A kind of safety system of network application and method
Technical field
The present invention relates to the IT security fields, relate in particular to a kind of safety system and method for network application.
Background technology
So-called " fishing website " is a kind of network fraud behavior, refer to that the lawless person utilizes various means, the URL of counterfeit true website (is a URL(uniform resource locator), claim web page address again) and content of pages, perhaps utilize the leak on the true Website server program in some webpage of website, to insert dangerous HTML code, lure that the user inputs number of the account, password etc. into, gain the private data in family by cheating with this.
Online game (OnlineGame) claims " game on line " again, be called for short " network game ", finger is transmission medium with the Internet, with recreation carrier server and subscriber computer is processing terminal, with the game client software be the information interaction window be intended to realize amusement, leisure, exchange and obtain the individuality MMOG that just invents with sustainability.
And at present, during user's internet usage vigilance of self and sense of risk generally a little less than, induced by social engineering means such as fishing website, spoofing, not clear mails easily, visit number of the account, user name and the password of some unofficial fishing website input network games, cause the network game account stolen, cause loss economically.
Take precautions against deception and the attack of fishing website to user's network game account in the prior art, the means that reduce the stolen rate of network game account generally have following two kinds:
1, the network game operator is to prevent that the user from entering fishing website mainly is by technology such as education, prompting, the filtration of service end spoofing or non-technological means user's number of the account to be protected.
2, third party's security client, as the online fail-safe software, by built-in blacklist strategy, find then to report to the police with the website of blacklist coupling in supervisory user browser website.
There are following several point defects in above-mentioned means:
1, user's educational costs height, coverage rate are wide inadequately, can only relate to partly user.
2, message source is too many, can't thoroughly close down, and for example the user might land on the PC terminal receiving a spoofing on the mobile phone terminal fully.
3, third party's security client is owing to can't accurately know the number of the account title that the user plays, so input of the judgement user of hommization more, can only rely on the blacklist of URL to judge, has certain retardance, and the blacklist of this type of URL is generally collected by third party's security client oneself or information etc. is shared by anti-phishing alliance, renewal speed is slow, breaks away from the user and uses in real time.
Summary of the invention
The object of the present invention is to provide a kind of safety system and method for network application, can effectively discern fishing website and point out the user, reduce the stolen probability that causes huge loss of number of the account of user's network application.
For addressing the above problem, the present invention proposes a kind of safety system of network application, comprising: be installed in the subscriber terminal equipment system client and with the system server of described system client interactive communication, wherein,
Described system server is used to store and upgrade the black and white lists storehouse of website, and the blacklist in the described black and white lists storehouse comprises the URL of the fishing website of having examined, and the white list in the described black and white lists storehouse comprises the URL of the security website that has examined;
Described system client comprises:
Monitor module, be used for real-time listening user's input information;
Judge module is used for judging whether described input information includes the number of the account or the user name of described network application; If not, described monitoring module continues the input information of monitoring users; If, described judge module judges whether the process at described input information place is browser, and if not, above-mentioned judgement circulates, if whether the URL that described judge module extracts the URL of current accessed website and judges described current accessed website is in described blacklist or white list;
Reminding module, be used for blocking described current accessed website according to the final judged result of described judge module, or allow the user to continue to visit described current accessed website, or carry out indicating risk and report the URL of described current accessed website for audit to described system server to the user.
Further, when the URL of described current accessed website was in described white list, described reminding module allowed the user to continue to visit described current accessed website;
When the URL of described current accessed website is in described blacklist, described reminding module is blocked described current accessed website and is allowed the user select whether to continue to visit described current accessed website, if the user selects, described reminding module allows the user to continue to visit described current accessed website, if the user selects not, described reminding module is closed described current accessed website;
When the URL of described current accessed website is not in described blacklist and white list, described reminding module allows the user to continue to visit described current accessed website, but the URL that reports described current accessed website to the vigilant fishing website of user prompt and to described system server is for audit, and the URL of the described current accessed website that described system server will have been examined is updated in the described black and white lists storehouse.
Further, when the URL of described current accessed website in described blacklist, when the user selected to continue the described current accessed of visit website, described reminding module continued the number of times of the described current accessed of visit website to described system server report of user.
Further, described system server also is used to store user's effective information, and described user's effective information comprises one or more of registration ID, phone number, mail account and instant communication client account.
Further, described reminding module also is used for using notice by one or more of mobile phone, mail and instant communication client unusually to the account that the user sends network application.
Further, when the URL of described current accessed website in described blacklist, when the user selected to continue the described current accessed of visit website, described reminding module used notice unusually to the account that the user sends described network application.
