection method and system |
| CN107301355A (en) * | 2017-06-20 | 2017-10-27 | 深信服科技股份有限公司 | A kind of webpage tamper monitoring method and device |
| CN107301355B (en) * | 2017-06-20 | 2021-07-02 | 深信服科技股份有限公司 | Webpage tampering monitoring method and device |
| CN107612908B (en) * | 2017-09-15 | 2020-06-05 | 杭州安恒信息技术股份有限公司 | Webpage tampering monitoring method and device |
| CN107612908A (en) * | 2017-09-15 | 2018-01-19 | 杭州安恒信息技术有限公司 | webpage tamper monitoring method and device |
| CN108520185A (en) * | 2018-04-16 | 2018-09-11 | 深信服科技股份有限公司 | Detect method, apparatus, equipment and the computer readable storage medium of webpage tamper |
| CN108650250A (en) * | 2018-04-27 | 2018-10-12 | 北京奇安信科技有限公司 | Illegal page detection method, system, computer system and readable storage medium storing program for executing |
| CN111026986A (en) * | 2018-10-10 | 2020-04-17 | 阿里巴巴集团控股有限公司 | Webpage watermark rendering method and device |
| CN112100551A (en) * | 2019-06-18 | 2020-12-18 | 腾讯科技(深圳)有限公司 | Watermark processing method, device, storage medium and computer program product |
| CN112100551B (en) * | 2019-06-18 | 2023-09-22 | 腾讯科技(深圳)有限公司 | Watermark processing method, watermark processing device, storage medium and computer program product |
| CN110909320A (en) * | 2019-10-18 | 2020-03-24 | 北京字节跳动网络技术有限公司 | Webpage watermark tamper-proofing method, device, medium and electronic equipment |
| CN111262842A (en) * | 2020-01-10 | 2020-06-09 | 恒安嘉新(北京)科技股份公司 | Webpage tamper-proofing method and device, electronic equipment and storage medium |
| CN114444127A (en) * | 2021-10-28 | 2022-05-06 | 中国南方电网有限责任公司超高压输电公司 | WEB page tampering detection method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102129528B (en) | 2013-05-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102129528B (en) | WEB page tampering identification method and system | |
| US9218482B2 (en) | Method and device for detecting phishing web page | |
| CN103810425B (en) | The detection method of malice network address and device | |
| CN104125209B (en) | Malice website prompt method and router | |
| CN101471818B (en) | Detection method and system for malevolence injection script web page | |
| CN101895516B (en) | Method and device for positioning cross-site scripting attack source | |
| CN103001817B (en) | A kind of method and apparatus of real-time detection of webpage cross-domain request | |
| CN101388768B (en) | Method and device for detecting malicious HTTP request | |
| CN101964025A (en) | XSS (Cross Site Scripting) detection method and device | |
| CN103810268B (en) | Search result recommendation information loading method, device and system and URL detection method, device and system | |
| WO2015139507A1 (en) | Method and apparatus for detecting security of a downloaded file | |
| WO2013044757A1 (en) | Method, device and system for detecting security of download link | |
| CN107347076B (en) | SSRF vulnerability detection method and device | |
| WO2010108421A1 (en) | Method and apparatus for authenticating a website | |
| CN105635064B (en) | CSRF attack detection method and device | |
| CN103559235A (en) | Online social network malicious webpage detection and identification method | |
| WO2015109928A1 (en) | Method, device and system for loading recommendation information and detecting url | |
| CN102316087A (en) | The detection method that network application is attacked | |
| CN106713318B (en) | WEB site safety protection method and system | |
| CN103716394B (en) | Download the management method and device of file | |
| CN103778113B (en) | Terminal and server and webpage processing method of terminal and server | |
| CN103793508B (en) | A kind of loading recommendation information, the methods, devices and systems of network address detection | |
| CN111143722A (en) | Method, device, equipment and medium for detecting webpage hidden link | |
| CN111770079A (en) | Method and device for detecting vulnerability injection of web framework | |
| CN106357482B (en) | A method of based on network protocol implementing monitoring web page access |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130515 Termination date: 20190119 |