Further, when the URL of described current accessed website was not in described blacklist and white list, described reminding module used notice unusually to the account that the user sends described network application.
Further, the safety system of described network application comprises that also reception activates the unit, is used for receiving the number of the account or the user name of the account of described network application after the account login of described network application, activates described system client.
Further, described network application is online game, microblogging, blog, forum, personal space, network trading user side or instant communication client.
Accordingly, the present invention also provides a kind of method of using the safety system of above-mentioned network application, may further comprise the steps:
Login described network application and start described system client, the input information of described monitoring module monitoring users;
Described judge module is judged number of the account or the user name that whether includes described network application in the described input information, and if not, described monitoring module continues the input information of monitoring users; If, described judge module judges whether the process at described input information place is browser, and if not, above-mentioned judgement circulates, if whether the URL that described judge module extracts the URL of current accessed website and judges described current accessed website is in described blacklist or white list;
Described reminding module is blocked described current accessed website according to the final judged result of described judge module, or allow the user to continue to visit described current accessed website, or carry out indicating risk and report the URL of described current accessed website for audit to described system server to the user.
Further, when the URL of described current accessed website was in described white list, described reminding module allowed the user to continue to visit described current accessed website;
When the URL of described current accessed website is in described blacklist, described reminding module is blocked described current accessed website and is allowed the user select whether to continue to visit described current accessed website, if the user selects, described reminding module allows the user to continue to visit described current accessed website, if the user selects not, described reminding module is closed described current accessed website;
When the URL of described current accessed website is not in described blacklist and white list, described reminding module allows the user to continue to visit described current accessed website, but the URL that reports described current accessed website to the vigilant fishing website of user prompt and to described system server is for audit, and the URL of the described current accessed website that described system server will have been examined is updated in the blacklist or white list in described black and white lists storehouse.
Compared with prior art, the safety system of network application of the present invention and method, activate the system client of the safety system of described network application by the login of described network application, monitor module real-time listening user input, judge module judges that number of the account that whether described network application is arranged in user's the input or user name are to judge whether the current accessed website is fishing website, send vigilant prompting and report audit to be updated in the described black and white lists storehouse the unknown URL of current accessed website to the user rapidly by reminding module, improve the identification fishing website and stoped the accuracy of visiting, reduce the stolen probability that causes huge loss of number of the account of user's network application greatly, broad covered area, the advice method channel is many, the promptness height.
Description of drawings
Fig. 1 is the structural representation of the safety system of network application of the present invention;
Fig. 2 is the operational flowchart of the safety system of application network application of the present invention.
Embodiment
Be described in further detail below in conjunction with the safety system and the method for the drawings and specific embodiments the network application of the present invention's proposition.
As shown in Figure 1, the present invention proposes a kind of safety system of network application, comprising: be installed in the subscriber terminal equipment system client 1 and with the system server 2 of described system client 1 interactive communication, wherein,
Described system server 2 is used to store and upgrade the black and white lists storehouse 21 of website, and the blacklist in the described black and white lists storehouse 21 comprises the URL of the fishing website of having examined, and the white list in the described black and white lists storehouse comprises the URL of the security website that has examined; Described system client 1 comprises monitors module 11, judge module 12, reminding module 13.
Monitor module 11, be used for real-time listening user's input information;
Judge module 12 is used for judging whether described input information includes the number of the account or the user name of described network application; If not, described monitoring module 11 continues the input information of monitoring users; If, described judge module 12 judges whether the process at described input information place is browser, and if not, above-mentioned judgement circulates, if whether the URL that described judge module 12 extracts the URL of current accessed websites and judges described current accessed website is in described blacklist or white list;
Reminding module 13, be used for blocking described current accessed website according to the final judged result of described judge module 12, allow the user to continue to visit described current accessed website, or carry out indicating risk and report the URL of described current accessed website for audit to described system server 2 to the user
When the URL of described current accessed website was in described white list, described reminding module allowed the user to continue to visit described current accessed website;
When the URL of described current accessed website is in described blacklist, described reminding module is blocked described current accessed website and is allowed the user select whether to continue to visit described current accessed website, if the user selects, described reminding module allows the user to continue to visit described current accessed website, if the user selects not, described reminding module is closed described current accessed website;
When the URL of described current accessed website is not in described blacklist and white list, described reminding module allows the user to continue to visit described current accessed website, but the URL that reports described current accessed website to the vigilant fishing website of user prompt and to described system server is for audit, and the URL of the described current accessed website that described system server will have been examined is updated in the blacklist or white list in described black and white lists storehouse.
Preferably, when the URL of described current accessed website in described blacklist, when the user selected to continue the described current accessed of visit website, described reminding module can also continue the number of times of the described current accessed of visit website to described system server report of user; Described system server is also stored user's effective information, comprise one or more that register ID, phone number, mail account and instant communication client account, when the URL of described current accessed website in described blacklist, when the user selects to continue the described current accessed of visit website, or when the URL of described current accessed website was not in described blacklist and white list, described reminding module also used notice by one or more of mobile phone, mail and instant communication client to the account that the user sends network application unusually.
Preferably, the safety system of described network application comprises that also reception activates the unit, is used for receiving the number of the account or the user name of the account of described network application after the account login of network application, activates described system client.
Need to prove that whether the URL that the URL that judge module 12 is judged the current accessed website can judge the current accessed website whether in described blacklist or white list the time earlier in blacklist, if not, continues to judge whether in described white list; Whether the URL that also can judge the current accessed website earlier in white list, if not, continues to judge whether in described blacklist.
Accordingly, the present invention also provides a kind of method of using the safety system of above-mentioned network application.
As shown in Figure 3, the method for the safety system of the above-mentioned network application of application provided by the invention may further comprise the steps:
Login described network application and start described system client, the input information of described monitoring module monitoring users;
Described judge module is judged number of the account or the user name that whether includes described network application in the described input information, and if not, described monitoring module continues the input information of monitoring users; If, described judge module judges whether the process at described input information place is browser, and if not, above-mentioned judgement circulates, if whether the URL that described judge module extracts the URL of current accessed website and judges described current accessed website is in described blacklist or white list;
Described reminding module is blocked described current accessed website according to the final judged result of described judge module, allow the user to continue to visit described current accessed website, or carry out indicating risk and report the URL of described current accessed website for audit to described system server to the user.
In the present embodiment, whether the URL that judge module is judged the current accessed website in described blacklist or white list the time, and whether the URL that judges earlier the current accessed website in blacklist, if not, continues to judge whether in described white list.
When the URL of described current accessed website was in described white list, described reminding module allowed the user to continue to visit described current accessed website;
When the URL of described current accessed website is in described blacklist, described reminding module is blocked described current accessed website and is allowed the user select whether to continue to visit described current accessed website, if the user selects, described reminding module allows the user to continue to visit described current accessed website, if the user selects not, described reminding module is closed described current accessed website;
When the URL of described current accessed website is not in described blacklist and white list, described reminding module allows the user to continue to visit described current accessed website, but the URL that reports described current accessed website to the vigilant fishing website of user prompt and to described system server is for audit, and the URL of the described current accessed website that described system server will have been examined is updated in the blacklist or white list in described black and white lists storehouse.
Preferably, when the URL of described current accessed website in described blacklist, when the user selected to continue the described current accessed of visit website, described reminding module can also continue the number of times of the described current accessed of visit website to described system server report of user; Described system server is also stored user's effective information, comprise one or more that register ID, phone number, mail account and instant communication client account, when the URL of described current accessed website in described blacklist, when the user selects to continue the described current accessed of visit website, or when the URL of described current accessed website was not in described blacklist and white list, described reminding module also used notice by one or more of mobile phone, mail and instant communication client to the account that the user sends described network application unusually; The safety system of described network application comprises that also reception activates the unit, and after the logging in network application, described reception activates number of the account or the user name that the unit receives the account of described network application, activates described system client.
Described network application is online game, microblogging, blog, forum, personal space, network trading user side or instant communication client.
With online game (being called for short " network game ") is example, further elaborates anti-fishing principle.
The user needs to input the number of the account or the user name of network game in game process, and this number of the account or user name have only online game system to get, the present invention activates the system client of the safety system of network application by the network game login, monitor the input information of module real-time listening user keyboard, judge module is by judging in described input information place process and the input information whether network game number of the account or user name are arranged, and the very first time filters out most non-fishing website; Secondly, the user might use the number of the account or the user name of network game fully on the similar legitimate site in the Internet, and as google, Baidu etc., judge module filters by the white list of system server, can be with large quantities of normal websites filter out the reduction False Rate once more; Moreover, when the URL in the current accessed website does not all belong to blacklist and white list, the URL that is the current accessed website is the situation of unknown URL, and the user imports the number of the account or the user name of network game on this website, send vigilant prompting to the user rapidly by reminding module, and report audit to be updated in the described black and white lists storehouse the unknown URL of current accessed website, improve the identification fishing website and stoped the accuracy of visiting, reduced user's the stolen probability that causes huge loss of network game number of the account greatly.
In sum, the safety system of network application of the present invention and method are applicable to various users, and educational costs reduces, broad covered area, and the advice method channel is many, the promptness height.
Obviously, those skilled in the art can carry out various changes and modification to invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.